All means are good for a computer virus to infect you: by surfing on the Internet, by clicking on a link, by downloading and executing an attachment, by plugging a hard disk or a USB key... Is it necessary to install an antivirus to protect yourself? Is it enough?
What is a virus and how does it spread?
Viruses can take any form. Ransomware, Trojan horses, spyware, these malicious computer programs have a single objective: to disrupt the normal functioning of a computer system without the owner's knowledge.
They can be introduced when the user browses a malicious site, installs a device or software that has not been updated, installs a pirated application, etc.
Symptoms of an infection are: abnormal slowing down or blocking of the device, windows or error messages that appear for no reason, modification of software or programs, etc.
Of course, if you have an antivirus program, it will normally be able to alert you and eliminate the virus.
What is the role of an antivirus and how does it work?
An antivirus is a computer program whose role is to identify, neutralize and even eliminate computer viruses. Originally, an antivirus is a tool against computer viruses: like biological viruses, these small programs reproduce and infect as many machines as possible.
Cybermalveillance.gouv.fr explains how antiviruses work. Antivirus software is first of all grafted onto the operating system of the device. It allows to search for viruses in what can be stored there, to enter or leave it. This concerns their memory(s) or hard disk(s), the content of messages (email), the loading of an Internet page, the reading of a removable media (USB keys, DVD...). To do this, the antivirus relies on "signature databases " which contain regularly updated virus definitions or fingerprints, and often also on analyses of abnormal behaviors (called "heuristic analyses") that could be linked to viruses.
How to use it properly?
To be effective, the antivirus must be deployed on all equipment without exception, primarily those connected to the Internet (workstations, file servers, etc.). An antivirus protects against known threats, which evolve very quickly: hundreds of thousands of malicious codes appear every day.
Threats are numerous and evolve very quickly, so it is important to keep the software itself and its signature database up to date. This database is the element that allows the identification of malicious programs and files: without its frequent update, the protection offered by the antivirus is very quickly limited.
Commercial antivirus programs offer automatic updating and automatic scanning of storage spaces: it is essential to activate these mechanisms in the settings as soon as they are available.
Moreover, if you opt for a paid antivirus, it is possible to subscribe to additional features offered by multiple publishers: firewall, web filtering, VPN, anti-phishing tools and enhanced security for banking transactions.
So, owning an antivirus seems to have many advantages if it is used correctly, but it can also present several major vulnerabilities.
A poisoned gift?
On May 9th, Cyberbrief talked about Avast and AVG vulnerabilities. The antivirus solutions signed Avast are not to be introduced anymore as they are known and used on a large number of configurations around the world. However, thanks to SentinelOne analysts, it has been revealed that all the editor's products, both Avast and AVG branded, have presented two important vulnerabilities from January 2012 to February 2022. A decade. That is, in computer science, an eternity. Once exploited, these vulnerabilities allowed a simple user, therefore non-administrator, to assume high rights on the system. This allowed him to freely modify system components, or even take control of it by bypassing the log protections