September 15th, 2008 by Igor Pankov
- Your anti-virus can’t recognize every virus in existence and is consequently not equipped to provide complete protection. A variety of factors contribute to this, including reliance on virus signatures and heuristics — based instruments — that struggle with the detection of different and ever-changing virus behaviors.
- Your firewall or HIPS may have one or more of the following weaknesses. Both MAY exhibit delayed reactions to a security incident. Both can sometimes miss an unwanted/illegitimate operation simply because these solutions cannot detect every possible type of system/network operation. Leak tests, no matter how theoretical their scenarios might be, serve as a good (but not perfect) indicator of a solution’s protective thoroughness. These systems may also fail to activate when it’s most needed – when a new attack strikes.
Rootkits and system interceptors that remain invisible to the operating system and the majority of security programs can be used to hide the presence of a malware payload. Rootkits are being increasingly adopted by hackers to mask malware operations such as spam, botnets and Denial of Service (DoS) attacks.
- Security software sometimes interferes with normal operation of a PC, impacts its performance or displays alerts and action prompts that might be confusing for a normal person to respond to. It can also block WiFi connectivity or report false positives that may accidentally delete a legitimate file.
- Some security programs require that, once infected, manual remediation be used to undo the changes brought by malware – a task beyond the ability of most normal computer users.
- Your security program turns out to not be the trusted software you thought it was but instead is a rogue program that only advertises a promise to protect.
- Antispam and antiphishing solutions produce a high number of false positives, and phishing sites are so short-lived that, by the time a security company issues a security update to block the domain, the location has already harvested its share of stolen IDs and financial data and moved on.
- Theft of personal or financial data. We shop, we enter our credit card numbers and other personal details. This creates risk and the data could be abused if you’re using an unprotected PC. A keylogger could be silently monitoring your keystrokes and capturing everything that you type on your PC; later, it will communicate this information to the hacker who sent it out hunting. If you shop and the channel of communication (i.e. the web browser traffic) is not encrypted, everything that you send over the Internet is vulnerable to being copied and used without your knowledge. Your log-in passwords, email and social network accounts can also be hijacked in a similar way. Using both known and new techniques, a sophisticated hacker can eavesdrop on your Internet sessions using what’s called "man-in-the-middle" techniques to intercept and later exploit seized data. To protect yourself from such threats, it’s vital that you use a robust firewall and ensure traffic is transmitted over an encrypted route.
- Botnet infections, where the victim’s computer and Internet bandwidth are hijacked and used to harm other Internet users. Botnets are responsible for spewing out spam or phishing attacks that look like they come from the victim’s computer, and may also be used to conduct distributed Denial of Service attacks on legitimate organizations and take control of the organization’s website.
- Hackers are always on the lookout for a vulnerable PC on the network. Once found, these PCs are earmarked for later use for nefarious purposes. By using special tools to probe for exploitable machines, a hacker doesn’t target a specific host, but rather, thousands of poorly protected computers that can be amassed in a matter of minutes.