Businesses face a cybersecurity threat landscape that is constantly evolving.
In early December, researchers at anti-virus firm ESET disclosed an exploit kit called Stegano that targeted millions of readers who visited popular news websites and infected machines via malicious banner ads. The malware script is cleverly hidden among coded parameters that govern the transparency of pixels in the ads. ESET said “there are advertising banners with ‘poisoned pixels’ leading to a new exploit kit, intended to enable the bad guys to remotely install malware onto victims’ computers.”
Malware like Mirai, which can infect poorly secured connected devices and then turn them into botnets to carry out distributed denial of service attacks, is wreaking havoc with U.S. commerce. In a world in which threats like that are proliferating, what are businesses to do?
A key line of defense, though certainly not the only one, is to install anti-virus software. BizTech is offering up a primer on anti-virus protections and what you need to know to keep your organization safe:
What Is Virus Protection Software and Why Should My Business Care About It?
Anti-virus software has been around in its modern form since 1987, and, as Lifewire notes, “is designed to detect, prevent, and remove malicious software, aka malware. The classification of malware includes viruses, worms, trojans, and scareware, as well as (depending on the scanner) some forms of potentially unwanted programs (such as adware and spyware).”
By using a database of virus signatures, or patterns that are unique segments of malware code, anti-virus software helps organizations and individuals block and quarantine malware before it can infect files and systems. Over time, anti-virus software has evolved from being purely signature-based to more dynamic and behavioral-based, Lifewire notes.
Which Virus Protection Software Should My Business Buy?
Businesses have many options when purchasing anti-virus solutions, and will benefit most by deploying anti-virus software that meets their needs in terms of protection, scale and cost. Businesses can work with solutions providers like CDW to conduct security assessments that may reveal vulnerabilities that can be patched with anti-virus software and other protections.
As Lifewire notes, a business should ensure that any anti-virus solution it purchases has received certification from the three major certification authorities — Checkmark, ICSALabs, and VB100 — and that it performed well on the tests conducted by AV-Test.org.
There are many options for businesses, including both free and paid anti-virus services. The range of providers includes Avast, AVG, BullGuard, Bitdefender, ESET, F-Secure, G Data, Kaspersky, McAfee, Panda, Sophos, Symantec and Trend Micro. Different sites offer reviews on all of these programs, but which one to pick ultimately comes down to the needs of the business.
Should My Business Uninstall Existing Virus Protection Software?
Businesses need to uninstall existing implementation of anti-virus software before installing a new product. That is often because many anti-virus programs will not install if they detect existing anti-virus software on your machines.
Can My Business Use More Than One Virus Protection Program?
It is not wise to deploy more than one anti-virus scanner on your machine. Doing so can take up valuable computer resources, especially system memory. Additionally, as Microsoft explains, “they might even identify each other as a virus, which could lead to file corruption or other conflicts and errors that make your anti-virus protection less effective — or not effective at all.”
Similarly, Kaspersky warns that “a competing anti-virus program that is monitoring and sending information about your system tends to look like a virus, so it will attempt to block it and remove it.”
What Are the Different Kinds of Computer Viruses?
There are many kinds of viruses that can infect your company’s networks and devices, but all viruses are designed to change the way a device operates without the permission or knowledge of the end user.
According to cybersecurity firm Symantec, all viruses must meet two criteria: they must execute themselves, which often involves placing their own code in the path of execution of another program; and viruses must replicate themselves, often by replacing other executable files with a copy of the virus infected file.
Viruses can infect computers and other devices as well as network servers alike. “Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk,” Symantec notes. “Others are not designed to do any damage, but simply to replicate themselves and make their presence known by presenting text, video, and audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes.”
Some viruses are designed with bugs inside of them, which may lead to system crashes and data loss, Symantec notes.
There are different classifications of viruses, but most experts agree that there are several broad categories:
- Boot sector viruses: These viruses target and infect the boot sector of a hard disk that is run when a device starts up. These viruses attach themselves to that part of the disk and start running when the user attempts to start up from the infected disk.
- File infector viruses: These viruses infect program files, especially .com and .exe files, and can then infect other files when an infected program is run from a hard drive or the network. Many of these viruses are memory resident, according to Symantec, and after memory becomes infected any uninfected executable that runs becomes infected.
- Multipartite viruses: Such viruses infect both boot records and program files, and particularly difficult to repair, Symantec notes. That is because if the boot area is cleaned, but the files are not the boot area will be get infected again, and the same pattern holds true for cleaning infected files.
- Master boot record viruses: These are memory resident viruses that infect disks in the same manner as boot sector viruses, according to Symantec. The key difference is that master boot record viruses typically save a legitimate copy of the master boot record in a different location.
- Macro viruses: These viruses infect data files and are the most common virus type, Symantec says. They also have cost corporations the most money and time trying to repair, the firm says. “All of these viruses use another program's internal programming language, which was created to allow users to automate certain tasks within that program,” according to Symantec. “Because of the ease with which these viruses can be created, there are now thousands of them in circulation.”
- There are other virus types, including network viruses that use local area networks and the internet to spread, typically through shared folders and drives; email viruses that are macro viruses spread through email messages; Trojan horse viruses that are files masquerading as a desirable virus but are, in fact, malicious and cause data loss or theft when downloaded.
Why Are Virus Protection Programs Not Enough?
As Computerworld notes, for many years anti-virus providers were able to update their malware signature databases faster than such malware could spread across the internet.
Yet times have changed, and malware can spread faster than ever before, and before anti-virus providers can even detect it.
Additionally, “virus authors have learned to produce variants, which are versions of their illicit programs that function the same way, but have deliberate changes in their signature to evade anti-virus programs,” Computerworld notes. “Because much of our malware is now distributed in kit form, even a novice can produce a malware variant and get it out on the internet very quickly.”
What Security Measures Can Businesses Deploy Besides Virus Protection Software?
Beyond anti-virus programs, there are multiple tools that businesses can use to ensure their security. Organizations need to take a layered approach to their security to ensure they cover any gaps. These interventions include firewalls, endpoint security, cloud security and more.