It’s My AV And I’ll Not Update If I Want To…
The results of a recent survey confirms my own worst fears in regard to why we are still seeing machines getting infected with malware that has been detectable for weeks, months and even years! This is despite the fact that most of these machines that get infected have anti-virus software installed and enabled to perform on-access [real-time] scanning of all files that can act as a infection vector.
According to the survey conducted by Harris Interactive on behalf of ESET:
- 88 percent of computer users have anti-virus software on their machines.
- Almost two-thirds (65 percent) of those users are reluctant to upgrade the software after it’s installed.
Why? Well, below are just some of the reasons that consumers gave to explain their reticence for upgrading their antivirus protection:
- 38 percent claimed that the updates were too disruptive.
- 32 percent felt it was something that could wait.
- 27 percent believed the update would take too long.
- 14 percent were unsure how to do it.
This is despite the survey finding that 42 percent of the survey sample admitted their machines had been affected by malware. Even more surprising is that of those who failed to update their protection and subsequently had their system infected, 55 percent of them still felt very confident or confident in the protection offered by the antivirus programs on their computers.
A couple of interesting quotes from this story are included below:
“Overall, the research shows that many consumers have a false sense of security while online,” ESET Chief Research Officer Andrew Lee said in a statement. “With the number of zero-day threats rapidly increasing, users need to be even more cautious and proactive in their own protection.”
Andrew is correct that the window between a vulnerability being found and it being used is almost non-existent now, users do need to ensure that their AV is up to date more often, unless they are using other tools/technologies or methodologies to mitigate the threat.
However, this is only one facet of the problem, the real problem is that most of those getting infected are being infected by malware that is months or years old and known to all anti-virus tools. There is a failure here, both from the vendors who should make their updating features more difficult to turn off, easier to use, and switched on by default, and by the user who believe that they are protected because they have AV installed and that this ‘magically’ protects their PCs from all malware even if they never update it. The following quote from Ron O’Brien supports my own findings.
Ron O’Brien, a senior security analyst with Sophos in Lynnfield, Mass., noted that the survey findings gel with findings in his company’s mid-year report. “All the malware listed in our report is malware that’s been around for a year or two, which means that there are large numbers of users who do not have any antivirus software or outdated software on their PCs,” he told the E-Commerce Times.
Is he right? Yes, of course he is, if you need more proof then take a look at my Monthly Malware reviews [posted on this blog] and see for yourself, it ain’t rocket science folks!
This survey is not the only one that fails to surprise as there has been one that claimed that users were buying new PCs to solve malware problems instead of getting the old [infected PC] dis-infected. Talk about overkill, this is like using a ‘Thermonuclear Warhead to kill a bug‘! Want to know more?[1] 
So, what do you need to do to minimise your computer becoming just another survey statistic?
- Install anti-virus; enable real-time [on-access] scanning.
- Update your anti-virus; if it doesn’t do it for you, manually check for updates each and every day.
- Install a personal firewall; and check all the programs that request internet access.
- Install anti-spyware; some of these have real-time protection, use it!
- Update anti-spyware; same as the AV.
- Practise Safe Hex!
I’m not going to go into the above suggestions in depth as I’ve already covered this in earlier postings and a number of my published papers and magazine articles.
Links:
- http://www.technewsworld.com/rsstory/51850.html
- http://www.sophos.com/pressoffice/news/articles/2006/07/securityreportmid2006.html
- http://www.eset.com/company/article.php?contentID=1553
- Links to FREE AV, Personal Firewalls, Anti-Spyware, etc.
[1] Shameless use of dialogue from the ‘Starship Troopers’ film.
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
After having been on broadband for years, I find myself back on dial up for at least a few months. 56k modems at both ends, but rarely get faster than 45.2k in practice. Like, in fact, most of the on-line world.
And you know what? Updates are too disruptive. They do take too long. In fact now that this article has got me thinking about it, I think I could fairly say that over the last few months, the amount of lost productivity caused by conscientiously doing daily updates is much greater than the lost productivity from malware which I have experienced in my entire life; and that includes not only my own PCs (which have never had an unintentional malware infection) but also those firends I support.
It might be a different story if I used internet banking and got some account details stolen, but I don’t trust internet banking yet (I’ve done some crypto projects with bank programmers; they were total cowboys). It might also be a different story if I (and my friends) didn’t backup critical data.
But if you do do backups, don’t do internet banking, and are on dialup, regular AV updates are a seriously mixed blessing. For quite a lot of people, skipping them until after you get infected may actually be the optimal strategy! Something to think about, anyway.
Comment by Roger — Tuesday 22nd August, 2006 @ 23:51