The Anti-virus Times

Monday, September 9, 2024

Some are of the opinion that antivirus software is not required today in order to work on a computer securely. Supporters of this approach usually cite their personal experience as an example and say that they successfully do without using an antivirus on their devices. Among the arguments they make is that network virusware has almost disappeared as a class and that users need to run malicious code themselves in order to infect their system with a trojan, which, of course, one shouldn’t do. In other words, the main thesis of users convinced that their devices can go without antiviruses is: follow the simplest security rules and everything will be fine. However, talk often goes beyond just commercial antivirus products. Thus, you can hear statements about the inefficiency of Windows Defender and third-party free solutions. In addition, it is still often said that antiviruses greatly slow down devices.

In today's Antivirus Times article, we will figure out what happens when a system is not protected with antiviruses. At the same time, we will try to look at the situation, not from the point of view of the company — the developer of antivirus software, but from the point of view of common sense.

Digital threats today

It would be a dangerous misconception to think that malware programs are less dangerous today than they were 10-15 years ago. Nor should one assume that fewer of them exist in the information space and that the risks of infection have declined. This illusion is largely explained by the change in the type of cyber threats in existence today and the direction they are taking. Many of you remember that when Windows XP was in use, a virus infection often ended with you having to reinstall the OS and the programs you needed. It’s unpleasant, but for many users this was a common occurence. Now that our everyday life and personal data have largely moved "online", the consequences of a device being compromised can be much more dangerous.

Traditional viruses and network worms, which were once a real scourge for removable media and local networks, have been replaced by numerous types of trojans with very different functionality. The latter work covertly; detecting them is more difficult, and their destructive actions are mainly directed against individual users and include stealing sensitive information, credentials and personal data, and encrypting and destroying files. In addition, infected devices are often used by intruders as botnet cells, while inexperienced users may not be aware that their computers are involved in network attacks on other network nodes.

It’s common knowledge that in order to operate, a trojan has to be launched by someone or something: a user or another program. It would seem that it is enough to control the launch of all the processes available on a device, and everything will be fine and safe. But, is it easy to achieve that in practice? Especially, for people who do not consider themselves computer enthusiasts. Alas, as statistics show, trojans, ransomware, backdoors and spyware are being effectively exploited by cybercriminals around the world. The quantity and quality of malware is only growing, and virus writers today are not only targeting the corporate sector. In addition, considering how rapidly neural networks are developing, both companies and users will have to face new challenges in the foreseeable future. And, of course, systems running Windows and Android are under greatest attack.

Most often, trojans are disguised as legitimate software, or they come with applications that have been modified by cybercriminals. In this sense, programs downloaded from non-official sources pose a significant danger. This is largely due to piracy and dubious sites that distribute outdated and vulnerable versions of free programs, and also hacked copies. Don’t forget about torrent-tracker resources, where you can also come across a "repackaged" version of an application or a game that comes with a "surprise". However, carefully choosing a source from which to download software is also no panacea. History knows of cases involving the hacking of official company websites and the subsequent replacement of the original installers with infected ones. Another situation involves the distribution of updates containing malicious code.

Phishing, social engineering techniques, and dangerous email attachments are outdated but by no means forgotten methods of spreading trojans that still work. You might think that these trivial methods are designed for inexperienced users. In this regard, it is worth noting that, first, there are many such people. Second, it often happens that the more experienced a user is, the more likely they are to expose their device to risks (more about this below).

Remember that attackers prefer large-scale actions, when they distribute virus software en masse. If you are not a specific target for cybercriminals, this does not guarantee that malware will not accidentally get onto your unprotected device.

Separately, it is worth mentioning threats to mobile and IoT devices. Android smartphones have long been in the crosshairs of virus writers. Trojans disguised as harmless utilities, including those found in official application catalogues, can stay there for quite a long time before being removed. Attackers also distribute malware via infected pirated copies of applications in the form of installation APK files.

Can I protect my computer myself?

In our issues, we often mention that following the basic rules of digital hygiene greatly reduces the risk of a device getting infected with malware. This is indeed true: computer literacy, an awareness of threats, and understanding the risks in a given situation are the main components of security. And this default approach is in no way compatible with ignoring antivirus solutions.

But let's assume that a user is taking some security measures and is not using an antivirus. This user does not follow suspicious links, installs only trusted applications, does not work in the system with administrator rights, and does not use removable drives. They check all downloaded files via the VirusTotal service. And yes, this person is the only one using this computer. In this case, the probability of a trojan being launched in the system is seriously reduced, but it will never be zero. Let's recall the human factor Any operating system is an extremely complex program; it is almost impossible to control all aspects of its operation, and, moreover, it is impractical for users. Most people use computers to solve applied problems, entertain themselves, and surf the Internet, not to create an isolated environment with a whitelist for applications, tight access restrictions, and the monitoring of all running processes and services.

Therefore, disabling any antivirus means depriving the system of an important level of protection, and it is not so important how a device is used. A person cannot physically take on the role of an antivirus scanner and heuristic analyzer, no matter what security measures they take. Security always implies a comprehensive approach. However, it should be remembered that absolute security is, alas, unattainable, but this means that you should not strive for it. Users often don’t realize how valuable the data processed on their computer is until they are under the threat of losing it.

Different habits of users

Not all users are ready to impose strict restrictions on themselves and to try to control the work of their operating system in an attempt to avoid malware. However, sometimes computer enthusiasts are even more vulnerable than those who use PCs for entertainment. The fact is that modern operating systems are quite resistant to failure and also have certain security tools: account control, an access-rights differentiation feature, application control, etc. For example, Windows 11 can protect itself much better than its predecessors. All this is configured by default and works for the sake of device security, which helps ordinary users keep their data safe. The situation gets worse when users start experimenting with OS settings and components without thinking things through. Sometimes, this causes a system to become more vulnerable. Of course, such actions require system administrator privileges. In an attempt to customize their OS, many users also install all sorts of extensions, change security settings, and search for and install the programs they need from a wide variety of sources. It should come as no surprise that the more you use a computer, the harder you need to work at protecting your data. It is good when such actions are combined with the proper competencies. But due to the technical complexity of systems, even experienced users sometimes expose themselves to additional risks that would be extremely difficult to prevent without antivirus software.

Free and built-in antiviruses

The first thing to note is that a free or built-in antivirus is better than no antivirus at all. We talked about free antivirus software in this article. When users take advantage of a free solution, they should keep in mind the hidden hazards that ultimately bring us back to the issue of the value of the information being protected. Important features of such products are the lack of technical support, limited functionality and a priori low reliability. Also, free antiviruses are not free in the full sense of the word. Developers need to monetize their efforts, and most often this is achieved by displaying ads and collecting statistics. In each case, users should read the license agreement to understand all the usage terms.

The Defender built into Windows OS is generally able to protect a device from a number of known threats. That's why disabling it when the system is not protected by a full solution is frankly a sub-par idea. And it is all the more sad to see search suggestions like "Windows Defender disable" in search engine services that are based on the most popular user queries. Of course, this component consumes computing resources, but on modern devices, its operation has practically no effect on system performance. The same can be said about any other high-quality antivirus. But remember that the Microsoft solution is not a comprehensive product with a wide array of features for detecting and neutralizing threats. Virus writers always perform checks to make sure that new modifications of their creations cannot be detected, before sending them off to the Internet, so it is extremely important that you update your antivirus regularly and have advanced non-signature analysis tools.

About antiviruses conflicting with other applications

Among antivirus opponents, some opine that security software literally interferes with a system’s operation by blocking everything. Some users remove or disable their antivirus software or other software components in an effort to get rid of displayed warnings. This has been done with the above-mentioned "Defender", UAC, browser protection tools, and other useful and important security tools. Of course, such situations play into the hands of cybercriminals. We will only note that if you've chosen an antivirus to protect your device and personal data, you should “listen” to its warnings. For example, by default, Dr.Web provides an optimal level of security, while always allowing the user to configure the operation of a program, including whitelists of sites and applications. For instance, in this article we described algorithms used for working with unwanted software.

Modern antiviruses rarely conflict with legitimate and uninfected software. If your antivirus detects a threat when you launch one of your programs, this is an occasion to pay close attention to its work, rather than disable its protection. First you should check the type and name of the detected threat: the antivirus may have "caught" a potentially dangerous application or advertising module. False positives are also encountered; this is due to the unique technical complexities involved in implementing security programs. However, they are incomparably fewer in number than the number of neutralizations of real threats.