Antivirus Software: Is it helpful or too risky?

For many, many years now everyone has been told they must have antivirus installed on their computers, phones, etc.  Well, except for Linux and Apple users, but we will hold that topic for another conversation.  :)  Today though, things are not so cut and dry.

Some people in the security industry claim antivirus software doesn’t have a purpose and can actually put your computer or mobile device at greater risk due to the additional vulnerabilities it creates/introduces.  In my opinion, it often depends on the user.  If you have IT experience, understand the security risks and have various layers of security (defense in depth), antivirus software may not be needed.  For the everyday person however, I would suggest still using some form of antivirus/anti-malware software.  Even if you do have IT experience, I would still say having some sort of antivirus software isn't a bad thing.  Unlike the past, most of the software today doesn't impact computer performance that much (assuming you don't have an old device).  

Antivirus/anti-malware software cannot be your only line of defense though as even the best antivirus doesn’t offer 100% protection.  To discuss why it isn’t 100% protection, let me take a brief moment to explain a little about signature based technology and the pros and cons of antivirus.  If you aren’t interested in the lesson, skip the next paragraph.

I know a lot of people assume if they have antivirus, they are instantly protected from anything and if their antivirus doesn’t show an alert they must be safe.  Unfortunately, that just isn’t the case.  Most antivirus works on a signature based technology.  Meaning when an antivirus vendor knows a certain file being spread around the internet is malicious, they make a signature to detect it.  This works great for known malware/viruses.  So, this is an added level of protection and is why a lot of people in the security field will say it isn’t a bad idea to have some form of antivirus installed.  The problem is, antivirus vendors cannot create a signature to detect a virus or malicious file until it is known, which obviously takes some time.  Let’s run through a quick scenario to explain the concept in real world terms.  Assume a malicious file is sent via email to millions of people at noon.  This is a brand new file, so 99.9% of the antivirus companies will not be aware it is malicious.  If someone clicks on the file a minute after it was released, their antivirus will not trigger an alert.  Even if they scan the file prior to opening it, their antivirus will not label it as malicious.  This is because a signature for that file hasn’t been created to detect it.  Let’s say 15 minutes after the file was emailed, your antivirus company did learn about the virus or file and created a signature for it minutes later.  Your computer will not trigger an alert until the antivirus detection engine on your computer has been updated.  Now if your antivirus is cloud based it could possibly label the file as malicious as soon as the signature has been created, but a lot of people have antivirus that uses a signature file stored on their local computer.  This means even if a signature has been created by your antivirus company, your software would need to be updated in order to download the new signature.  This is why it is important to always keep your antivirus up-to-date or better yet, ensure automatic updates are enabled.

You may be asking yourself if antivirus isn’t 100% effective or can only detect known malware, why would I use it.  Great question.  We go back to my previous opinion.  If you are a normal user, meaning you aren’t a seasoned IT veteran, antivirus is a great addition to help you be more secure.  It should protect you if you happen to stumble onto a file or website that is known to be malicious.  Bad files do linger around the internet.  Not to mention, numerous malicious files are sent around via phishing emails and security companies can create signatures for them rather quickly, so the software can protect you again current threats as well as those malicious files lingering around the internet.  

The good news, you don’t have to spend a lot, if anything, to get a good antivirus product.  The free versions of antivirus in the past were missing a lot of key features.  From what I can tell, that just isn’t the case today.  You can easily find free versions of antivirus that will offer generous levels of protection.  The paid versions do offer more features and if they are important to you, then I say go for the paid version.  If you are on a budget though or the added features aren’t important, quite a few of the free options will provide good protection.  I would recommend searching the internet for top rated free antivirus, or top rated internet security suites if you are willing to pay.  Just make sure to click on known sources when reading reviews such as pcmag, tomsguide, techradar, arstechnica, etc. and choose the brand/options that works best for you.

In my VirusTotal post, I discuss an additional security step you can take to verify if a file or website is malicious.  It works on the same principal as the signature based antivirus so although not fool proof, it is another step you can take.  Plus, it is like having 60 different versions of antivirus software installed on your device all for the price of free.