Your systems should have anti-virus software installed – yes, even those of you with Macs. If you run Linux as a desktop, you get a pass, but I still recommend installing ClamAV or Sophos if you exchange files with Windows systems. You don’t want to unintentionally pass along a virus to your friends and family.
Sidenote: If you browse porn or other “questionable” sites, I’m not going to judge, but you need to be even more careful about having a good up-to-date anti-virus program (or 2 or 3). And you should really consider sandboxing that activity – I use VMWare and snapshots when I need to visit questionable sites.
There are many anti-virus products available, and for the most part, they’re all good options. You want to look for a product that advertises “heuristics” – and almost all of them do. If you have more than 4-5 computers in your household (and a system you can install the centralized server on), you may want to consider splurging for the “endpoint protection” solutions which allow you to control the anti-virus software (and software firewall) from a centralized server – great for kids. But it’s not necessary at all.
The most common vector of attack is through malware – viruses, trojans, key loggers, etc. All an attacker has to do is get you to click on a web page or an e-mail attachment and they can infect your computer. And you’re left cleaning up the mess. The specific actions of the malware vary, but can cause your system to become part of a botnet, encrypt all of your important files, or give an attacker control of your system to read your files, send e-mail as you, etc.
Malware hits your confidentiality, integrity and availability, depending on the specific action, so it’s important to try to prevent it.
How to configure Anti-Virus
For the most part, the defaults for any anti-virus install are acceptable. You want at a minimum:
- Automatic signature updates
- Heuristic detection enabled
- On-access/on-read scanning
You also should consider the following settings, but there can be some drawbacks to them:
- Automatic engine updates (not too many drawbacks, but does update the software automatically, some don’t want that)
- On-write scanning (can slow down writes and disk performance)
- Scanning networked drives (you may not want your system to be scanning a file server)
- Scheduled scanning (a full scan of your system on a schedule. This works better on a desktop, and while the scan is going on, it will generally bog down your system)
What if you do get infected?
If you do happen to be infected by malware, there are several things you can do. One, get yourself a free anti-virus ASAP. Run it, and it *may* be able to clean up your system. If it can’t, it can at least tell you what file was infected, and you need to rebuild your system and restore from backup – without that file. There are also IT shops which specialize in removing malware, and you can look into them, but it’s a long process and they likely charge more than you’re willing to pay, but it is an option.
How Anti-Virus Works (optional)
There are two methods of protecting a system from Viruses and Malware: signatures and heuristics. In the past, Signatures were the only method available, but in the last 4-5 years, heuristics have become a significant research area and important protection.
Signatures are pieces of text, binary, code, memory, etc that indicate a specific virus exists. For example, a virus adds a specific file to your file system, or changes a system file in a specific way. For all known malware, your anti-virus should have a “signature” for it. Although it may be a day or two from discovery to a signature update. That’s great for known malware, but what about the new stuff that’s coming out almost every day?
This is where the heuristics comes in. Your system operates in a certain way – “normal”. Malware tends to do certain things that are outside of that normal: replicate itself, change system files, make network connections. Anti-virus programs look for this type of behavior and takes steps to quarantine that code. It’s generally done by running the code in a special “sandbox” where it can’t access your “real” system, and watching for system calls. If it’s all clear, the anti-virus lets it continue to run on your system, and “remembers” what that clean code is and lets it run next time without sandboxing. Some heuristic methods watch for abnormal network traffic or disk usage, but the specific method used is dependent on the software you bought, and how they conduct their research. Heuristics aren’t perfect, but they’re considered “good enough” to help detect new malware that your software doesn’t have the signature for.