It’s a common question from our clients, so I thought I would address it today:
Why if my anti-virus is up-to-date, and I am careful about what websites I go to, could I be infected by a piece of Malware?
To answer this question, we are first going to have to answer two other questions; how does Malware get into a computer, and how do anti-virus programs work.
How does Malware get into a computer?
There are several ways Malware can get into a computer, below are the most common methods being exploited today:
- Email – Delivering Malware directly via email, or delivering a link to click that will take the user to a website that has Malware.
- Drive-by downloads from websites – Malware that is planted on a website and infects a users when the visit the site.
- Removable media such as USB flash drives – Malware that plants itself on removable media, and then copies itself to each PC that the media is plugged in to.
- Remote infection – Malware that exploits a security vulnerability to directly connect to a computer and inject Malware
Over the last 5 years, it’s become increasingly harder to protect yourself online. This is in part because everyone is becoming a lot smarter about protecting theirselves online. Malware authors have to come up with increasingly more elaborate and sneaky ways to infect you.
Back in 2008, it was easy to spot which emails were not to be opened, and you could more easily determine which websites were not safe to go to.
Now, Malware emails are getting better and more compelling, and Malware authors are hacking legitimate and popular websites in order to use them to deliver Malware.
This is what’s making it harder to protect yourself, when you receive an email or go to a website, you just don’t know if what you are opening is infected with Malware.
How does anti-virus work?
Anti-virus packages typically work using a blend of two different techniques to detect Malware:
- Examining files to look for known Malware
- Identifying suspicious behaviour from any computer application which might indicate infection
Between these two techniques, anti-virus programs typically do a good job of detecting and protecting against the majority of Malware threats. In addition to this, most software vendors also release patches for known security vulnerabilities in their software on a regular basis, retroactively plugging holes that were initially used to exploit computers.
Unfortunately, this is still not enough to keep you completely protected.
Malware creators are raising the bar by using previously unknown security holes, and performing attacks in ways that don’t appear suspicious to anti-virus programs.
When the security holes they use are patched, they move onto another security hole they have found, and write another piece of Malware that is, by definition, unknown to anti-virus product.
Putting it all together
When you take these two chunks of informaton and put them together, you can start to see how a completly updated computer with good anti-virus, and a threat concious user, could still be infected with Malware.
- The Malware creator writes a fresh piece of Malware, that no-one has seen before
- The Malware creator finds a hole in a popular computer application (for example Oracle’s Java)
- The Malware creator finds a reasonably popular website that has not been updated for a while, and exploits a security hole in the underlying website platform
- The Malware creator packages their Malware with their security exploit, and puts it on the popular website
Along comes our savvy user who makes sure they keep their computer up-to-date, and only visits websites they know and trust.
- They go to the website they know and trust, but it has been infected
- The Malware attacks their PC using the previously unknown security hole
- The anti-virus has never seen the Malware before, and doesn’t stop it from entering
- The Malware doesn’t do anything to set off alarm bells in the anti-virus program
- The Malware infects the computer
I hope this helps you understand how even the best anti-virus products, and the most savvy users can still fall victim to Malware.
Do you have any questions, comments? Email us on firstname.lastname@example.org.
Interested in receiving these in your inbox as we write them? Simply fill in your email below and click “Sign me up!”