In the previous article, we reviewed strategies for keeping systems up to date and dealing with malicious ads. In this article, we will review backups and antivirus software.
Make good back-ups
For most of us, this means cloud backups. Both Apple (iCloud backup) and Microsoft (OneDrive, part of Office 365) offer backup solutions that are economical for most uses, but there are other cloud solutions like Dropbox and Backblaze that make good alternatives. If you really wish to avoid the cloud, you need a sophisticated backup plan that includes rotating media that is kept offline should one of the pieces of media fail or be corrupted by malicious software. No matter what solution you use, cloud or offline media, a good backup plan means you occasionally move or rename a folder and test restoring it.
Antivirus software can actually be harmful
A facile explanation of antivirus software is that it has a block list of signatures of malicious files. Anytime you attempt to run a program or open a file, the antivirus program inspects the file first, and if it matches the block list, then the action is stopped. This is much the same way that a spam filter might screen messages, attempting to block bad emails based on searches for bad words on a block list. As you may have noticed, with malicious emails with creative misspellings, the filters can be bypassed with alterations of a message, and a very similar thing can happen with viruses. Security protections based on block lists cannot keep up with attacks.
There are some additional problems with antivirus programs. Because they have to stop your system from opening files and running programs, they must have extraordinary system privileges. Unfortunately, they are also programs, and just like any other program on your system, they can be attacked. Virus writers have found a number of ways to do so: they have written viruses to infect antivirus software, they have injected malicious update files over the internet, and they have bribed and threatened employees of antivirus companies in foreign countries.
For all those reasons, I recommend only using antivirus software from your OS vendor. Apple’s OS comes with very good antivirus built-in, and likewise, for Windows, use the built in Microsoft Defender software. For Windows systems, hardware vendors receive money to install and bundle antivirus software from a number of companies, uninstall those programs, and use Microsoft Defender instead. I recognize this advice is contrary to much you may have heard, so have included some links to some news sources that might help inform your own research.
Allow lists is the future of security
Many will ask, if block lists such as antivirus programs cannot protect systems, how can we stay safe? The answer to this security issue is to change the paradigm of system security from running any program that is not on a block list to instead run no software, unless it is on an allow list. (Default block instead of default allow.) This is already how your phone and tablet provide security unless you have jailbroken it. (And why security is so terrible on jailbroken phones.) In the normal functioning of an iPhone or Android phone, you cannot go to any website to download & install a program, nor install from a disk. To get a new program, you go to Apple or Google’s App Store, where the only programs are ones that have been inspected in advance by the security team and digitally signed by the publisher. In addition, if a program or updated program is later found to cause issues or be malicious, the app store can remove that program for the security of your system. Chromebooks and Windows 11 in S mode take the same approach, only allowing software from their stores.
This also is a good security practice for our Apple & Windows systems. Don’t install any software outside the Mac App Store for MacOS, and the Microsoft Store for Windows, and you will greatly increase the security of your system. There may be minor exceptions, such as the Chrome web browser, but they should be very rare and only from very trusted sources. Hopefully, in the near future, there will be no need for exceptions, much like our phones and tablets today.
Avoid potentially malicious data files
Stick to Office documents that do not contain macros or other potentially malicious software. The correct ending for modern office documents is four characters long and ends with x, such as .docx, .xlsx, and .ptpx. Office documents that end with m, such as .docm and .xlsm, are Maco-enabled and are not safe to be downloaded, emailed, or shared. Special caution should also be used with encrypted files found on websites or emails, such as encrypted .zip files, since their encryption prevents scanning by antivirus and other security systems.
Select links on Antivirus issues
“Almost Every Antivirus Software Program Can Be Exploited, Researchers Say”
https://cisomag.com/almost-every-antivirus-software-program-can-be-exploited-researchers-say/
“New Flaws in Top Antivirus Software Could Make Computers More Vulnerable”
https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html
“Attacking Antivirus”
https://www.blackhat.com/presentations/bh-europe-08/Feng-Xue/Whitepaper/bh-eu-08-xue-WP.pdf
“Hackers infect users of antivirus service that delivered updates over HTTP”
https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/
Disclaimer: This article’s technical tips are meant to provide helpful alerts and general awareness of the issues raised in this article. We cannot be held liable for any issues that may arise from following our recommendations. We recommend that each group find a skilled technical team to advise and help in a manner tailored to individual needs and circumstances.