Tuesday 3 November 2015

Is anti-virus dead? Part 2

Countermeasures. So what is to be done?

Phishing relies on gullibility, and gullibility is as common as stupidity. Except that even very intelligent people can suffer from gullibility. In my past blogs, I've had a lot to say about gullibility, and in my view, the cure for gullibility is critical thinking. I've also done a lot of posts about critical thinking because I think it's so important.

I can't give you a simple rule about how to avoid being phished. All I can tell you is that there are thieves and liars on the internet. Big surprise. And any email that you get might be from a thief and a liar. So, before you give away your password, or your credit card number, think carefully about who you might be giving this information to, because just because someone says that they're honest and trustworthy, doesn't make it true. Liars say the same thing. Duh.

When someone phones you and says they're from your bank (or wherever), and want you to answer some security questions, give them nothing, get a reference number from them. DO NOT phone back the number that they're willing to give you, because if you were just called ny a scammer, you're simply callng the scammer back. Instead, go to Google (or your latest statement) and get their phone number and call them back, citing the reference number.  Now you know you're talking to your bank (or whatever) and you can proceed.

Nor can I tell you how to avoid scams. Scams rely on gullibility, and are avoided by critical thinking.  If something seems to be too good to be true, then it probably is, but, very occasionally, it isn't. 14 years ago, I changed to Energis as my main host, and when I went to talk to them, the deal they offered me seemed to be too good to be true. It took me six weeks to convince myself that there wasn't some hidden snag; as it turned out, I was happy there for a long time.

What I want to cover here, is malware arriving at your computer via email.

Your system, by default, is totally open to emails arriving from anyone - complete strangers can send you email. If you're using a service such as gmail, then they try to filter out spam and malicious software, and that's good. If you're a corporate, then you might be making use of a commercial email filter, and that's good.

But I don't think they're sufficient - things will get through.

I don't use services such as gmail, and I don't use a commercial email filter. I use a filter that I made myself, and which I've described. It works well. And that means that I can, if I want, see all the emailed malware that gets sent to me.

If you've been reading my posts in the last few weeks, you'll know that antivirus products don't usually flag malware in emails. But now look at the last example I gave in part 1. An encrypted zip file containing an exe.

Virustotal showed that not a single product could flag that as malware. But after I unzipped the file (by giving the password that was in the email), five out of 54 products flagged it as being a trojan downloader.

Realistically, it isn't fair to expect an antivirus to find malware in a file that's been zipped and encrypted. My previous articles have shown that it isn't even realistic to expect most AV products to detect malware in email; they don't have much time between them getting a sample of the email, and the same thing arriving in my mailbox. They have a few hours. They just can't do it.

So there it is.

Current antivirus scanners will not protect you from emailed malware. You're going to have to do it yourself, by using services that filter out spam and malware, and on relying on your own critical thinking, to avoid clicking on any malware that does get through.

But what of the future? The future is email filtering. See part 3!

No comments:

Post a Comment