Current Antivirus Software is Not Enough
by Fernando de la Cuadra - International Technical Editor, Panda Software - Friday, 28 November 2003.
The purpose of antivirus protection on a computer is to prevent the entrance of viruses. There is certainly good reason for using such software, as there are a great number of viruses which are capable of seriously damaging the data held on the infected system. We have recently seen the appearance of other types of malicious code which do not necessarily destroy the system's information, or at least not directly, but which should nevertheless be targeted by antivirus software.

A few years ago, when viruses alone constituted the most important threat faced by computers, a new category of specialist software was developed to combat this threat: antivirus programs. The subsequent proliferation of other threats, such as worms and Trojan horses, led to the incorporation of new features in antivirus software in order to protect systems from these threats. While the name "antivirus software" remained, the protection these programs offered needed to be widened to include other elements which were not viruses in the strict sense of the word. For example, according to the strict definition of a worm this is a piece of code which seeks only to multiply, without damaging the information held on the computers which it uses as a platform (the typical behavior of a virus). In this case, and ignoring for a moment that many worms also alter information, an antivirus program should not concern itself with this sort of code, as the system data would be safe.

In reality, antivirus software does detect and eliminate worms, as these not only propagate themselves but usually also cause damage on the computers which they infect. Detecting worms is vital because they can cause entire email systems to collapse in a matter of minutes, and the damage this causes, while indirect, is very noticeable and, what's more, can be quantified in financial terms.

The same applies to Trojan horses. While they are not damaging in themselves, there is the possibility that a hacker may use them to carry out damaging actions either on the computer on which they have been installed or on others which the attacker is able access via the infected system.

These three types of harmful software have now been joined by others (I'm not just referring to executable code) which can cause problems or losses of various types on a computer system. This is the software known by the collective name of "Malware"; a term formed by combining the words "Malicious" and "Software". This concept encompasses spyware, adware, jokes, spam, etc: anything which causes a system to perform tasks which create inconvenience for the user or which are performed without his or her realizing it. In sum, malware is any software which maliciously violates the privacy of a user or computer system or diminishes productivity for financial gain.

Invasion of privacy is one of the effects of adware and spyware, which obtain information without consent. Spam and some hoaxes involve sending emails to users in order to achieve financial gain, and can have a dramatic effect on productivity.

The appearance of these types of malware has meant that antivirus programs have had to take another leap forward to improve the protection they offer users. While the term "antivirus software" would appear to imply that such software only protects against viruses, its range of functions has once again been widened, just as happened when worms and Trojan horses first appeared.



More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th