Friday 28 May 2010

The salesman said I need antivirus....

Inspired by the comment: "I bought {insert antivirus product} because the computer salesman said I needed it."

Anyone who has bought a computer in the last decade will have heard of antivirus, usually from the salesman when he was selling you it along with your nice, shiny, "state of the art" computer. But what is this? How does it do it? Is it the "silver bullet" for all your personal I.T security?

What is it?
The antivirus products you see in computer retailers may sell themselves as "Complete Internet Security", and they tend to include much more than an antivirus product. I won't cover these other inclusions in this post, but may at a later date.

Wikipedia describes antivirus as:
"Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware."


Which is all well and good, sounds important right?


Yes, it is important.


But before we go further we need to define malware. Malware is any software installed on your computer (intentionally or not) which has been created for malicious activities. These malicious activities can range from stealing bank account passwords to forcing your machine to actually attack others across the Internet. Scary stuff?


So simply put, antivirus looks for and attempts to remove malware on your computer.


How does it do it?
Antivirus tend to use two methods of malware detection. Signature based detection and behaviour based detection.

Antivirus companies attempt to collect malware from the Internet (also known as "in the wild"). When a sample of the malware has been collected a "signature file" is created, which is unique to that version of the malware. When the antivirus updates itself it is adding new signatures to its own dictionary for future use. This signature file is then used when the antivirus scans files, whether that is during a scan or when a file is created, emailed, downloaded etc (these functions vary by antivirus product), and an alert is created if a match is found. This is signature based detection.
The downside to signature based detection is that if an antivirus company hasn't found or received a sample of the malware it cannot detect it. This is where behaviour based detection comes into play. The antivirus product monitors the activities of all the software running on your machine, not looking for a specific signature, but for suspicious behaviour.If suspicious behaviour is discovered an alert should be produced telling you what has been discovered.


Is it the "silver bullet" for all your personal I.T. security?
In a word..... no.
The antivirus companies do attempt to have the latest signature files, behavioural detection and other seemingly unexplainable features within their product. Well, they don't want you sending your money elsewhere do they? ;) But try as they might no one product can guarantee 100% protection, no matter what the salesman says. Antivirus should be used as a last line of defence. Safe browsing/email procedures should be followed. I'll talk about these in later posts.


Any comments or questions are more than welcome. Either comment here or catch me on twitter @miketmclaughlin.




Introduction

According to www.internetworldstats.com 1,802,330,457 people are connected to the Internet. Whether you know it or not, via your phone line/cable/mobile phone network you are connected to all of these people (in a roundabout way). Amazing isn't it? Well I think so, but have you ever thought where your email to Aunty Edith actually goes? What your "Complete Internet Security" software actually does? What your web browser does when you surf the web? Most people would answer "no" to these questions, and rightly so, the Internet is a complex place.

Working within corporate environments on a day to day basis I get to see the lengths businesses go to to protect their data. Some of these systems are highly complicated, and have huge teams of experienced people dedicated to maintaining and updating them. Generally home users only have a few computers (yes this does include laptops, 3G enabled phones, games consoles and anything else which connects to the Internet!) to look after, but protecting personal data can be a daunting task. Luckily my friends and family can harrass, erm, I mean ask, me computer security related questions. But what do you do? With some basic information you can understand what the threats are, how the bad guys operate and most importantly, what you can do to help protect yourself.

I get asked the same questions over and over, and while I am (mostly) happy to answer these questions, if the answers are in one place it will make my life easier ;) Hopefully they can help others as well.