Simply put, yes. Anti-virus programs offer protection against many of the threats and most now come with an additional firewall which, as long as properly configured, protects against remote exploits. Plus if anything manages to get onto your machine, then the heuristic and behavioural component of your virus scanner should provide notification that there is something there even if it cannot remove it.

disable-antivirus

You Need More Than An Anti-Virus Program To Fully Protect Your Computer

  • OS updates – Are you fully up to date with the patches?Most of the remote exploits can easily be defeated by making sure your system is fully patched. It is also important to make sure that all software is up to date. (How many of you have enabled the additional software updates from Microsoft that will automatically patch software like MS office?)
  • Computer Access – Do you need to be surfing the web or checking email with a full administrator account?If you use an unprivileged user account for normal activities this can limit entry points for threat via dodgy emails or infected websites.
  • Stop & Think – Does it sound too good to be true? Do you really have to see the latest celeb video shocker? Does that subject line/content look like something your friend would email to you? Does it make sense that you need another plugin to play an online video? Why should a website you have visited many times before suddenly want you to install a plugin?

Finding A Way In

A lot of the threats that find a way into your system do so via social engineering -  i.e. they get you to run the virus/worm/Trojan yourself.  Some of them will even try and tempt you into disabling your anti-virus protection to get it to run. Once this is done, the controller of the malware could have full control of your computer, and a complete rebuild could then be necessary to make sure the system is secure again.

Over the last few years the threats have evolved to deliberately become covert, so that you don’t always notice them, and they can carry on for as long as possible, doing damage and spreading, before being detected.

Help

For And Against – Know The Risks

The argument often put against anti-virus programs is that they slow the computer down and make file access painful (especially in office environments). With the heuristics/behavioural analysis that most modern anti-virus programs have, file access and computers will run a bit slower. However, with modern multi-core processors, the largest bottleneck will often be disk access, especially during scheduled scans.

Disabling anti-virus features to get the computer to run faster often just increases the risk of infection. Careful use of exclusions can improve speed, but this carries its own risks by providing a potential safe hiding place for a virus.

Occasionally signatures from anti-virus products have been known to attack operating system files making computers unusable, but fortunately these are rare and the risk of the same or worse damage from a virus/Trojan/worm is much higher.

100% Protection

No anti-virus can protect you from all infections (although they are all pretty good against known infections http://www.av-comparatives.org/). And there are zero day exploits (bugs in software or operating system that are not yet patched) out there although they are much rarer than the media would have you believe, the most recent being the well-publicised java exploit.

The Best Solution For You

Here are our top tips for home and office users.

Home computers

  • Regardless of the operating system, every computer should have anti-virus on it. The free offerings give you some, albeit limited, protection. Do not install more than 1 anti-virus product at a time as they can interfere with each other making your computer either run very slowly or just completely lock up.
  • As mentioned above, make sure the operating system and all software is fully up to date and patched
  • Make sure your browser is set to be as secure as possible.
  • Let your anti-virus do a full scan of your computer periodically. Ideally weekly, but at least monthly. Some products allow you to perform a scan and when it is complete they will shut your machine down, so you can leave it scanning when you have finished your work.
  • Don’t disable your anti-virus just to install a browser plugin or run a file you have received on email. However, it is recommended that you disable it when installing major OS updates/patches to prevent the anti-virus blocking updating of important system files.

Office environments

  • These are often a lot more complex than home networks, having multiple computers and often multiple servers to consider. Also inbound ports are often open in corporate firewalls to allow services such as email delivery, web access to on-site services etc.
  • One size does not fit all and anti-virus and security solutions need to be carefully tailored to meet the requirements and budget of the company.

An Average SME

  • For small setups with just 1 server and up to 10-20 computers then one of the centrally managed products, commonly installed on the server should be sufficient.
  • However, the protection should be installed on every computer in the company with a common policy pushed out from the server and tied down to prevent it being disabled/removed from the computer. If your server handles email then it is essential that you have an anti-virus component that is email “aware”, and ideally one that actively scans the email store.
  • Entire server scans should be scheduled at least weekly (normally overnight to reduce impact) as this picks up new threats that might initially have been missed. Weekly scans should also be carried out on all workstations with the timing being decided to minimise impact on productivity.

Large Organisations

  • Larger companies, with multiple servers, should consider one anti-virus product on their servers and another on the workstations, with both being centrally managed. This increases the chances of detection of any threats because if one product misses a threat then the other should detect it.
Advice

Think It Through

In both situations, careful attention needs to be given to the anti-virus setup to ensure files aren’t over-scanned, and exclusions carefully set to balance risk and productivity. Having a file take 2 extra seconds to open is not a problem, but if you’re still waiting a good half minute after clicking on it then something is wrong.

Need Some Advice?

If anything is not clear or if you would like further advice, just leave a comment below or email us at info@birchenallhowden.co.uk and we will be happy to help.

1 Comment