CLOUDY podcast | #14 Why is a regular antivirus not enough?
- News
What is antivirus good for?
Simply to protect ourselves. I've thought long and hard about an analogy I could use and it's exactly the same as a seat belt in a car. It's nice to have it, ideally never needing it, but what if something happens?
We never know what will happen to the computer, who can do what in what way. Antivirus or other security software serves to protect us.
We have different versions of antiviruses, different extensions and free versions, which version would you recommend?
Well, first of all, you need to evaluate what you need. Each of us has a different day job and different device usage. For some, a commonly available antivirus may be enough, but in today's online era, I would rather go for a solution called EDR (Endpoint Detection Response) or a more technically advanced antivirus.
For myself, I would definitely choose the more complicated, paid option because it provides us with much greater options.
So what is the difference between EDR and antivirus?
Antivirus as such is only one element of EDR. Imagine when a lot of people come to a club or an event. Usually there is a gentleman standing by the door with a paper with the names of those who can and cannot go in written on it. In this sense, it will be a list of people who are not allowed to enter.
The antivirus that compares signatures already has clearly defined malicious codes. So he gets a piece of paper in his hand saying that he must not let these people in. He can have a list of thirty people, and when the thirty-first person is, say, a dangerous criminal with a bomb on his chest, the antivirus will look at the list, find out that the person is not on the banned list, and let him in.
And EDR is the opposite version, a gentleman stands at the door with a list of banned people and next to him stands a person who gives him an updated list at some time interval whenever something new appears. In addition, they have a special room where they move someone who is suspicious, where they check him, go through a detector, etc.
So EDR scans data, compares and examines behavior in real time. EDR learns and can respond promptly. If it's not sure about something, it prefers to stop the file/program and check it, and if it's OK, release it. He looks between the user's fingers, so to speak. He knows him and knows that he does not normally do certain activities, so he prefers to stop the process and check.
When I have the free version available and I have the paid version, why should I choose the paid version and not save money?
Well, it's never free. If we don't pay, someone else will. It looks free for us, but in this case, when the antivirus is free, the first option is that I only get basic protection, but the problem is that the antivirus is only maintained, not updated. In practice, this means that updates are slower, the response to threats is not as fast.
Furthermore, there may also be a case where someone else pays for it. Either, in the best case for us, it can mean "just" some advertisement that basically just annoys us, and then there is a worse version, since the antivirus or EDR collects data for its functionality, so it can send it further.
What exactly is the virus? Are they just data leaks, for example? Can it permanently damage my device?
Well, there are countless attacks. One type of attack is ransomware with an effort to disable access to data and blackmail to make data available. Then we have, for example, the use of a virus - it is, for example, malicious code such as a keylogger. When placed on our device, it collects, say, passwords and can take over an account. I don't want to exaggerate, but identity can be stolen that way.
The most common way I get a virus is by clicking on a link in an email, in a text message or bringing it with me on a USB stick.
Can I infect my devices with a virus, for example, through Wi-Fi? For example, my laptop has already been attacked, and if I connect to the Wi-Fi at home, will I also endanger other members of the household?
It depends on the virus, but nowadays the attacks and the code is written in such a way that it can happen. As the offense evolves, so does the defense. So it's an endless battle.
Who takes care of security in the cloud?
The provider itself protects their side so that nothing happens to them. That is, on their devices, where they are stored. But it doesn't protect my data in the sense of what I put there.
When I upload something to the cloud, for example a virus, the provider does not catch it in the first moment. In a time, the control will come there, but the responsibility is definitely on me as well. I can't upload anything anywhere.
You can listen to the entire podcast on Spotify or watch it on YouTube.
