by Erik Larkin

Sure, the Web is today’s Wild West, with digital guns blazing and no sheriff in sight. But as long as you use a good antivirus program, you’re completely safe, right?

Wrong. A good security program will help a good deal, but no program can catch everything. Antivirus companies are locked into a constant battle with the bad guys, who put all their effort into staying one step ahead of antivirus detection with a flood of new techniques and programs. Security software can often deflect those threats. But sometimes, the bad guys get the upper hand.

Antivirus apps have to scramble most when faced with highly customized ‘targeted attacks.’ Crooks put a good deal more time into crafting these attacks, with smooth social engineering (ie. con job techniques) to fool the recipient into opening an e-mail attachment, for instance, and careful prep work to ensure the payload can evade antivirus protection. These targeted attacks aren’t common, but they represent a major challenge to security apps.

And then you have the vast numbers of non-targeted, run-of-the-mill malware. The bad guys spew out ridiculous numbers of variants, sometimes on the fly, to try and stay ahead of antivirus signatures. Security companies have an easier time squaring off against this technique with proactive protections that don’t require a full signature, and also (for some) with new features that can send signatures of suspicious files to online servers with larger, and more up-to-date, signature databases than can be stored on your PC. But this flood also represents a challenge to antivirus.

So don’t let your guard down just because you have a good antivirus app installed. You still need a layered defense, where the most important layer consists of knowing the threats–and dispelling the five most dangerous myths.

Next: Myth No. 3 — You can tell a fake or hacked Web site or phishing e-mail by looks alone.