Antivirus programs cannot truly protect you and, at worst, may even lure you into a false sense of security.
The 'State of Play' Today (via some history):
- Wayback, computer-viruses were transmitted via floppy – this meant that they moved slowly - from one machine to another.
Once detected, and if the destination machine had an up-to-date anti-virus program on it, further spread could be prevented with a simple virus-scan.
- Then came networks – but these too could be kept reasonably safe too - so long as the 'entry-point' (floppy disk-drive) onto that network was protected (as above).
- Then came the Internet – and, in lots of ways, the Internet is just a big network - the 'EWAN' – the 'Extraordinary-Wide-Area Network'! Now it’s getting kinda tricky to protect yourself - as the entry-point is, well, who knows where it is!
Historically, viruses and anti-virus programs moved around the place slowly - however, if you kept your AV program up-to-date, there was a pretty good chance that your AV program would be made aware of the slowing-moving floppy-virus - well before the disk made it into your drive.
So, given this, let's talk about how anti-virus programs work.
The main thing is that, today, in order to catch a virus, your anti-virus program has to first know that it exists.
It's like the way a Flu jab works – you get inoculated against the strain that is predicted to hit the country: not 'the Flu' per se . However, if a different strain hits us – well, you'll get the Flu! Viruses – real or cyber - have signatures, and you can only be immunised against known-types.
And, with the Internet, it's quite likely that this is what'll happen to you - you'll get a new virus, before an antidote can be prepared or distributed.
Take the way viruses use email programs to move themselves about nowadays- it goes like this:
- Someone gets a virus (somehow)
- It does its thing and then emails a copy of itself to everyone in this person's contacts-list/in-box etc
- When the recipients get the virus, it does the same to them – exponential growth!
So, in no time at all, it spreads (successfully) like wildfire – as, remember, we're pretty much all connected at the speed of light now - and your antivirus hasn’t been informed about this new strain yet!
Anyway, some poor soul ultimately discovers that this thing is a self-replicating virus - and (if they can be bothered – as it's too late for them) they'll notify Norton, Symantec, yada yada yada. In a bit, these anti-virus vendors all confirm that, yes, it is indeed a virus, and they then work out a fix – time ticks by. They then issue this fix on their web-sites. Hopefully, you've got an 'Active Update' kinda thing running at your end, and quite soon you’ll get the fix – however, will it all be too late? You bet ya! The likelihood of this is almost certainly proportional to the value of your data of course!
And now the really bad news. Modern viruses are going to get more and more sophisticated at spreading themselves like this. They're also going to get smarter in other ways – for example, they might detect that you're running an anti-virus program and, before infecting your machine proper (and spread), they'll terminate that program, so you'll not get the fix - ever (if they're really clever).
So, are anti-virus programs really worth having? Well, broadly speaking, I say 'no' - as they're only useful for removing 'old' viruses off your machine really. No, what's needed is better technology - viruses could be caught by the operating-system – and they should be!
In order for a virus to work, it needs to be executed: either directly, or by some other already-executing-process.
Now, the operating-system is the thing that starts processes. So, if the operating-system were a bit more picky about what processes it'll start automagically, well ... these things could be caught.
Imagine, yourself double-clicking on what looks like an Excel file-attachment appearing in your email. The operating-system sees that the file is actually an executable. Next, it checks to see if this executable has been run on your machine before and, if it hasn't, it simply asks you – "Are you sure you want to run this PROGRAM?". You answer 'no way'. Problem solved.
Alternatively, this kind of approach – where the operating-system is rather more proactive - could be extended to anything that has write-access to your hard disk. After all, no write-access = no-damage!
So, perhaps the next version of Windows will incorporate something along these lines (it's not rocket science, and it really wouldn't be hard to put something like this in it). I very much hope that it does: as I could do far less backing up of my damn hard-drive!