IS USING INTERNET SAFE?

Antivirus programs are powerful pieces of software that are essential on Windows computers. If you've ever wondered how antivirus programs detect viruses, what they're doing on your computer, and if you need to run regular system scans, read on.
An antivirus program is an essential part of a
multi-layered security strategy, even if you are a smart computer user, the
constant stream of vulnerabilities for browsers, plug-ins, and the Windows
operating system make virus protection important.
Antivirus
software runs in the background on your computer, checking every file you
open. This is generally known as on-access scanning, background scanning,
resident scanning, real-time protection, or something else, depending on your
antivirus program.
When you double-click an EXE file, the program may appear
to start immediately, but it does not. Your antivirus software first checks the
program and compares it against known viruses, worms, and other types of
malware. Your antivirus software also performs "heuristic" checks and
checks programs for types of misbehavior that may indicate a new, unknown
virus.
Antivirus programs also scan other types of files that may
contain viruses. For example, a compressed .zip file may contain compressed
viruses, or a Word document may contain a malicious macro. Files are scanned
every time they are used, for example, if you download an EXE file, it will be
scanned immediately, even before it is opened.
It is possible to use an antivirus without scanning on
access, but this is generally not a good idea: viruses that exploit security
holes in programs will not be detected by the scanner. After a virus has
infected your system, it is much more difficult to remove. (It's also difficult
to be sure that the malware has been completely removed.)
Complete
System Analysis
Due to real-time scanning, it is generally not necessary to
run scans of the entire system. If you download a virus onto your computer,
your antivirus program will notice immediately - you don't have to manually
start a scan first.
However, system-wide scans can be helpful for a few things.
A full system scan is helpful when you have just installed an antivirus program;
ensures that there are no inactive viruses on your computer. Most antivirus
programs set up full scheduled system scans, often once a week. This ensures
that the latest virus definition files are used to scan your system for
inactive viruses.
These full disk scans can also be helpful in repairing a
computer. If you want to repair an already infected computer, inserting your
hard drive into another computer and running a full system scan for viruses (if
you're not doing a full reinstall of Windows) is helpful. However, you
generally don't need to run full system scans when an antivirus program is
already protecting you - it always does it in the background and performs its
own regular system scans.
Virus Definitions
Your antivirus software relies on virus definitions to detect malware. That is why it automatically downloads new and updated definition files, once a day or even more often. The definition files contain signatures of viruses and other malicious programs that have been found in the wild. When an antivirus program scans a file and realizes that the file matches a known piece of malware, the antivirus program stops running and "quarantines" it. Depending on the settings of your antivirus program, the antivirus program may automatically delete the file or you can allow the file to run anyway, if you are sure it is a false positive.
Antivirus companies have to continually keep up with the
latest pieces of malware, releasing definition updates that ensure that malware
is caught by their programs. Antivirus labs use a variety of tools to
disassemble viruses, run them in sandbox environments, and release timely
updates to ensure that users are protected against the new piece of malware.
Heuristics
Antivirus programs also use heuristics. Heuristics allow an
antivirus program to identify new or changed types of malware, even without
virus definition files. For example, if an antivirus program realizes that a
program running on your system is trying to open all the EXE files on your
system and infect you by writing a copy of the original program, the antivirus
program may detect this program as new. unknown type of virus.
No antivirus program is perfect. Heuristics cannot be too
aggressive or they will mark legitimate software as viruses.
False Positives
Due to the large amount of software out there, antivirus
programs may occasionally say that a file is a virus when in fact it is a
completely safe file. This is known as a "false positive." Sometimes
antivirus companies even make mistakes, such as identifying Windows system
files, popular third-party programs, or their own antivirus program files as
viruses. These false positives can harm users' systems, such errors usually end
up in the news, such as when Microsoft Security Essentials identified Google
Chrome as a virus, Windows 7 versions of Windows 7 corrupted by AVG or Sophos
were identified as malware.
Heuristics can also increase the false positive rate. An
antivirus can notice that a program is behaving similarly to a malicious program
and identify it as a virus.
Despite this, false positives are quite rare in normal use.
If your antivirus says a file is malicious, you generally have to believe it.
Detection
Rates
Different antivirus programs have different detection
rates, involving both virus definitions and heuristics. Some antivirus
companies may have more effective heuristics and release more virus definitions
than their competitors, resulting in a higher detection rate.
Some organizations regularly test antivirus programs
against each other, comparing their detection rates in real world use. AV-Comparatives
regularly publishes studies comparing the current state of antivirus detection
rates. Detection rates tend to fluctuate over time, there is no best product
that is consistently on top. If you're really looking to see how effective an
antivirus program is and which ones are the best out there, detection rate
studies are the place to look.
Comments
Post a Comment