Blog: Protection measures available today and shortcomings of Antivirus Software(s)!

What are the other protection measures available?

About a decade ago, antivirus was the only way to keep your system safe. As of today, we have multiple protection layers to prevent worst situations from happening.
Some of them are listed below:
  • User Permissions:
  1. In early days with Windows, all of the softwares ran with the highest possible privileges, this meant that any malicious script from any website was able to completely access as well as destroy all of your data.
  2. Today, default user permissions are mostly restricted and while still far from being perfectly implemented.
  3. These permission concepts changed the malware scene quite a lot Eg: Programs downloaded from internet typically need to be confirmed by you to allow it to run!
  4. But still, the fact remains the same, permission systems are typically complex and therefore often contain leaks too.
  • Sandboxing:
  1. The technology to separate stuff safely is called Sandboxing.
  2. Its mostly safe, considering there are no built-in leaks to exploit in the sandbox code itself.
  3. Today’s modern Web browsers are doing a great job at keeping website scripts far away from the data stored on your computer.
  • Updates:
  1. In the early 2000’s when new major flaws in Windows and its Internet Explorer browser were detected on a monthly base, each of them was followed by a series of worm malware that used the newly detected leaks to fool you with infections.
  2. Still security leaks are being found in software and hardware today, the industry has learned to deal with them much more professionally to limit their potential impact.
  3. Windows and other software updates are now done automatically in the background as a process, and so the unprotected time gap is smaller, leaving less opportunity for attacks.
  4. However, computer and software code is never perfect and not all leaks are reported to the software vendors to help them fix the problems. Some are traded on the black market for humongous amount of money.

Weakness of a Antivirus software!

  • “Privileges” Problem:
  1. Antivirus software needs to run on the operating system with the highest privileges so it can monitor and scan the entire system with all its installed programs, and not just the user data.
  2. Running with highest privileges also means that any bug in the software can be fatal in terms of security, especially when it allows attackers to misuse the antivirus to get into the system.
  3. There is simply no feasible way to build a powerful antivirus without getting access to the stuff it is supposed to protect.
  4. So the statement that antivirus can make the system unsafe is technically correct, but its important to note that the same thing applies to each and every bit of software that you install on your computer with administrator permissions.
  5. This includes every hardware and software driver that you install and every other system near tool that runs in the background.
  • “Incompatibility” Problem:
  1. Advanced protection technologies like behavior blocking require antivirus software to reside between the operating system layer and the user programs layer.
  2. Problem here is that Windows originally was not really designed to allow security software to position themselves in there as nobody back then envisioned antivirus ever becoming more sophisticated than simple fingerprint-style file scanning.
  3. So, developers had to be creative and use undocumented Windows interfaces and so called ‘dirty’ code. It got the job done, but it was far from best and safe coding practice.
  • “SSL/TLS Inspection” Problem:
  1. About half of the internet’s websites are already served via a secure, encrypted communication protocol called TLS (and its better known predecessor SSL).
  2. You can tell an encrypted website by the “https” (note the “s”) at the start of a website address.
  3. While SSL is generally appreciated by everyone, it does pose an interesting problem for some antivirus vendors, as many products rely on deep inspection of website traffic to check for threats. As SSL traffic is encrypted between the browser and the webserver, it’s technically impossible to scan website content unless the antivirus installs a local SSL proxy that simulates the real security certificates of websites.
  4. However, this is a very dangerous way of using the technology, as things can go wrong – worst case scenario, it could deceive a user into believe a website is safely encrypted when in fact it’s not.
  5. But deep traffic inspection is not the only way to protect from dangerous websites, so this problem does not apply to all antivirus products.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.