Do away with antivirus software!

Do away with antivirus software!

Valid argument or indispensable shield? There are effective alternatives for protecting yourself.

  Installing antivirus programs on your PC does not offer protection; on the contrary, they open up superfluous vulnerabilities in the protective shield! This is what Robert O’Callahan argues. As a former developer of the Firefox web browser, he has called upon users to uninstall their AV software. Justin Schuh, a developer of the competitor browser Chrome, concurs: AV programs are not equipped with important and appropriate mechanisms such as sandboxing. Rather, some of them have significant quality problems, particularly with respect to their own security. The high-level system rights that most AV programs are granted enable attackers to exploit these vulnerabilities and cause direct damage on the end devices.


Virus software fails to identify viruses

  To make matters worse, there is a problem that various previous studies have already shown: namely that the mechanisms used to identify viruses are not as effective as they were a few years ago. Back in 2014, Lastline Labs tested the quality of various AV programs. One of the sobering results of the tests: Only 61% of all programs identified new viruses within two weeks of their emergence. At the same time, the updates must be installed much faster, because the duration of virus attacks are becoming shorter all the time. In other words, many attacks last just a few minutes or hours. What’s more, today’s malware is often a polymorphic phenomenon, transforming in manifold ways during an attack. Both create major problems for signature-based scanners.   So what’s to be done? Robert O’Callahan recommends that Windows users trust the already very reliable Defender module that is part of Windows 10. This makes sense, particularly considering that Defender is already an integral part of the operating system. While this doesn’t improve recognition, it at least prevents the opening of new security gaps. Additionally, it cannot be stressed enough that users should keep all programs up-to-date and always install the latest security patches.   Nevertheless, the question remains as to whether protection on local devices is still at all useful or whether protecting computers and networks should take place somewhere entirely different. It obviously makes sense to examine more closely how malicious software finds its way onto a computer in the first place.    

Spam filter + web filter > antivirus protection

  The two main gateways for malware are email and web traffic. Attacks via other routes such as infected external disks or active attacks by hackers, on the other hand, occur much less often. However, file attachments with malicious code or links to hidden downloads are frequently found in emails. Preventing these from ever landing in a recipient’s inbox in the first place is an effective way to protect against unwanted intruders. Cloud solutions in particular offer a protective wall that is located far upstream from one’s own IT infrastructure. In addition to this, by bundling the data traffic of very large numbers of users, undesired data can be noticed quickly – so all users benefit quickly from the results of the analysis. Professional cloud providers also offer additional security mechanisms such as sandboxing or the revising of links found in emails in order to increase the level of protection offered by filter systems. Web filter systems, on the other hand, check whether users are surfing on websites containing malware and block the opening of the destination page if needed, thereby blocking this attack route.   Of course, none of these measures offer 100% protection either, but they do greatly increase the likelihood of stopping data theft, extortion attempts, and imposter schemes.  
Executable file interceptor – the Content Filter

Executable file interceptor – the Content Filter

  A central promise of our Managed Spam Filter Services is to protect our customers from malicious mails. Especially the automatic detection of spam and malicious software has rapidly gained importance in recent months – Locky, Tesla, Petya and co. send their regards! The Content Filter is an additional, customizable protection. Customers can use it to independently control the handling of attachments contained in incoming and outgoing emails. The maximum file size for attachments can thus be set – although the Content Filter’s ability to detect certain types of file extensions is much more important. This allows administrators to define specific file extensions, thus preventing the delivery of an email with the relevant attachment.  

The content filter can be quickly activated and customized in the control panel

Specifically, this means: If an IT manager wants to prevent their email users from receiving attachments with the .exe extension, they need only enable the Content Filter (if not already activated) and enter .exe into the open field. As a special service and for ease of use, we have set up several group extensions to provide improved protection in all the default settings: .executable, .mediafile, .xlsmacro and .docmacro. If, for example, “.executable” is specified, the Content Filter automatically blocks 58 extensions of executable files. This group extension is continuously maintained and kept up to date in order to always ensure the highest possible protection. The extension .mediafile, for example, can be used to filter out files with the extensions .wav, .mp3, .mid. mpg and several others. The two other collective terms are specifically designed to retain macros in Excel and Word files, which often transmit links to blackmailer viruses. The Content Filter can incidentally be configured for the entire domain as well as for specific groups within a domain.   If not already enabled, we thus urgently advise all customers and partners of Hornetsecurity to activate the Content Filter free of charge and add the file extension “.executable” to their list of files to be blocked. They can ramp up their protection another notch by doing so. The screenshot shows how this is done.   Note: This blog post was first published in April 2015 and has now been updated and adapted to the new ransomware threats.