While the National Crime Agency did warn people about the upcoming GOZeuS and CryptoLocker malware, information given by security specialists point to the fact that traditional antivirus software is not enough even for a simple malware prevention, yet alone the more advanced malware types.
Comodo Group‘s CEO, Melih Abdulhayoglu, points out that most traditional antivirus software on the market “simply don’t work” and detects threats such as viruses and malware only when they have already infected the system, rendering them obsolete.
“For years the antivirus industry has been promoting a flawed product to the mass market as a protection product – a huge con. As a result, there are millions of business and home users who think that they are safe online, just by running an antivirus product – this is madness! Traditional antivirus products do not and can not protect you from new malware like Cryptolocker that they can’t detect.”
Melih emphasises that the only method of keeping a system clean is through containment technology. The technology puts unknown traffic coming from the internet into a sandbox environment for further analysis, meaning that the data cannot react or spread within the system until it has been identified as ‘safe’. This way, Melih states that the malware is detected and denied access before it can even get near the system at hand.
Businesses however are more susceptible to viruses and malware than homes. This is said to be due to the fact that hackers are writing specific malware which target a single individual system inside the company, from which it will inevitably grant access to the entire company’s network.
“For businesses, the problem is Advanced Persistent Threats (APT). Criminals are writing specific tailored malware aimed at one person in a company and then stealing data via that person. It’s designed to be undetectable, or viewed as too small a problem to solve. Think of it like this: the pharmaceutical industry wouldn’t bother to spend billions on curing a disease that infects just one person, so these bad guys are hoping that the security industry doesn’t put resources into solving a problem targeted at just one individual.”
However, this does not mean everyone is doomed to have their systems infected. Egemen Tas, VP of Engineering at Comodo, emphasises that a combination of a strong and trusted† antivirus software along with basic execution control (such as the annoying popup in Windows, which everyone tends to deactivate, appearing every time an ‘unknown’ or application requiring elevated privileges wants to launch) is enough to keep your system clean.
“In order to stay protected from GOZeuS and CryptoLocker, users should follow cyber-hygiene best practices,” said Egemen Tas, VP of Engineering at Comodo. “It’s not as complicated as you may think. You should use a certified and proven antivirus product, always installing the latest version and applying updates. Additionally, you should go beyond traditional security prevention by utilizing a HIPS (host-based intrusion prevention system) product, and applying some basic application execution control to prevent these types of malware from taking over your system.”
Also, since there are cases where malware can infect a system through the e-mail service, Egemen states that a good prevention practice is “not opening attachments from unsolicited emails”, meaning that if an unexpected email from an unknown person or even a friend arrives in your inbox containing a strange attachment, it is better to delete it rather than risk opening it.