Current Antivirus Software is Not Enough

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

The purpose of antivirus protection on a computer is to prevent the entrance of viruses. There is certainly good reason for using such software, as there are a great number of viruses which are capable of seriously damaging the data held on the infected system. We have recently seen the appearance of other types of malicious code which do not necessarily destroy the system’s information, or at least not directly, but which should nevertheless be targeted by antivirus software.

A few years ago, when viruses alone constituted the most important threat faced by computers, a new category of specialist software was developed to combat this threat: antivirus programs. The subsequent proliferation of other threats, such as worms and Trojan horses, led to the incorporation of new features in antivirus software in order to protect systems from these threats. While the name “antivirus software” remained, the protection these programs offered needed to be widened to include other elements which were not viruses in the strict sense of the word. For example, according to the strict definition of a worm this is a piece of code which seeks only to multiply, without damaging the information held on the computers which it uses as a platform (the typical behavior of a virus). In this case, and ignoring for a moment that many worms also alter information, an antivirus program should not concern itself with this sort of code, as the system data would be safe.

In reality, antivirus software does detect and eliminate worms, as these not only propagate themselves but usually also cause damage on the computers which they infect. Detecting worms is vital because they can cause entire email systems to collapse in a matter of minutes, and the damage this causes, while indirect, is very noticeable and, what’s more, can be quantified in financial terms.

The same applies to Trojan horses. While they are not damaging in themselves, there is the possibility that a hacker may use them to carry out damaging actions either on the computer on which they have been installed or on others which the attacker is able access via the infected system.

These three types of harmful software have now been joined by others (I’m not just referring to executable code) which can cause problems or losses of various types on a computer system. This is the software known by the collective name of “Malware”; a term formed by combining the words “Malicious” and “Software”. This concept encompasses spyware, adware, jokes, spam, etc: anything which causes a system to perform tasks which create inconvenience for the user or which are performed without his or her realizing it. In sum, malware is any software which maliciously violates the privacy of a user or computer system or diminishes productivity for financial gain.

Invasion of privacy is one of the effects of adware and spyware, which obtain information without consent. Spam and some hoaxes involve sending emails to users in order to achieve financial gain, and can have a dramatic effect on productivity.

The appearance of these types of malware has meant that antivirus programs have had to take another leap forward to improve the protection they offer users. While the term “antivirus software” would appear to imply that such software only protects against viruses, its range of functions has once again been widened, just as happened when worms and Trojan horses first appeared.


It is often argued that spam is not a type of malware, as it does not contain any software. While this may be true, spam can still be very harmful, if only because of the space it occupies on computers and servers, and the time which has to be spent deleting it. If a company’s employee spends 5 minutes a day deleting unwanted emails, it is easy to calculate the financial impact of this; over the course of a year, 5 minutes a day are the equivalent of more than two working days dedicated solely to deleting spam (on the basis of 8 hours a day, and 200 working days a year). You only need to work out the average daily salary of the company’s employees to see just how much money can be lost as a result.

(Of course, the above calculation could also be used to argue that the coffee machine is one of the greatest causes of losses in any business, as more time is usually spent taking coffee than deleting spam. However, drinking coffee is something which employees enjoy, while the resultant caffeine intake is good for the company’s productivity; by contrast, deleting unwanted emails is not something which anyone likes doing.)

Junk mail has a series of characteristics which make it relatively easy to identify. Almost all of them use very similar messages to try to persuade the user to buy something. Specialized software can use the structure and content of these messages to create a profile of the emails received, and can then use this profile to classify some mail as spam.

The main challenge when creating such profiles is how to avoid labeling as spam messages which are users actually need to receive. For example, it would not be possible to systematically delete any email containing the word “Viagra”, which frequently appears in spam, as in some circumstances this word could appear in a legitimate email. So the analysis must be based on more than one word, or on the appearance of combinations of words or email formats.

A good system for detecting unwanted emails must be capable of learning. In other words, when the system incorrectly identifies a message as being spam, it should be able to “study” the message and learn which characteristics make it of interest to the user. Then, when similar messages are received in the future the system will not reject them.

The system also needs to be able to learn in the opposite situation: that of so-called “false negatives”. Where a user wishes to receive a certain type of email – which in principle could be classified as spam – the system should recognize the characteristics of these and allow the user to receive them. We should not forget that most spam consists of offers and other business communication which could be of interest to the user.


Spyware and adware are types of harmful software which are used by some unscrupulous individuals to spy on the behavior of Internet users. These applications, also called “spy programs”, are a form of malware, as they invade people’s privacy when using the internet.

Spyware and adware focus mainly on how users click on certain types of advert, and on the time users spend viewing web pages. This data and the email address of the user who is being spied on are then used to create user profiles which are sent to the creators of the spy program. This information is incorporated in large databases of detailed consumer profiles, and these are then sold to advertisers.


There are still numerous myths going around on the Internet describing the terrible disasters which will befall our computers if we open an email with a particular subject line: hard disks will be erased, monitors will be damaged, broadband connections will be rendered unusable, etc.

The great majority of information circulating on the Internet warning people about new viruses is completely false; such rumors, generally spread via email, are referred to as “hoaxes”. Somebody wants to play a trick and sends the hoax out to everyone he knows, asking them to send the message on to everyone in their address book. What does the hoaxer gain from this? Sometimes this is done for entertainment alone, while others reap the benefit at the end: the addresses obtained from sending and resending hundreds of emails are used to create huge distribution lists which can then be used in an advertising emailing, for example.

In situations of uncertainty or where there is already, for example, widespread fear of terrorist attacks, this can degenerate into all-out panic, helping false alarms to proliferate. For this reason it is important to draw a clear distinction between genuine virus alerts and hoaxes.

The whole problem of hoaxes is much more serious and more difficult to combat than one might think, with many of them circulating freely on the internet, and with all attempts to control them apparently doomed to failure. In fact, many experts believe that putting a stop to them is more or less impossible, although we can all help to reduce the number of hoaxes circulating on the internet.

While false virus alarms are perhaps the favorite method used by internet tricksters, It is also worth distinguishing other types of rumor in order to ensure that the issues are not confused yet further. Many of these are little more than varieties of hoax, but others may have a range of implications which can endanger the security of computer systems.

Hoaxes are really a type of “urban legend” which have flourished in tandem with the expansion of means of communication such as the internet. This gives rise to different types of rumors, and these can be classified according to their subject matter and the type of message they generate.

The reasons for combating such rumors are obvious: not only do they waste time, like spam, but they also create a state of alarm and worry which is harmful to both companies (and their employees) and to home users.


The antivirus protection installed in most companies does an excellent job of protecting against viruses, worms and Trojan horses. However, in today’s world we also need to fight many other threats which, while they may not directly damage our computer systems, can cause other indirect damage.

Properly-installed security must address much more than just viruses, and this will lead to higher productivity for everyone and peace of mind for all those concerned with security issues.