Having antivirus (AV) software on your computer is a staple. Modern antivirus offers layered protection—a cybersecurity approach that uses multiple techniques in one package to keep you safe if you download a malicious file from the Internet, find yourself worrying after clicking a link on a direct message from a non-contact on social media, or automatically open an email attachment before you can stop yourself.
An excellent AV saves you from unnecessary worry because it works. It stops bad things. And that’s why so many people want to turn it off.
Some of the reasons are obvious—while some, not so. We find out what these reasons are by listing the three likely culprits behind your AV mysteriously being off the next time you use your computer.
Ransomware has been in the news this year, but it’s been a serious threat for several years now. What many users may not realize is that ransomware attacks from a few years ago were quite different from your “common-or-garden” ransomware we see now.
A few years ago, ransomware was typically sent out in mass email campaigns. The criminals behind it hoped to catch out as many unsuspecting users as possible and charged each victim a ransom of a few hundred dollars to remove the ransomware from their computer. It was hugely inconvenient but it was a problem that tended to affect individual users rather than entire organizations.
Ransomware today isn’t a nuisance, it’s a criminal business. These days it is delivered by hand, and it’s targeted at entire companies instead of individual computers. Cybercriminal gangs break in to an organization’s network and may stay there for months before finally wreaking havoc. Before the wreaking, the group performing the attack want to maximise the chances of their attack succeeding. They do that by turning themselves into users with the power to turn off the victim company’s antivirus software, if they can.
Malware (malicious software) is a possible second culprit as to why your AV is turned off for some reason.
No surprise here.
Malware and antivirus similarly dislike each other. Normally, the only way they can co-exist on your computer is if the former is in quarantine. Malware authors know this, which is why some of them have successfully kitted their malicious software to try to disable, if not completely uninstall, antivirus on any computers it infects. With AV out of the way, the malware is free to harm any systems it’s on, as it was programmed to.
We see this capability most often in Trojan malware, malicious software that pretends to be something important—like an update to a program you use—but does insidious things on your computer when run. LemonDuck, an advanced cryptominer, is an example of a Trojan programmed to try to uninstall antivirus.
Although the hackers who run ransomware will often try to disable antivirus manually (as we said in the first section), some ransomware also has the ability to disable antivirus programmed in to it, including MegaCortex, PYSA, Ragnar Locker, and REvil.
3. Insiders (friends and family)
We often write about insider threats on this site—individuals who, often unknowingly, put their employer at risk. Believe it or not, insider threats exist at home too (for lack of a better term, we will stick to calling them “insiders” here).
Who might these be, you ask? They could be your kids, other family members who live with you, or—perhaps in certain circumstances—an insider could be you.
Which begs the question: Why would any of them turn off your antivirus? Often because they are erroneously advised to.
“Back in the earlier days of gaming, it was common to see antivirus programs quarantine game files,” says Chris Boyd, Lead Malware Intelligence Analyst for Malwarebytes.
“PCs with limited system resources would find the strain of games running alongside security programs a bit too much to handle. As a result, ‘Turn off your antivirus’ became a common sight on gaming forums and in accepted wisdom generally.” And it wasn’t just gaming. “Turn off your AV” was often the first thing that you’d be asked to do if you phoned tech support or read the troubleshooting section of your manual, for any piece of software.
“These days, you should never have to turn off your security solutions in order to have a quick round of Fortnite or a long session of Elder Scrolls Online”, says Boyd.
Still, the bad advice persists.
Another reason people willingly disable AV is to stop antivirus alerts when they’re installing software on shared computers.
You might be smart enough to know that an antivirus warning is a bad sign, but if you’re not the only user of the computer, and the other users really want to install something, there’s a chance they’re simply going to see security pop-ups as a hinderance and shoot the messenger by turning off the AV.
So, while a mysteriously disabled antivirus can be the handy work of hackers and malware with bad intentions, the culprit is sometimes a lot closer to home, and the motive less nefarious.
However it happens, the result is the same: You are left unprotected. Your antivirus software isn’t going to do any good if it’s turned off, so keep it safe to keep yourself safe.
The post The 3 biggest threats reaching for your antivirus software’s off switch appeared first on Malwarebytes Labs.