There can be no doubt that having a solid antivirus strategy is essential to the smooth operation of your IT systems, yet many companies don't even have a strategy let alone a solid one. Most businesses we visit have a range of 'Free' or consumer grade antivirus products installed all in varying degrees of effectiveness and this one factor leads to many of our callouts. With Antivirus software you definitely get what you pay for, yet high end antivirus software doesn't cost the earth at only a few pounds per month. Regardless, once you have your antivirus software installed, and updated it will silently attempt to protect your computer from infection, which contrary to popular belief, it only archives some of the time. To understand why the best Antivirus software on the planet can only protect your computer some of the time we need to look at this process in more depth.
What is a virus
A virus, in computer terms is simply a software program which is designed to copy itself to other computers. It's that simple, and it's also significant to know that the majority of viruses are not critically harmful to your systems. Generally when a virus is designed to damage your operating system and data then we call that Malware (from the words Malicious and Software).
What is a Trojan
A Trojan, in computer terms is simply a software program which is designed to open a connection to the internet so that a third party (or many) can have some remote influence over your computer. In most cases these Trojan's can be leveraged to install more Malware on your computer, or to search for and extract information from it. A Trojan can be a virus, in that it's also designed to replicate itself, or it can be acquired from phishing.
What is Phishing?
A good percentage of infections come from infected attachments to email's or from malicious websites. These emails and sites pretend to be an official representation of an organisation you may know, such as your bank and then persuade you to interact in a way that causes infection to your computer. These are simply scams which leverage human behaviour as an infection vector.
The Infection Vector is a phrase that is shared with the medical community and simply means the 'method' of infection. Infection vectors are important considerations because some can be mitigated through security infrastructure and training. I'll list the most common infection vectors here.
- Email - Probably the largest of all infection vectors, commonly leveraging weaknesses in Microsoft outlook and office to download and run a program when a file is read or opened. These email's often pretend to be from your bank, office, the IT Department or similar and in a few cases can be quite convincing. This vector is easily mitigated by using an antivirus service for email such as our GENX, and a little user training.
- Website - A malicious website can and does succeed in convincing some users that they need to download software to 'fix' something, usually these sites will leverage fear that something is about to happen, such as a virus infection, unless the software is downloaded. This sort of scam has been around for years but its still a popular infection vector especially in companies where their internet traffic is uncontrolled and users have received minimal training.
- Media - Such as CD's or memory sticks is becoming less and less significant with the move away from removal media in favour of online storage, but in the past it has been very significant.
- Internet - Some businesses for whatever reason simply take a cheap asian router from a well known ISP (not naming any here of course) and use it to connect their network to the internet. These cheap routers are not security hardened and are easily compromised, opening up your network to penetration from malicious third parties. We wrote an article about this very thing, titled "Just Don't" but we still encounter this on a weekly basis from new customers often coming to us because their network is rife with infections and its having a real impact on the company, or in some cases because they've had their data stolen and are being blackmailed. We'll touch on that later.
- Hardware - You would be surprised how often we find, when trying to track down the source of infection, all roads point to a PC that was purchased second hand at some point, OR, to a personal laptop that has been allowed to connect to the company network.
- Humans - When considering the huge revenue generated by data-theft, it's not hard to see why this form of infection is happening today. A visitor to your business simply brings a small device with them, inserts it into a network port, a usb port or hands it to a receptionist and then penetrates the companies network either whilst on-site or from the car park wirelessly.
- Wifi - Cheap budget Wifi equipment or even expensive equipment that is not maintained can negate the need for anyone to physically enter your company, as they can break the Wifi encryption from the car park and then take their time penetrating the network and installing trojans. This form of data theft and business continuity blackmail is becoming increasingly common.
ANYONE who tells you that by purchasing their Antivirus software you can relax knowing that your now impenetrable is at best exaggerating the truth and at worse a total lier. Antivirus software works in three ways,
- Firstly it scans files and data looking for 'patterns' that are from known malicious software. Using this pattern matching process a large percentage of low grade infections can be thwarted.
- Secondly, it scans system files and configuration data for changes that are unexpected. An example of this would be a 'startup' program that has newly been added or a new device driver installed. In many cases this isn't a clear infection but the software may optionally 'warn' the user giving them the option to allow or deny. Most users will click allow regardless.
- Finally, web browsing activity and sometimes email is scanned and certain access is blocked from known malicious websites.
That's basically all the software does, simple but effective in limiting the number of possible vectors for infection. What is often missed by antivirus software is high grade viruses that are able to morph their pattern on each install. Such viruses can still be identified and flagged by good Antivirus software because the number of patterns is limited to some degree, but this isn't always the case. What is always missed are the new viruses that are being developed daily and that the antivirus software knows nothing about.
Depending on the rate of infection, from creation until identification and then updates being issues to antivirus software can be as long as 6 months. That's six months without any protection. We call these new viruses that no one has seen before zero day for some reason and these are the threats that your software will miss. Some, if not all of these new viruses are designed to evade current antivirus software as part of their design so not only do antivirus software vendors need to identify it, but they need to update their software to overcome whatever method is used to mask it. This takes further time.
GEN Business Security Services
GEN have been playing this game for the last 20+ years and we understand that 'protection' is not just about selling some software and making false promises on how effective it is. We know that protecting your business from this sort of threat is more than software but requires reducing risk by closing off Infect Vectors. The GEN BSS service includes a number of levels of protection depending on your in house capabilities. At the heart of the software antivirus solution is the industry leading TrendMicro antivirus protection combined with our own adjunct services permitting remote monitoring and assistance.
GEN BSS Standard - This entry level service is designed for companies who already have in-house staff but who need additional support should an infection become apparent. Our antivirus software has a web portal allowing monitoring of all the computers protected together with logging of infections detected and actions taken.
GEN BSS SME - This service provides the best in industry antivirus protection with third line technical support available should an infection be uncaught and requires intervention.
GEN BSS Enterprise - This service provides the same best in class antivirus protection with third line technical support but also includes 3 days of staff training, a full site cyber security audit and monthly activity reports to the board.
Each of these core packages can be enhanced with add-on services such as Service Level Agreements and managed services.
If you're looking for an antivirus solution that is sensibly priced and that provides an increasing degrees of business continuity protection then contact us today for a quote.
1 iPhone/Android License
Remote Support Included
10 iPhone/Android Licenses
Managed + Portal
100 iPhone/Android Licenses
Other options, packages and variants available, contact us today (bottom right) for a specific quotation