Antivirus Software

Learn the basics of Internet Security.

It is an undeniable fact that Internet in many ways is now a personification of the real world and we can do things like meeting new people, shopping, chatting with a friend, conducting a business meeting and finding a new car or house for ourselves on the Internet.


This personification transferred the threats we face in real world to Internet.

Every day someone's computer gets infected, somebody losses a lot of money because of identity theft or fraud, someone's website gets hacked or knocked offline or some organization or company faces the risks of industrial espionage.


All these threats emanate from Internet, we faced these threats a decade ago and even today we are facing these threats with even more severe and unprecedented levels.

So it is very important to use Internet security software. This scenario makes choosing the antivirus a very critical decision, to undertake this decision you must have complete knowledge of what is antivirus software and how it works, the article below would surely help you in grasping this concept and would be instrumental for you in protecting your valuable information.


Antivirus software or antivirus program is specially designed software that is used to detect, block and remove malicious programs that could harm your computer and data. These malicious programs include viruses, Trojans, spyware, adware, rootkits and worms. These programs are engineered to disrupt the normal functionality of the computer and force it to act in a way not facilitated by the legal owner or administrator of the computer.


Some of the malicious programs like viruses do nothing more than just harming your operating system, while others like spywares are designed to get valuable information from your computer. These programs are very hard to detect and remove as the work in stealth mode. An antivirus program can be considered as the remedy or precautionary measure against these threats.


Antivirus software use a variety of different strategies to detect, block and remove malicious programs. Some of the most commonly used strategies are listed below:


  • Signature based detection
  • Heuristics
  • Rootkit detection

Signature Based Detection:

Signature based detection is the most commonly used method for detection of viruses and malicious programs by antivirus software. In signature based detection technique a antivirus program would look for known piece of code in executable files or system memory that had already been declared as harmful for the computer. Upon successful detection of code the antivirus program would flag that file or program as harmful and would notify and prompt the user to take appropriate action against the threat.


This technique works well for known viruses, but for unknown or new threats also called the zero day threats, signature based detection method is totally ineffective as the definition of the new virus would not be present in the virus directory making the antivirus program ineffective.


Heuristics:

Heuristics is a technique used by antivirus program to detect previously unknown or new viruses. By using this technique the antivirus program would decompile the code of a suspected program or subject then compare that code with the samples of code that had already been flagged as viruses, if a certain level of similarity is detected the subject code being scanned is termed as harmful and the user is prompted to take appropriate action.


Another method under this technique is that the antivirus program would execute the code under a virtual environment, isolated from the real operating system world. The antivirus program would then analyze the impact of that code, if the impact is found to be harmful then the program would be labeled as virus and the user would be notified else the program or code would be simply ignored. This method is also known as behavioral scanning method. Many leading antivirus programs like bit defender, Symantec and Kaspersky antivirus have successfully deployed this technique.


Rootkit Detection:

Rootkits are specially designed programs which work in stealth mode. They are engineered to acquire administrator level control of the computer. Rootkits can tamper the files of an operating system making it unstable. Rootkits can even harm the antivirus program making it ineffective. A good antivirus is needed to scan and remove rootkits. Antivirus program scans for rootkits by searching the operating system memory. Antivirus programs have self protection modules to protect them from rootkits.


After detecting a malicious program by any of the above listed methods the next job of an antivirus program is to block and remove that harmful program from your computer. To achieve that goal the antivirus program uses a three stages approach. First it tries to repair the damaged file and remove the virus, if this method fails then it tries to place the infected files along with the virus in an isolated environment away from operating system world, this strategy is called quarantine. If this method also fails then the antivirus deletes the infected files along with the virus. An antivirus program usually prompts the user to perform any of the above three functions, however there is an option to automate this process, the user would select what action should an antivirus program perform when a virus is found and then the program would work autonomously, without asking the user for appropriate action.


Some very well known and effective antivirus programs available in market are listed below. This list can also be considered as recommendations.


1. Bit defender antivirus (Check out our Bit Defender antivirus review)

2. Norton antivirus (Check out our Norton antivirus review)

3. Kaspersky antivirus

4. ESET NOD 32 Antivirus

5. Webroot antivirus