Somewhere between the reservice and the cadets…

Antimalware programs are not your first line of defense — more like your fourth.

Antivirus programs manage a database of known malware and freak out when something matching their database comes across your computing device. More aggressive antivirus applications attempts to make guesses in case malware is too new to be included in their database of known malware.

In other words, antimalware software looks over your shoulder to make sure you do not have a lapse of judgment.

Notice the subtle emphasis…

The assistance which antimalware software provides is useful but you cannot lose sight of the point of security. You must acknowledge that those situations could still occur; you must limit the damage possible in those situations to what is reasonable; and you must limit the possibility that those situations could occur at all to what is reasonable.

Antivirus applications are an assistant, not a permission to become complacent.

No antivirus package has perpetually caught every attack even in laboratory tests let alone the real world. That said: if you have done everything correct but an attack still does succeed on you but is stopped by an antimalware suite — you still win.

To formalize — these are the four lines of defense for your computer:

  1. Keep your machine and all applications on it up to date (ironically, even antivirus software).
  2. Limit the inbound access to your machine through firewalls or routers.
  3. Think before you launch an application or load untrusted data and give it the smell test.
  4. Enable antimalware applications and security features of your operating system to block attacks which make it to your machine.

Lastly, never trust an antimalware application to remove an infection. They will try really hard but there is never a guarantee that you are in a secure state unless you revert to that state from a known clean source.

In other words: back up your data, erase everything on the machine, and restore your operating system from a source that could not possibly have been altered in the attack. That usually means your Windows install disk.

The Microsoft malicious software removal tool…

It is possible for the attack to have modified your data to reinfect your PC later on. To do so, however, they would need to know an exploit for the application and version you will use to reopen the data on the new computer. The amount of resources that would be required to attack you again through those methods would be better spent elsewhere unless you are being singled out by a team of attackers. Unless you are the Dalai Lama you are probably not important enough.

In other words — I would not worry about backing up photos or videos from an infected computer unless you are important enough draw the attention of a team of full-time hackers dedicated to you. Just do not back up programs.

Remember: you are likely being attacked for financial gains. People will attack big targets which are cheap to acquire. Attackers only get innovative if they absolutely must. It is a good thing to see an attacker get inventive in how they exploit you — it means their usual methods just do not pull a profit anymore. If they must hire a call center to call you at home, pretend to be Microsoft, and try to convince you to give them remote desktop access — it means they have given up whatever they used to do. Sort of like that proverb, “The candle burns brightest before it goes out.”

Read on to see just what is dangerous about complacency and conclude this discussion.

« PreviousNext »