Anyone who has bought a computer in the last decade will have heard of antivirus, usually from the salesman when he was selling you it along with your nice, shiny, "state of the art" computer. But what is this? How does it do it? Is it the "silver bullet" for all your personal I.T security?
What is it?
The antivirus products you see in computer retailers may sell themselves as "Complete Internet Security", and they tend to include much more than an antivirus product. I won't cover these other inclusions in this post, but may at a later date.
Wikipedia describes antivirus as:
"Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware."
Which is all well and good, sounds important right?
Yes, it is important.
But before we go further we need to define malware. Malware is any software installed on your computer (intentionally or not) which has been created for malicious activities. These malicious activities can range from stealing bank account passwords to forcing your machine to actually attack others across the Internet. Scary stuff?
So simply put, antivirus looks for and attempts to remove malware on your computer.
How does it do it?
Antivirus tend to use two methods of malware detection. Signature based detection and behaviour based detection.
Antivirus companies attempt to collect malware from the Internet (also known as "in the wild"). When a sample of the malware has been collected a "signature file" is created, which is unique to that version of the malware. When the antivirus updates itself it is adding new signatures to its own dictionary for future use. This signature file is then used when the antivirus scans files, whether that is during a scan or when a file is created, emailed, downloaded etc (these functions vary by antivirus product), and an alert is created if a match is found. This is signature based detection.
The downside to signature based detection is that if an antivirus company hasn't found or received a sample of the malware it cannot detect it. This is where behaviour based detection comes into play. The antivirus product monitors the activities of all the software running on your machine, not looking for a specific signature, but for suspicious behaviour.If suspicious behaviour is discovered an alert should be produced telling you what has been discovered.
Is it the "silver bullet" for all your personal I.T. security?
In a word..... no.
The antivirus companies do attempt to have the latest signature files, behavioural detection and other seemingly unexplainable features within their product. Well, they don't want you sending your money elsewhere do they? ;) But try as they might no one product can guarantee 100% protection, no matter what the salesman says. Antivirus should be used as a last line of defence. Safe browsing/email procedures should be followed. I'll talk about these in later posts.
Any comments or questions are more than welcome. Either comment here or catch me on twitter @miketmclaughlin.
Which is all well and good, sounds important right?
Yes, it is important.
But before we go further we need to define malware. Malware is any software installed on your computer (intentionally or not) which has been created for malicious activities. These malicious activities can range from stealing bank account passwords to forcing your machine to actually attack others across the Internet. Scary stuff?
So simply put, antivirus looks for and attempts to remove malware on your computer.
How does it do it?
Antivirus tend to use two methods of malware detection. Signature based detection and behaviour based detection.
Antivirus companies attempt to collect malware from the Internet (also known as "in the wild"). When a sample of the malware has been collected a "signature file" is created, which is unique to that version of the malware. When the antivirus updates itself it is adding new signatures to its own dictionary for future use. This signature file is then used when the antivirus scans files, whether that is during a scan or when a file is created, emailed, downloaded etc (these functions vary by antivirus product), and an alert is created if a match is found. This is signature based detection.
The downside to signature based detection is that if an antivirus company hasn't found or received a sample of the malware it cannot detect it. This is where behaviour based detection comes into play. The antivirus product monitors the activities of all the software running on your machine, not looking for a specific signature, but for suspicious behaviour.If suspicious behaviour is discovered an alert should be produced telling you what has been discovered.
Is it the "silver bullet" for all your personal I.T. security?
In a word..... no.
The antivirus companies do attempt to have the latest signature files, behavioural detection and other seemingly unexplainable features within their product. Well, they don't want you sending your money elsewhere do they? ;) But try as they might no one product can guarantee 100% protection, no matter what the salesman says. Antivirus should be used as a last line of defence. Safe browsing/email procedures should be followed. I'll talk about these in later posts.
Any comments or questions are more than welcome. Either comment here or catch me on twitter @miketmclaughlin.
Nice article Mike. It's amazing just how many people don't have any Anti Virus protection these days. I always liken it to your house security. A door with a Yale lock is better than nothing, but you really should invest in something that is going to deter an intruder more. The same goes with AV Software. AVG is free and will do a basic job, but you really need to spend a little to be alot safer.
ReplyDeleteVery true. If you are technically minded there is free software which can give a reasonable level of assurance, however it can be difficult to configure correctly. A few pounds a year can give you an "install and forget" solution, with automatic updates, scans etc.
ReplyDeleteAs I said in my post, I believe AV should be a last line of defence, and safe browsing/email practices should be adhered to.
Hi Mike,
ReplyDeleteIt's good to see you have started blogging... at last, as I remember you saying at one point, "I can't be bothered" :)
Very nice post. You said in your post that an AV should be your last line of defence. But I would assume that with so many threats around, an AV is an absolute must these days. I agree that safe browsing/email practices should be followed, but we are all human beings and it is very easy to make mistakes sometimes.
Well, keep it up and I hope to see some very useful posts in future.
Best
Vishal
It is definitely easy to make mistakes, whether people admit it or not ;) I agree completely, AV is a must, maybe I didn't make that clear? The problem is solely relying on AV as it is sold as "100% Complete Uber Hacker-proof Security", and as we both know, it certainly isn't.
ReplyDeleteI'll certainly be covering safe Internet practices, which should help keeping the AV intervention to a minimum.