Antivirus software prevents the corruption of operating systems or computers by detecting malicious content, commonly known as malware. It rids the computer of malware and protects the system from different types of malwares, be it Trojans, viruses, rootkits, worms, etc. antivirus software is a tool in addition to the security system provided by the operating system. In most scenarios, it is used as a preventative solution.
Different techniques are used to identify malware, which often comes with self-protecting capabilities and stays hidden within the operating system. In the case of advanced malware, undocumented operating system functionalities and incomprehensible techniques are used to avoid detection and persist. The attack surface is vast these days, hence antivirus software is designed to detect malicious content from trusted and untrusted sources. Every personal or work computer runs on some or the other antivirus software. Users come across scanning and updates which are executed periodically. But do we know of all the possibilities that antivirus software can offer? This article briefs you on how antivirus software works, reviews the features needed and makes you aware of how to make the most of them.
Antivirus software: past and present
The initial years of using AV software were simply about using them as scanners as they were command line scanners that detect malicious patterns in executable programs. AV software has come a long way since then. For instance, the command line scanners are non-existent these days. Nowadays, AV products use graphical user interface (GUI) scanners that go through all files created, edited, or accessed by the users or operating system. It installs firewalls for malware detection, uses browser add-ons to detect web-based threats, isolates browsers to ensure safe payment, creates kernel drivers for self-protection, etc.
Antivirus software has evolved remarkably since the time of its creation also because of the large amount of malware that has been created. This forced the industry to develop automatic detection and create heuristics for the detection of yet to develop or unknown malware. Money is the biggest motivator behind the rapid evolution of malware and anti-malware software products. Over the last 10 years, the antivirus industry has made large investments in bringing in big improvements. Although antivirus software is to be on the defensive side of information security, it is always behind the offensive side. antivirus software cannot detect malware that is yet unknown, because antivirus evasion is an important part of the design of malware by attackers. Several commercial malware packages, be it legal or illegal, are sold with a deadline of support time. During that period, the malware would bypass the antivirus software and the security provided by the operating system. Alternatively, malware updates may come with bug fixes and new features. Antivirus is a potential target for an attack, as demonstrated by the case of The Mask, which was a malware attack sponsored by a government, that took advantage of Kaspersky’s zero-day.
Typical Misconceptions about Antivirus Software
Most users who buy antivirus software believe that these products are bulletproof and that it can guarantee the safety of the computer. It is not a sound belief and not uncommon to find comments on AV forums about how a system with AV software got corrupted. To understand why this software is not bulletproof, let’s go through the tasks performed by these AV products:
- Detect known malicious patterns and behaviours in programs
- Detect known malicious patterns in web pages and documents
- Detect known malicious patterns in networks packets
- Adapt to new patterns discovered based on experience from previously known malware
The word known is mentioned in each task which goes to say that antivirus products are not a complete solution for malware attacks as they cannot detect the unknown. Marketing tactics may lead an average user to believe that their system is protected from all kinds of attacks, but this is far from the truth. The antivirus industry is based on malware patterns and behaviours that are known; antivirus software is not equipped to spot new threats unless they are built from known patterns, irrespective of what the AV industry advertises.
There are several free and paid security software available in the market. Most of the free software that is available comes with subscription services and features such as password managers and updates. Paid antivirus software has the advantage of not coming with advertisements. Users can also refer to the performance of different antivirus software during technical tests.
Periodic updates are the only maintenance required for this software as new malware threats crop up daily across the globe. As soon as it is identified by the antivirus publisher, it is added to their signature database and updates are made.