Anti-Virus Programs Don't Work

For years, computer users have been led to believe that an AV program (Norton, McAfee, etc.) on their computer will protect from hackers. If that were true, I wouldn't have a job.

Ample research (www.battlegroundcomputers.com/resources.html) has proven that hackers have figured out how to infect your computer even with an AV program on it. How?

Well, first, you have to understand the business model that AV programs work on. I call it prescriptive defense because the AV program is trying to find something AFTER it's in your computer. By then, it's too late.

The assumption is that the AV program will examine your computer for files that it can recognize by the file signatures. (When you update your AV program, you're downloading the latest virus signatures that the AV program will use to identify virus files on your computer).

The problem with this model is that the AV companies first have to discover the virus in the "wild", then create the signature, then distribute it to your computer via automatic updates. At best, this process can take 3-5 days leaving you open to infection until you have the updated signatures. Coupled with an aggressive spam/IM campaign, hackers can deliver a virus to you long before the AV even knows about it.

Hackers modify their payloads more frequently to stay ahead of the AV detection signatures. They can instruct the virus to morph itself before spreading thereby becoming invisible to even the best AV program.

But this is only the beginning....

Instead of relying on a viral file to hack your computer, hackers are now using web sites to infect your computer through the browser (IE, Opera, Firefox, MSN, AOL, NetZero, PeoplePC, etc.).

When you connect to a web site, the browser executes the code used to create the web site - notably HTML. But HTML is limited in what it can do - it is primarily a display language and therefore cannot create attractive menus or other functionality. So, the HTML code is designed to execute scripts that are tasked to do the real work of web functionality. This is most often javascript and the browser executes all scripts on the web site WITHOUT USER INTERVENTION OR KNOWLEDGE OF THE SCRIPT.

Hackers are now hacking web sites and injecting their own links to javascripts that infect your computer. By hacking the database that generates web site HTML code (you knew that hosting companies use a database to store your web site files, right?), hackers can create thousands of viral web sites - many of them known good, safe web sites.

Because scripts are executed by the browser in the context of the user, they have all the power of the user including modifying the Windows registry, modifying the NTFS file attributes/permissions (making files invisible and/or undeletable), disabling the AV and creating new user accounts.

But users still adhere to the notion that they're protected because they have an AV program. The AV companies tout their effectiveness and so create an attitude of complacency in the users. This complacency is the door through which the hackers gain access to the computer.

The only effective defense against hackers is preventive - blocking scripts BEFORE they can execute in your browser.

Use Firefox with the NoScript plugin to protect your computer.

Beware of any computer repair shop that claims they can remove viruses from your computer by using an AV program.

If the virus has modified your registry to do some task, the AV program has no way of knowing that - there is no signature to compare to.