February 15, 2017
Common knowledge has it that the moment you buy a new computer, your purchase necessitates subscribing to a third-party virus protector. Love it or hate it -- not unlike shielding your beautiful new phone with a case -- it comes with the territory.
But, in 2017, is that still true?
For an update on how relevant these software packages are today, we reached out to Marcello Balduccini, assistant research professor in Drexel University's College of Computer Science & Informatics.
Are third-party virus protection services actually recommendable in 2017, or are those companies still chugging along by scaring older folks who don't know a computer has built-in protections?
Third-party protection services are indeed still useful for most user categories. The protection software that ships with most operating systems is a fair fallback option. However, developing a reliable defense mechanism requires specialized skills, continuous research and substantial funding. Companies that specialize in protection software are more likely to be able to devote sufficient resources than companies in the market of operating systems. Thus, third-party protection services are, on average, more reliable than the equivalent built-in protection.
How effective are the built-in protections? It varies from Windows to Mac, I'm sure, but let's say Windows for now -- between Defender and the browser protections of Internet Explorer.
These are, in fact, two very different kinds of protections, and both are needed. “Defender,” as an anti-virus software, has the purpose of defending the computer as a whole and only has limited visibility into what the browser is doing. Hence, it may be unable to detect a threat coming through the browser before it is too late. Browser protections, on the other hand, are an integral part of the browser and, as such, can more promptly detect incoming threats. To complicate things, browsers-level protections are not intended to monitor the other aspects of a computer -- other applications, services, hardware. So, both are important and needed in most cases.
What's been the biggest change in Web security in the past decade? And are there more viruses out there than ever, or fewer?
I would say that the greatest change has been in the reach and nature of cyber attacks. Note that I prefer to talk about threats or cyber attacks because viruses are just one of the many vectors through which an attack can be carried out. With respect to reach, the level of integration of computing devices in our society has made it possible for attackers to go from “old style” attacks, which simply caused information loss or computing service disruptions, to “new style” attacks that may affect a whole country’s economy, infrastructure and, potentially, causing loss of lives.
In terms of the nature of attacks, in the past attacks used to fall mostly into what I call a “one v. one” pattern: an attacker would target a device, or collection of devices, with the ultimate intent of harming those devices. We are now facing a new type of pattern, which I call “many v. one." In this scenario, an attacker penetrates a large number of devices but, rather than harming them, uses them against a single target. At this point the target finds itself facing an attack of unprecedented magnitude, against which defense is very challenging. As the recent attack on DynDNS (which affected many popular sites like Amazon, Etsy, Reddit and several news sites) has demonstrated, this kind of attack is particularly insidious and not yet understood well.
In a nutshell, why are Macs so notorious for being virus-free?
This is a rather debatable topic. Their relative immunity to infections is partly due to the fact that the operating system found on Macs is a derivative of Unix. Unix is, from various points of view, a better-designed operating system than Windows. There is, however, some evidence indicating that Windows and Unix share, to a good degree, the same vulnerabilities. So, being built on Unix is not, by itself, sufficient to explain the perceived greater resilience of Macs. In my opinion, a substantial contribution to relative immunity is the combination, on the Mac side, of a smaller market share, a more prudent type of user base, and a more focused set of activities carried out by users.
Is there one browser that does virus protection better than another?
I do not think that there is a browser that is consistently better than all others from all points of view. From a technical perspective, the fewer features a browser has, the easier it is for it to be resilient. For instance, extensions or add-ons introduce a substantial degree of flexibility, but also increase the number of potential vulnerabilities. Then again, a browser that does not support extensions or that substantially limits what they can do may end up being too restrictive for practical use.
How do you know if you're a good candidate for extra virus protection software?
Especially in today’s world, where connectivity is virtually ubiquitous, it is better to err on the side of caution. Having said that, it is typically not a good idea to install multiple pieces software that provide the same kind of protection. For example, running multiple antivirus suites at the same time is unlikely to increase safety and, in fact, may lead to issues due to the antiviruses “stepping on each other’s toes.”
How do third-party virus protectors impact computer performance?
The impact can be noticeable. To be effective, most virus protection suites need to monitor a wide variety of events occurring in a computer system. They also need to perform tests on applications as a user attempts to execute them. All of this is time-consuming and may affect a computer’s performance noticeably. Technology is in the works that may reduce the performance impact of protection mechanisms and, in fact, increase their ability to detect and block threats. Until such technology becomes available, however, little can be done by average users besides accepting the slight degrade in performance.
Anything to add?
If there is one recommendation that I would like to make, it is that users need to realize that it is not just computers that need to be protected. We are surrounded by a large number of devices with advanced computing capabilities: smartphones, internet routers, smart watches, smart thermostats, autonomous cars. All of these devices are vulnerable to viruses and to other kinds of cyber threats. Unfortunately, they are much less understood by typical users and are thus often left virtually unprotected. Due to their large numbers and to their substantial computing capabilities, they can be effectively leveraged to carry out attacks on their owners’ home networks or to steal information from them. They are also prime intermediate hosts for “many v one” attacks, which have a potential for even further-reaching consequences. In many cases, protecting these devices is as easy as reading their “quick setup” manuals, making sure to change their default passwords and taking the time to keep their software up-to-date.
