Antivirus software is a fundamental piece of your cyber security setup.

Traditional antivirus software is designed to recognize and stop bad software — “malware” — from getting on your computer. This includes things like worms, malicious websites, automated hacking attacks, and yes, even viruses.

And that’s a really good first step, but we need to go further. More on that in a minute. But first:

Known bad stuff

Traditional antivirus software works with signatures of known-bad software.

It works like this: A new piece of malware comes out, infects some computers, and the AV company gets a sample. They create a signature and rules for the malware, then push out updates to all its clients (the software on your computer). The clients get the update, search your computer for the bad stuff and either block it from attacking at all, or attempt to remove it if it’s already there.

This system has been in place for years, and it’s generally worked reasonably well.

However, there are two big problems with the “signature” approach to antivirus:

  • Building signatures is a responsive approach. The Bad Thing is already out in the wild, doing harm, before the AV company even begins to respond to it.
  • Two words: “polymorphic wrappers.” Hackers take existing malware that already has signatures for it, and wrap it in new code to slip past your AV. This technique is ridiculously easy and is getting more play all the time.

Unknown bad stuff

So how do we stop malware that we don’t know about? That’s where the second layer of AV protection comes in.

There’s an emerging type of AV software that monitors the behavior of software on your computer. It looks for processes that are abnormal or potentially dangerous, and stops those processes before they have a chance to harm your machine.

How to set up your antivirus

When we combine both these kinds of antivirus software — the traditional and the heuristic — we get the best protection currently available. Here’s how to do it:

  • Use Sophos Home antivirus. It’s the exact same stuff that they sell to corporations, but it’s free for up to 10 personal computers and comes with a web-based interface so you can keep tabs on what’s going on with all your computers at once.
  • Combine that with Malwarebytes Premium. It’s $40/year (msp; Save money on Malwarebytes Premium), but it’s absolutely outstanding protection.

Pro-tip #1: Sophos doesn’t like finding Malwarebytes already on your computer. Install Sophos first, and it’s no problem!

Pro-tip #2: Configure both Malwarebytes and Sophos to automatically update, scan, and remove bad things from your computer. Just like with seat belts, automatic protection is the best protection.

Want some help setting this stuff up or fine-tuning it? Drop me a line, and I’ll be happy to get you squared away!