3 Things Your Antivirus Doesn’t Take Care Of

Gavin Phillips 11-04-2016

Installing and updating an antivirus program is understandably drilled into us. Younger Internet users will not remember a time without antivirus programs and the constant background threat of malware and phishing attacks, forcing us to be wise with our digital security. Just as there are many ways to infect your system, so there are numerous antivirus programs who deign to keep your system secure, safe, and sheltered.


Antivirus programs offer largely the same bundle Compare Your Anti-Virus' Performance with These 5 Top Sites Which anti-virus software should use? Which is the "best"? Here we take a look at five of the best online resources for checking anti-virus performance, to help you make an informed decision. Read More to their users: system scans, real-time protection How to Use Windows Defender Malware Protection on Windows 10 Like any Windows operating system, Windows 10 is open to abuse and vulnerable to online threats. Security software is mandatory. Windows Defender is a good place to start and we guide you through the setup. Read More , quarantining and deletion, process scanning, and so on. Modern antivirus software packages also utilize heuristic analysis of files Control Your Web Content: Essential Extensions to Block Tracking and Scripts The truth is, there is always someone or something monitoring your Internet activity and content. Ultimately, the less information we let these groups have the safer we'll be. Read More and system processes, whereby the antivirus can recognize a pattern of behavior common to suspected malicious material, and put a stop to it.

Antivirus can do all of these things. In some cases, it’ll stop the attackers at the door. In others, it’ll assist with the clear-up operation. But what doesn’t your antivirus take care of? Which aspects of your antivirus could leave you or your business exposed, even when you’ve installed and updated?

Compromised Devices

The significant increase in personal devices such as smartphones, tablets, and laptops has created a vulnerability in network security somewhat outside the traditional control of antivirus software.

Many businesses operate Bring Your Own Device (BYOD) schemes in the workplace, allowing their employees to bring personal devices into the business environment. Any employee device harboring a virus could spread their own infection throughout the local network. Similarly, a guest connecting to your home network in similar circumstances could see your own devices infected.

Businesses can mitigate BYOD vulnerabilities by tightening their network security Why You Should Replace Microsoft Security Essentials With A Proper Antivirus Read More , upgrading to a dedicated Firewall service Which Free Firewall For Windows Is Best For You? We place emphasis on antivirus and malware removal, but don't ignore firewalls. Let's take a look at the best free Windows firewalls, comparing ease of setup, ease of use, and availability of features. Read More , patching security holes and updating vulnerabilities. It may also be prudent to enforce a company-wide antivirus and malware scan for new and existing devices, using a company-approved application.


However, it is in some ways more difficult for home users to stop compromised devices entering their personal network. Short of espousing the importance of network and system security to everyone that enters our homes, we can only hope the people around us are sensible, and alert to potential threats The 5 Best Free Internet Security Software for Windows Need antivirus, anti-malware, and real-time security? Here are the best free internet security software for Windows. Read More . Unfortunately, this isn’t always the case.

Insider Threat?

Along with the potential BYOD vulnerability, an insider threat might act from within your walls, exploiting their internal access to your network. If someone on the inside of your organization decides they want to deliver a nasty surprise to you and other colleagues, they very well might succeed. There are different types of insider threat:

  • Malicious insiders are somewhat rare, but usually have potential to cause the most damage. Administrators can be especially risky.
  • Exploited insiders are usually tricked or coerced into providing data or passwords to a malicious third-party.
  • Careless Insiders are those who click without thinking, perhaps opening a cleverly (or not!) designed phishing email, spoofed as a company email address.

Insider threats are particularly difficult to mitigate against as there is no single pattern of behavior to potentially expose an upcoming attack. An attacker may be driven by multiple reasons:

  • IP Theft: Stealing intellectual property from an organization or individual.
  • Espionage: Uncovering classified or sensitive organizational information, trade secrets, intellectual properties or personal data to gain an advantage or use as a basis for coercion.
  • Fraud: Appropriating, modifying, or distributing organizational or personal data for personal gain.
  • Sabotage: Using internal access to levy specific system damage.

In a world where data reigns supreme, individuals in and out of the workplace now have greater access to critical information and critical systems, as well as a host of outlets to leak information to. This places trust at the forefront of the security battle, relegating antivirus software to a backup, endpoint role.


“The U.S. economy has changed over the past 20 years. Intellectual capital, rather than physical assets, now represent the bulk of a U.S. corporation’s value. This shift has made corporate assets far more susceptible to espionage.”

Understanding the threat landscape The 6 Most Dangerous Security Threats of 2015 Cyber-attacks continue to grow in 2015, with 425,000,000 malware attacks in circulation. Of this vast amount, some is more important than others. Here's our rundown of the five most significant so far this year…. Read More is just one aspect of the battle against insider threats, and is by no means the last!


Advanced Persistent Threats usually pass undetected, waiting for the right moment to strike. The malware or virus Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Read More could be introduced to a system weeks or months before becoming operational, laying dormant, awaiting instruction from a remote controller. APTs are usually the signature of an advanced team of professional hackers, potentially working as part of a larger organization or with a nation-state backer.

A malicious entity deploying an APT will typically attempt to pilfer intellectual property, classified or sensitive information, trade secrets, financial data, or anything else that could be used to damage or blackmail the victim(s).

A typical example of an APT is a Remote Access Trojan (RAT). The malware package lays dormant, but when activated, offers a remote controller operational privileges to gather as much information as possible before detection. However, it is the detection that becomes difficult The Complete Malware Removal Guide Malware is everywhere these days, and eradicating malware from your system is a lengthy process, requiring guidance. If you think your computer is infected, this is the guide you need. Read More . The RAT usually contains advanced network protocols to establish communications with the remote controller. Once a communication channel is established, the information being passed doesn’t contain any actual malware or malicious code, leaving antivirus software and some firewall services completely in the dark.


Here are a few basic APT detection methods:

  • An increase in late-night elevated log-ons. If your workforce is active during the day, but you close the office at night, a sudden surge in late-night administrator access could be the sign of an ongoing operation.
  • Network wide backdoor Trojans, of similar variety. The APT hackers may have installed a wide range of Trojans throughout the local network, granting access to your system if their primary attack vector is discovered. You shut down and clean one system, but they already have access to the one next to it.
  • Large or unexpected data transmissions, coming from unexpected sources, being transferred to an unexpected or undiscoverable end address.
  • The discovery of unexpected data collections, of data that shouldn’t be concentrated in a single location. It may also be have been archived with an unused or obscure archive format.
  • A higher-than-usual number of reported spear-phishing attempts. If someone has mistakenly clicked, it could be worth checking the other signs.

Core to picking up an attempted or ongoing ATP attack is understanding what your data flow looks like prior to any suspected issues, so it is worthwhile taking a moment to understand some of the finer-points of your network.

Unknown Malware

Attackers are savvy. Before unleashing a new malware variant any would-be attacker will thoroughly test their application against common and advanced antivirus software to make sure it won’t fall at the first hurdle. As with most forms of development (and indeed, life), why go to the trouble of developing the malware, taking precautions to protect their identities, curating an extensive range of attack vectors, only to be immediately shot down?


PandaLabs, creators of Panda Security, detected and neutralized more than “84 million new malware samples throughout 2015” – nine million more than 2014. The figure means there were more than “230,000 new malware samples produced daily” over the course of the year. Earlier last year Symantec announced similar findings, though their daily figure was significantly higher, coming in at around 480,000 per day, while AV-TEST estimate total malware instances have risen from under 400 million, to over 500 million in the period April 2015 to March 2016.

While the numbers vary, the growth and underlying significance is very real. Malware developers are constantly updating and releasing malicious code, tweaking their packages to exploit vulnerabilities as they are discovered, and long before they are patched.

Do You Need Antivirus?

In a word, yes The Best Antivirus Software for Windows 10 Want to tighten security on your PC? Here are the best antivirus software options for Windows 10. Read More . Although many security researchers contend antivirus is becoming an endpoint, only useful for removal, your system should still have a base level of protection How to Spot Fake Antivirus and System Cleaning Apps Fake "antivirus" apps that pretend to find malware so you'll buy the premium version of the app are on the rise, and increasingly targeting Mac users. Here are a few tips for identifying these apps... Read More . Depending on your activities, you’ll likely know whether you need something more advanced, but riding the Internet waves without a wetsuit could leave you feeling cold.

It isn’t enough just to “have” the antivirus either. Update it regularly. Security companies are constantly updating their signature databases and, as with the numbers of new malware appearing increasing, you’ll want at least attempt to remain ahead of the curve Do You Need Antivirus Apps on Android? What About iPhone? Does Android need antivirus apps? What about your iPhone? Here's why smartphone security apps are important. Read More . So, keep it running, and you’ll at least catch some of the already known attackers knocking at your door.

Do you obsessively update your antivirus? Or do you brave the Internet without protection? Let us know below!

Related topics: Anti-Malware, Antivirus, Trojan Horse.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. rc primak
    May 3, 2016 at 4:36 am

    The one thing which may help on top of antivirus is browser hardening. that and Application Restrictions, like those applied by EMET for Wkindows or AppArmor for Linux.

    Browsers can be hardened simply by blocking ads and other Flash content, and limiting scripts to known safe sites (whitelisting).

    A HIPS Firewall may have helped in the past, but these aren 't offering much additional protection since Windows 8. Windows 10 has an adequate firewall feature of its own. In the Pro Edition, further refinements are available by restricting Group Policies and blocking and stealthing unneeded ports. Again, not much of an improvement over hardening the browser, but this is yet another layer of protection which is not too difficult to set up.

    Come to think of it, these methods of restricting outbound and inbound communications also might help reduce Widnows 10 spying (telemetry and other forms of phoning home to MS servers for non -updating purposes).

  2. Anonymous
    April 16, 2016 at 7:06 am

    Setting up your router to use OpenDNS is a good start. It blocks access to known malicious sites and if you setup a free account you can block sites by categories and add websites to block or always allow.

    If you're tech savvy you can drop a free firewall like Sophos UTM, Untangle, pfSense, etc, onto an old PC and drop it in between your modem and router.

    Sophos UTM let's you block by countries easily, has a built in IPS that uses Snort signatures, and has many other features.

  3. Gozer
    April 12, 2016 at 5:45 pm

    My ESET antivirus updates itself all by itself all the time. I get little balloons informing me that it has either updated its software or the virus list it uses at the bottom of my screen. Same for Superantispyware, a secondary software I use that works well with ESET.

    • Gavin
      April 16, 2016 at 1:44 pm

      Indeed. Some people turn off automatic updates because they run at inconvenient times, but then forget to manually update, creating a security hole.

      • rc primak
        May 3, 2016 at 4:39 am

        The only security which is effective is security which is applied vigilantly. Indeed, most end users forget anything which is not running automatically. Maybe that's why Windows 10 has moved to automatic security updating.

        • Drew Peacock
          October 7, 2019 at 5:53 am

          Rc Primak, over 3 years late... I can understand why Windows 10 went with automatic updates, but the execution was atrocious. Their cumulative updates are so damn large (usually 300MB or larger) they take a long time to install. If Windows only automatically updated Defender and patched OS vulnerabilities and vulnerabilities of installed programs then I could live with automatic updating, but as things stand these automatic updates take too long to install. And instead of releasing all the updates once a month on Patch Tuesday, it would make more sense to release smaller updates throughout the month. I read that from the spring of 2020, users will be presented optional updates that won't be forced on them. That's an improvement, although it's simply going back to the way things used to be before Windows went insane.

  4. Jay Barney
    April 12, 2016 at 5:42 am

    Lying, not laying. Intransitive.

    • Gavin
      April 16, 2016 at 1:25 pm

      Gosh darn, you're right.

  5. Secprofeesional
    April 11, 2016 at 4:49 pm

    Firewalls aren't a good method of stopping viruses. Viruses are often targeted at known good services/ports that are allowed through the firewall. Intrusion prevention, host and network based, looks for anomolies in allowed traffic. Some firewalls offer intrusion prevention features. Using an Internet protection suite, i.e. Norton Internet Security, Kaspwersky's Internet suite, etc. includes IPS and other reputation based protection beyond just anti virus. AV is just one of several security layers you should be using.