Many of my friends ask me: which antivirus should I choose? What
is the name of best antivirus? Shall I pay for an antivirus or use a free one?
Is this particular antivirus going to slow the performance of my pc? Is it
necessary that I update my antivirus program each day?
Too many questions, with no correct answer!
Have you ever asked yourself how does the Antivirus software detect and catch Viruses?
Anti-Malware
Anti-Malware software or as people call it Antivirus Program (AVP) is a protective software designed to prevent, detect, and remove MALWARE. There are two methods to detect viruses: specific and generic.
Specific Detection Method:
In the specific (traditional) method detection, the antivirus is required to have some predefined information about some viruses (virus database). Only then, the AVP searches the scanned files for the presence of certain strings and known patterns of data similar to the ones it has in its database. If there is a match then a virus is found. (This type of scanning is called: Signature Based Scanning)
Suppose a new virus is born, in older days there was an average delay of 14 days before vendors were able to update their database with a new virus signature to be able to detect and clean the new virus. Nowadays because vendors have introduced the "File Submission Process" where people allow their AVP to submit suspicious files to vendors for further analysis, it takes a maximum of 2 days for virus database signatures update to cover this new virus.
That is why updating the antivirus definitions is very crucial In order to decrease the chances of getting a malware infection. However, it is possible for a computer to be infected with new malware for which no signature is yet developed.
Generic Detection Method:
Generic detection method is based on the standard and common characteristics of the virus, so theoretically they are able to detect all viruses, including the new and unknown ones. And since it doesn't depend on previous knowledge of the virus signatures, it requires no signature update. Examples of this method include: Heuristic Based Scan, Artificial Intelligence (Behavioral Antivirus Programs), Threat Sense Technology,
In generic detection method the AVP searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as viruses.
The only problem with scanners that use this method is that they sometimes blame innocent programs for being contaminated by a virus. This is called a "False Positive" or "False Alarm". For example, a legitimate Disk Format Utility is flagged by a generic "Heuristic Based Scan" as having: Memory Resident Codes, Disk Write Access, Overwriting Abilities, and thus your AVP screams: VIRUS!
The Cleaning Process:
The Virus is a program by itself, this program adds itself to the programs it aims to infect, so as a result the size of the infected program increases duo to the addition of the viral code. When the program is executed, the viral code is also executed and the infection continues to grow. (while infecting a new file some of the original file bytes are overwritten by bytes from the virus code itself, but these old bytes are stored within the virus code since the virus have to keep the original file executable).
In the cleaning process the AVP cleaner searches for the original file bytes from within the viral code and returns them to its original location, removes the viral code, and then truncates the file to it's original size. That being said: To clean an infected file, the AVP whether using the Specific or the Generic detection method has to know the virus in order to remove it. If the AVP removes bytes that should not be removed, the integrity of the file will be lost, and it the file might function incorrectly or even stops functioning at all.
In conclusion, there is nothing such as the Best Antivirus; the good AVP is one that uses the generic detection method along with a signature base scanner. You are to chose what suites your needs, and always keep in mind that utilizing an AVP and keeping it updated is the best way of decreasing and not eliminating the chances of getting a malware infection.
My next post will address wireless routers: Security and safety measures.
Too many questions, with no correct answer!
Have you ever asked yourself how does the Antivirus software detect and catch Viruses?
Anti-Malware
Anti-Malware software or as people call it Antivirus Program (AVP) is a protective software designed to prevent, detect, and remove MALWARE. There are two methods to detect viruses: specific and generic.
Specific Detection Method:
In the specific (traditional) method detection, the antivirus is required to have some predefined information about some viruses (virus database). Only then, the AVP searches the scanned files for the presence of certain strings and known patterns of data similar to the ones it has in its database. If there is a match then a virus is found. (This type of scanning is called: Signature Based Scanning)
Suppose a new virus is born, in older days there was an average delay of 14 days before vendors were able to update their database with a new virus signature to be able to detect and clean the new virus. Nowadays because vendors have introduced the "File Submission Process" where people allow their AVP to submit suspicious files to vendors for further analysis, it takes a maximum of 2 days for virus database signatures update to cover this new virus.
That is why updating the antivirus definitions is very crucial In order to decrease the chances of getting a malware infection. However, it is possible for a computer to be infected with new malware for which no signature is yet developed.
Generic Detection Method:
Generic detection method is based on the standard and common characteristics of the virus, so theoretically they are able to detect all viruses, including the new and unknown ones. And since it doesn't depend on previous knowledge of the virus signatures, it requires no signature update. Examples of this method include: Heuristic Based Scan, Artificial Intelligence (Behavioral Antivirus Programs), Threat Sense Technology,
In generic detection method the AVP searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as viruses.
When a file is being analyzed by an AVP that uses
generic detection method, a flag is created for each suspected ability (Suspicious file access, Suspicious Memory Allocation, Memory
resident code, Wrong name extension, Disk write access, Contains a routine to
search for executable, Incorrect timestamp etc….) The more flags that are
triggered by a file, the more likely it is that the file is infected by a
virus.
The only problem with scanners that use this method is that they sometimes blame innocent programs for being contaminated by a virus. This is called a "False Positive" or "False Alarm". For example, a legitimate Disk Format Utility is flagged by a generic "Heuristic Based Scan" as having: Memory Resident Codes, Disk Write Access, Overwriting Abilities, and thus your AVP screams: VIRUS!
The Cleaning Process:
The Virus is a program by itself, this program adds itself to the programs it aims to infect, so as a result the size of the infected program increases duo to the addition of the viral code. When the program is executed, the viral code is also executed and the infection continues to grow. (while infecting a new file some of the original file bytes are overwritten by bytes from the virus code itself, but these old bytes are stored within the virus code since the virus have to keep the original file executable).
In the cleaning process the AVP cleaner searches for the original file bytes from within the viral code and returns them to its original location, removes the viral code, and then truncates the file to it's original size. That being said: To clean an infected file, the AVP whether using the Specific or the Generic detection method has to know the virus in order to remove it. If the AVP removes bytes that should not be removed, the integrity of the file will be lost, and it the file might function incorrectly or even stops functioning at all.
In conclusion, there is nothing such as the Best Antivirus; the good AVP is one that uses the generic detection method along with a signature base scanner. You are to chose what suites your needs, and always keep in mind that utilizing an AVP and keeping it updated is the best way of decreasing and not eliminating the chances of getting a malware infection.
My next post will address wireless routers: Security and safety measures.
V.important info
ReplyDeletethanks ahmeto ;)