Anti-Virus Software: Not A Magic Solution
Most people, these days, seem to have antivirus software on their computers. Partly, I suspect this is due to it being preinstalled by the shop they bought the computer from, but also, it is due in part to better education of users on how to prevent viruses. Of course, simply having antivirus software isn’t enough; user education now needs to focus on how to use it.
I have lost count of the number of times I have seen AV (anti-virus) software on a computer, but it has never had its definitions updated since it was installed, or there are no scheduled scans, no in-memory checking, and no e-mail scanning.
The user feels safe; they have antivirus software, and its got its icon in the system tray. The problem is, its not active, and even when it is, they don’t know what a particular warning means, and often ignore it and open the file anyway.
These are the situations which, now, we need to prevent. This involves education of users, especially in a home environment, as in the office it is possible to use advanced AV systems, such as Symantec AntiVirus Corporate, which perform network-wide auto-updates, and it is possible to schedule scans and then lock the user out of the control panel. It is even possible to ensure that the computers are on when the scan is scheduled, with modern BIOS and OS’ supporting timed wakes. All of this means that the entire network could boot up at 3AM, update virus definitions, and scan all drives, without inconveniencing users during the day.
On a home PC, though, the user is responsible for setting up all of the scans and updates. If they don’t connect to the Internet often, and when they do its only to download the 2 e-mails they receive a week, often virus definition downloads do not complete before the user disconnects. As a result, dangerous attachments can be entering the computer, but the virus scanner is not updated and equipped to deal with these.
The only solution here is furthering the education of users when it comes to computer security. The banks do a similar thing, as they were made responsible for any fraudulent online transactions; they sent out letters to customers detailing how to shop securely, and how to use Internet Banking securely. For the most part, this has succeeded.
The PC industry, currently, has no responsibility for virus infections, and so this crucial aspect of security is left in the often incapable hands of the user. In some cases, viruses even benefit the shops, when the user brings back their computer to get it fixed, at a sizeable service fee.
User education in these matters is essential if the onslaught of viruses and other malware is to be stopped. The measures currently provided are ineffective; the only users properly protected are the ones that know how to set the various confusing options, and these users are less likely to become infected anyway as they follow other precautions, such as not opening unidentified attachments.