Worms & Viruses

Why we are not safe or why virus scanners are not enough

Eventually we will all have our computers infected with a virus. Many people may not agree with that prediction or may be asking why. Well here is the why.

Most people know that they should have a virus scanner installed on their system. All virus scanners use a set of files that contain virus signatures. The exact contents of the virus signature files will vary according to vendor, but just know that the signature of a virus is the minimum information to identify it. For instance the signature may contain information such as the size of the file, a hash code of the file and the file name. The various anti‑virus product vendors will update their signature files on different schedules. Some of them update daily, others update weekly and there is at least one that updates more than once daily. If all other things are equal, the more frequent the update, the better the protection.

Most of the people that have a virus scanner also realize that they must update the signature files for the scanner to be effective. The better products allow for an automatic update that can be run daily. If you have an ‘always on’ connection such as DSL or cable, then configure your virus scanner to update the signature files in the early morning time. (Around 04:00 05:00 AM appears to be a good time.)

Now, you are saying, “I update my signature files every day”. ”I am safe”. Well, I am sorry to say that you are not safe and in fact you may be less safe than someone that does not have a virus scanner. To understand why, you need to look at the process that happens when a new virus is released.

The virus will usually make its debut in the wee hours of the morning. (They often start in Europe or Asia.) Someone at the anti-virus company will have to discover that there is a new virus. This usually happens after several systems get infected with it. Let us assume the new virus is released at 04:00 AM. If we are lucky, the anti‑virus company will be aware of it by 06:00 AM, but many times it could take much longer. The next step will be two or more hours of analyzing the virus so that it can be detected reliably. Then the anti‑virus company can produce the new signature file, test it and post it on the web site for you to download. By the time all of this is done it is at least six hours since the virus was released. Many times it can be much longer. It is even worse if the company only updates its signature files once a day or, unacceptably, once a week. This process leaves a window of no protection that is a least one day and probably most of two days after a new virus is released. If you take the attitude of “I am protected', you are being lulled into a false sense of security. You should always be on the lookout for a virus in your email messages.