Video Screencast Help
Security Response

The Importance of Updating Antivirus Definitions

Created: 02 Oct 2006 07:00:00 GMT • Updated: 23 Jan 2014 18:56:22 GMT
John  McDonald's picture
0 0 Votes
Login to vote

It is often said that an antivirus (AV) product is only as good as its most recent signature update; however, that's not strictly true. Even if your AV definition set is months out of date, it will still protect you from some of the worst viruses and worms of all time: Mydoom, Netsky, Bugbear, Sasser, Klez, Sobig, and Nimda, for example. On the other hand, the statement does hold some truth. While an AV product won’t protect a computer from every new threat right from the moment that threat is unleashed into the wild, most AV companies are very quick to add protection for new threats and make that updated protection available to their customers—usually within hours. Given that most threats spread relatively slowly (with a few notable exceptions, such as Slammer (W32.SQLExp.Worm), but that only affected certain systems running specific software), the timely release of signature updates means most companies and individuals have time to protect themselves from these new threats. If they keep their AV definitions up to date, that is.

Also, some people complain that AV products are of limited use because they fail to proactively prevent new threats from infecting computers. However, it must be pointed out that in addition to providing reactive (although timely) protection against breaking threats before they can become widespread, most AV products these days incorporate a certain degree of heuristic capability that does effectively prevent some new threats from delivering their payload. Indeed, it would be a safer and more secure computing world if the aforementioned heuristic capability was 100% effective in all cases, therefore making the (reactive) updating of definitions unnecessary (i.e., heuristics being forever able to detect and block 100% of malicious code trying to execute itself on a computer). But, if we consider history and the world in general, it becomes apparent that such a situation is highly unlikely to ever materialize.

Humans are smart—history shows that they will always find new ways to do things, both for good and bad purposes. Virus writers and malicious code engineers are constantly finding ways around the new technology that is employed to keep them out of other people's computers, and holes in operating systems only help them in their efforts. These vulnerabilities are extremely difficult to prevent. Eventually, some creative (or persistent) person will find them and exploit them, just as sure as houses will continue to be broken into, cars will continue to be stolen, and crimes will continued to be committed, regardless of the technology and security measures used to try to prevent them.

Speaking of such measures—security costs money. The better the security, the more expensive it usually is (not to mention the fact that if the security gets too tight, the computer may become practically unusable for its intended purpose). So, there needs to be a trade-off. How valuable is your data? If a security company guaranteed they could prevent 100% of malicious code attacks on a computer, but it cost a million dollars per computer, would you buy it? Well, if you were in charge of a government or military installation you might. But, such things would be out of the question for the vast majority of companies, let alone individual computer users. And, speaking of individual computer users, according to Symantec's latest edition of the semiannual Internet Security Threat Report (published September 2006), home computer users are becoming the preferred target of cyber criminals. Among the home users surveyed, just 46.3 percent said their antivirus software is up to date.

Even if that impossible sounding “100% effective” security solution was ever invented, it is highly doubtful that it would take the human mind long to render it obsolete. To this day (to my knowledge), every challenge claiming that a certain product or piece of software is unable to be cracked has been met, much to the chagrin of those who made the challenge in the first place.

So, what can the average computer user do to protect their computer? Keep AV definitions up to date, follow safe-computing practices, and hope human nature changes for the better so people stop doing bad things. But, please don't hold your breath on that last one.