Anyone who has bought a computer in the last decade will have heard of antivirus, usually from the salesman when he was selling you it along with your nice, shiny, "state of the art" computer. But what is this? How does it do it? Is it the "silver bullet" for all your personal I.T security?
What is it?
The antivirus products you see in computer retailers may sell themselves as "Complete Internet Security", and they tend to include much more than an antivirus product. I won't cover these other inclusions in this post, but may at a later date.
Wikipedia describes antivirus as:
"Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware."
Which is all well and good, sounds important right?
Yes, it is important.
But before we go further we need to define malware. Malware is any software installed on your computer (intentionally or not) which has been created for malicious activities. These malicious activities can range from stealing bank account passwords to forcing your machine to actually attack others across the Internet. Scary stuff?
So simply put, antivirus looks for and attempts to remove malware on your computer.
How does it do it?
Antivirus tend to use two methods of malware detection. Signature based detection and behaviour based detection.
Antivirus companies attempt to collect malware from the Internet (also known as "in the wild"). When a sample of the malware has been collected a "signature file" is created, which is unique to that version of the malware. When the antivirus updates itself it is adding new signatures to its own dictionary for future use. This signature file is then used when the antivirus scans files, whether that is during a scan or when a file is created, emailed, downloaded etc (these functions vary by antivirus product), and an alert is created if a match is found. This is signature based detection.
The downside to signature based detection is that if an antivirus company hasn't found or received a sample of the malware it cannot detect it. This is where behaviour based detection comes into play. The antivirus product monitors the activities of all the software running on your machine, not looking for a specific signature, but for suspicious behaviour.If suspicious behaviour is discovered an alert should be produced telling you what has been discovered.
Is it the "silver bullet" for all your personal I.T. security?
In a word..... no.
The antivirus companies do attempt to have the latest signature files, behavioural detection and other seemingly unexplainable features within their product. Well, they don't want you sending your money elsewhere do they? ;) But try as they might no one product can guarantee 100% protection, no matter what the salesman says. Antivirus should be used as a last line of defence. Safe browsing/email procedures should be followed. I'll talk about these in later posts.
Any comments or questions are more than welcome. Either comment here or catch me on twitter @miketmclaughlin.
Which is all well and good, sounds important right?
Yes, it is important.
But before we go further we need to define malware. Malware is any software installed on your computer (intentionally or not) which has been created for malicious activities. These malicious activities can range from stealing bank account passwords to forcing your machine to actually attack others across the Internet. Scary stuff?
So simply put, antivirus looks for and attempts to remove malware on your computer.
How does it do it?
Antivirus tend to use two methods of malware detection. Signature based detection and behaviour based detection.
Antivirus companies attempt to collect malware from the Internet (also known as "in the wild"). When a sample of the malware has been collected a "signature file" is created, which is unique to that version of the malware. When the antivirus updates itself it is adding new signatures to its own dictionary for future use. This signature file is then used when the antivirus scans files, whether that is during a scan or when a file is created, emailed, downloaded etc (these functions vary by antivirus product), and an alert is created if a match is found. This is signature based detection.
The downside to signature based detection is that if an antivirus company hasn't found or received a sample of the malware it cannot detect it. This is where behaviour based detection comes into play. The antivirus product monitors the activities of all the software running on your machine, not looking for a specific signature, but for suspicious behaviour.If suspicious behaviour is discovered an alert should be produced telling you what has been discovered.
Is it the "silver bullet" for all your personal I.T. security?
In a word..... no.
The antivirus companies do attempt to have the latest signature files, behavioural detection and other seemingly unexplainable features within their product. Well, they don't want you sending your money elsewhere do they? ;) But try as they might no one product can guarantee 100% protection, no matter what the salesman says. Antivirus should be used as a last line of defence. Safe browsing/email procedures should be followed. I'll talk about these in later posts.
Any comments or questions are more than welcome. Either comment here or catch me on twitter @miketmclaughlin.