Monday, March 28, 2011

But I have antivirus software!

I get this question all the time. "I have anti-virus software so how did I get infected with a virus"?.

Each anti-virus company has its own list of malware, which they call their "definitions". Every company releases updated definitions regularly, at least once a day but sometimes several times a day.

Each company also has its own rules for identifying a virus that isn't in the definitions list. If a file acts a certain way or loads itself into a certain folder, for example, your anti-virus may alert you that the file could be a virus. It also sends a message to your anti-virus company with the details about the potential new virus (the name, location and behavior). Since many of these alerts are false positives, each company has to investigate each new report before they can update the definitions.

The term Zero-Day Attack refers to new types of threats and malware that are released before your anti-virus is aware of them and has time to add them to the definitions list. Completely new threats get around this because they don't behave or use code which can be detected by existing anti-virus definition files.

There is usually a 24 to 72 hour window of vulnerability when a new type of threat is released. During this time, your anti-virus company must learn of the threat, perform investigation, and then release definition updates to detect the threat.

So what can you do to help protect yourself?

There are certain websites which are more likely to transmit the virus to your computer. Adult (xxx) sites, Gambling sites, illegal software (warez), movie or music sites are the biggest culprits. Try to surf only trusted websites. It is also important to always double check before clicking on an unknown link whether it's on a website, a social media page like Facebook or in your email.