What is Antivirus Software

12 Key excerpts on "What is Antivirus Software"

• 

  eBook - ePub

  The Antivirus Hacker's Handbook

  • Joxean Koret, Elias Bachaalany(Authors)
  • 2015(Publication Date)
  • Wiley

    (Publisher)

  Part I

  Antivirus Basics

  In This Part

  1. Chapter 1: Introduction to Antivirus Software
  2. Chapter 2: Reverse-Engineering the Core
  3. Chapter 3: The Plug-ins System
  4. Chapter 4: Understanding Antivirus Signatures
  5. Chapter 5: The Update System

  Passage contains an image

  Chapter 1 Introduction to Antivirus Software

  Antivirus software is designed to prevent computer infections by detecting malicious software, commonly called malware, on your computer and, when appropriate, removing the malware and disinfecting the computer. Malware, also referred to as samples in this book, can be classified into various kinds, namely, Trojans, viruses (infectors), rootkits, droppers, worms, and so on.

  This chapter covers what antivirus (AV) software is and how it works. It offers a brief history of AV software and a short analysis of how it evolved over time.

  What is Antivirus Software?

  Antivirus software is special security software that aims to give better protection than that offered by the underlying operating system (such as Windows or Mac OS X). In most cases, it is used as a preventive solution. However, when that fails, the AV software is used to disinfect the infected programs or to completely clean malicious software from the operating system.

  AV software uses various techniques to identify malicious software, which often self-protects and hides deep in an operating system. Advanced malware may use undocumented operating system functionality and obscure techniques in order to persist and avoid being detected. Because of the large attack surface these days, AV software is designed to deal with all kinds of malicious payloads coming from both trusted and untrusted sources. Some malicious inputs that AV software tries to protect an operating system from, with varying degrees of success, are network packets, email attachments, and exploits for browsers and document readers, as well as executable programs running on the operating system.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Hack Proofing Your Identity In The Information Age

  • Syngress(Author)
  • 2002(Publication Date)
  • Syngress

    (Publisher)

  Antivirus software is a type of pro-gram that searches your hard disk and removable media (such as floppy disks, CDs, and so forth) for known viruses.When a virus-infected file is found, it can then repair the file by removing the virus’s code, or delete the file to prevent other files from becoming infected. The way antivirus software can perform these actions is through signature files, which are also sometimes called virus definition files .These contain information used by the antivirus software to identify known viruses, and they contain infor-mation used by the software so it can effectively clean any infected files.Without signature files, the antivirus software wouldn’t be able to function properly. Numerous antivirus software programs are on the market that can help pro-tect your data from viruses.We look at several of the most popular software pack-ages and show you how you can update your signature files and software to keep up-to-date with the viruses that are out there. N OTE Viruses can have a wide variety of effects on your system. Some viruses are downright silly, playing music over your speaker repeatedly. Others can be a major problem in terms of identity theft. One such virus is PWSteal.Coced240b.Tro, which is designed to steal passwords. It is sent to you as an e-mail attachment named 26705-i386-update.exe, claiming to be a patch sent to you from [email protected]. Once it’s acti-vated on your system, it sends password information on your machine to an e-mail address. While there are numerous password stealing viruses, this one is used to illustrate how a virus can do more than cause damage to data. www.syngress.com 60 Chapter 2 • Protecting Your Hard Drive What You Might Not Know about Antivirus Software Antivirus software is only effective against known viruses.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Computer and Information Security Handbook

  • John R. Vacca(Author)
  • 2012(Publication Date)
  • Morgan Kaufmann

    (Publisher)

  Firewalls are essential elements of an overall defensive strategy but have the drawback that they only protect the perimeter. They are useless if an intruder has a way to bypass the perimeter. They are also useless against insider threats originating within a private network.

  Antivirus and Antispyware Tools

  The proliferation of malware prompts the need for antivirus software.19 Antivirus software is developed to detect the presence of malware, identify its nature, remove the malware (disinfect the host), and protect a host from future infections. Detection should ideally minimize false positives (false alarms) and false negatives (missed malware) at the same time. Antivirus software faces a number of difficult challenges:

  • Malware tactics are sophisticated and constantly evolving. • Even the operating system on infected hosts cannot be trusted. • Malware can exist entirely in memory without affecting files. • Malware can attack antivirus processes. • The processing load for antivirus software cannot degrade computer performance such that users become annoyed and turn the antivirus software off.

  One of the simplest tasks performed by antivirus software is file scanning. This process compares the bytes in files with known signatures that are byte patterns indicative of a known malware. It represents the general approach of signature-based detection. When new malware is captured, it is analyzed for unique characteristics that can be described in a signature. The new signature is distributed as updates to antivirus programs. Antivirus looks for the signature during file scanning, and if a match is found, the signature identifies the malware specifically. There are major drawbacks to this method, however: New signatures require time to develop and test; users must keep their signature files up to date; and new malware without a known signature may escape detection.

  Behavior-based detection is a complementary approach. Instead of addressing what malware is, behavior-based detection looks at what malware tries to do. In other words, anything attempting a risky action will come under suspicion. This approach overcomes the limitations of signature-based detection and could find new malware without a signature, just from its behavior. However, the approach can be difficult in practice. First, we must define what is suspicious behavior, or conversely, what is normal behavior. This definition often relies on heuristic rules developed by security experts, because normal behavior is difficult to define precisely. Second, it might be possible to discern suspicious behavior, but it is much more difficult to determine

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Windows 7 All-in-One For Dummies

  • Woody Leonhard(Author)
  • 2009(Publication Date)
  • For Dummies

    (Publisher)

  blended-threat malware. Blended threats incorporate elements of all three traditional kinds of malware — and more. Most of the most successful “viruses” you read about in the press these days — Conficker, Mebroot, and the like — are, in fact, blended-threat malware. They’ve come a long way from old-fashioned viruses.

  Understanding Antivirus Software

  Antivirus (AV) software protects your computer from viruses, right? Well, yes and no. Every AV product these days also protects your computer from other forms of malware — Trojans and lions and bears, oh my! Most AV products have turned into humongous “security suites” that ooze into every Windows pore, gumming up systems and giving you untold headaches, while demanding money on an all-too-regular basis. (Ever see Little Shop of Horrors ? Think of the line, “Feed me, Seymour!” But I digress.)

  Most AV software packages these days work in two very different ways:

  ♦ Signature matching: The antivirus software looks inside files to see whether any portion of the file matches a big database of known “bad” snippets of data. When a new virus or worm is discovered, characteristic parts of the infecting program are added to the signature database. Signature matching still forms the backbone of the antivirus industry, but the black-hat cretins are getting better at writing malware that modifies itself, rendering signatures useless.

  Some industry pundits observe (rightly) that a steady flow of updated signature files drives revenue for the antivirus industry: If you drop your subscription, you don’t get any new signatures. The antivirus software industry has one of the few software products that becomes nearly obsolete every few days. Powerful economic incentives exist to stick with the signature-matching model — which, by its very nature, works only after a new virus has been identified.

  ♦ Heuristic analysis:

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Wiley Pathways Network Security Fundamentals

  • Eric Cole, Ronald L. Krutz, James Conley, Brian Reisman, Mitch Ruebush, Dieter Gollmann, Rachelle Reese(Authors)
  • 2012(Publication Date)
  • Wiley

    (Publisher)

  A number of good antivirus products are available today, such as those from Symantec™, McAffee ® , and Computer Associates™. An organization should have protection on every computer where people are saving files, storing email messages, or browsing web pages. The antivirus soft- ware should be configured to provide real-time protection as well as routinely scheduled scanning. Without continuous protection, a virus can spread through- out an organization before the next routine scan is scheduled. Keep Current with Antivirus Signatures Because new viruses are always being released, antivirus software relies on peri- odic updated virus signature files to provide protection against the latest threats. A virus signature is the pattern of bits inside a virus that allows the antivirus software to recognize it. Most signature updates are obtained by accessing the antivirus vendor’s site and pulling down the latest update. Most antivirus packages will allow the admin- istrator to choose to have the new signatures downloaded automatically on a reg- ular schedule. Automating the process ensures that critical updates are not missed. If the new antivirus signature is downloaded to be redistributed throughout a large organization, it should be tested first and deployed from a server within the organization. The local server, in turn, gets its files from a master server that distributes the tested update. There are four key steps to deploying updated sig- natures in a large organization: 1. Download new signatures. 2. Test new antivirus downloads. 3. Deploy new signatures. 4. Continue to monitor. Finally, it is important that the computers be monitored periodically to ensure that the new antivirus signatures are being distributed properly. When the next big virus or worm hits is not the time to find a flaw in the system. 9.2.2 Anti-spyware Anti-spyware software monitors a computer for spyware and allows you to remove it.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  IT Governance

  An International Guide to Data Security and ISO 27001/ISO 27002

  • Alan Calder, Steve Watkins(Authors)
  • 2019(Publication Date)
  • Kogan Page

    (Publisher)

  18

  Controls against malicious software (malware)

  Control objective A.12.3 requires the organization to protect the integrity of software and information by implementing detection and prevention controls against malicious software and to ensure that appropriate user awareness procedures have been implemented. The importance of this control was highlighted by a finding, as long ago as the FBI/CSI 2002 survey, that 85 per cent of organizations had detected computer virus threats. Year after year, similar surveys produce similar results: the 2014 ISBS survey found that 73 per cent of large organizations (up from 59 per cent the previous year) had suffered a malware attack. More recent surveys all indicate similar levels of suffering. Many organizations think that because they have some form of anti-malware software in place, they have a data security system. They don’t. This book, and ISO27001 itself, makes it clear that anti-malware controls are just one part of an effective data security system; they are, however, an extremely important part.

  Viruses, worms, Trojans and rootkits

  An overall understanding of the world of computer malware, the different types of virus and their characteristics, would be useful ahead of a discussion of how to resist them. Technically, the most useful generic term to use is ‘malware’, a term that denotes software designed for some malicious purpose. It may be written in almost any programming language and carried within almost any type of file. Common forms of malware include viruses, worms, Trojans, spyware, adware, bugs and rootkits. ‘Antivirus’ and ‘anti-malware’ are terms that are used interchangeably in this book.

  A virus has at least two properties: it is a program capable of replicating – that is, producing functional copies of itself – and it depends on a host file (a document or executable file) to carry each copy. It may or may not have a ‘payload’: the ability to do something funny or destructive or clever when it arrives.

  Sign up to read

  Learn more about book
• 

  No longer available |Learn more

  Computer Crimes

  • (Author)
  • 2014(Publication Date)
  • University Publications

    (Publisher)

  The role of software development Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits. ________________________ WORLD TECHNOLOGIES ________________________ Anti-virus software and other preventive measures Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus signatures. The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect novel viruses that anti-virus security firms have yet to create a signature for. Some anti-virus programs are able to scan opened files in addition to sent and received e-mails on the fly in a similar manner. This practice is known as on-access scanning. Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to recognize the latest threats.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Technological Turf Wars

  A Case Study of the Computer Antivirus Industry

  • Jessica R. Johnston(Author)
  • 2009(Publication Date)
  • Temple University Press

    (Publisher)

  ❖ Introduction C omputer security is a technical and social problem. It is just as much about social relationships as it is about computers as tools. Internet security professionals are as concerned with how people use information as they are with how machines manipu-late and process that information. This book is a case study of how the knowledge systems articulated by computer antivirus industry profes-sionals affect technological security. It analyzes the tensions and politi-cal dilemmas at the heart of the interrelationships among science, technology, and society. All technologies involve ‘scripts’. A computer virus is a metaphor that generates images of global viral epidemics and outbreaks, of in-fectious code reeking havoc on personal computers and global infor-mation networks, and of machines that no longer respond to or are under our control. The reality of infected computers generates an en-tire industry seemingly dedicated to protecting computers and their users from infection, and disinfecting those that succumb. Indeed, those who work within the antivirus industry perpetuate this scripted imagery, and consider themselves part of a security force that polices the ‘dark alleys’ of the ‘information superhighway’. Based on qualitative interviews over six years with various pro-fessionals within the antivirus industry, this book explores changing definitions of security and technological threats to corporate commu-nications within the global marketplace. Grounded in these profes-sionals’ own words and attitudes, it highlights the complexity of the issues surrounding the antivirus industry’s perspectives of virus writers and spammers, its negotiations with transnational corporations within a techno-capitalist economy, and its interactions with global corpora-tions as end users. This book also provides a theoretical reflection on the development of technological artifacts.

  Sign up to read

  Learn more about book
• 

  eBook - PDF

  Intelligent Security Systems

  How Artificial Intelligence, Machine Learning and Data Science Work For and Against Computer Security

  • Leon Reznik(Author)
  • 2021(Publication Date)
  • Wiley-IEEE Press

    (Publisher)

  177 Intelligent Security Systems: How Artificial Intelligence, Machine Learning and Data Science Work For and Against Computer Security , First Edition. Leon Reznik. © 2022 by The Institute of Electrical and Electronics Engineers, Inc. Published 2022 by John Wiley & Sons, Inc. 4 4.1 Malware Definition, History, and Trends in Development ! Malware is any software written with the goal to perform some undesired action and to inflict certain damage to the computer systems or their protection services. The term was coined in 1990 by Yisreal Radai as short for “malicious software.” It became a generic umbrella name for all software with undesired intent within a system (Namanya et al. 2018). The harm examples might include stealing data stored in the system or decreasing performance of some system functionality. Typically, malware damages or modifies system software or data but not hardware. Beyond performing the damage, malware commonly has two other goals to make it more successful in their fight against system protection services: self ‐ propagation and obfuscation (Dornhackl et al. 2014). While self ‐ propagation may help with expediting an infection process, it may cause the major damage by itself with the goal to consume system resources, first of all, memory and communication channels bandwidth. By applying the obfuscation techniques, the malware may attempt to stay undetected by antivirus software. Although nowadays malware is classified into multiple categories described later in this chapter, it originated with a kind called a virus, which is still used in various presentations as a substitution to the whole term. A computer virus was originally defined as a computer program that has the capability of replicating itself and spreading from one computer to another. Computer viruses are relatively small software pieces in size.

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Scholarly Information Discovery in the Networked Academic Learning Environment

  • LiLi Li(Author)
  • 2014(Publication Date)
  • Chandos Publishing

    (Publisher)

  If a computer runs multiple antivirus software products concurrently, there may be conflicts. Different operating systems only need installation of the appropriate antivirus software. Based on personal experience, the author suggests that AVAST Free Antivirus 2014, Malwarebytes Anti-Malware, Microsoft Security Essentials, Rising Internet Security, Spybot Search & Destroy 2, Web of Trust (WOT), and ZoneAlarm are all worth a try. There is insufficient space in this chapter to compare and list all the antivirus software reviewed and recommended by CNET.com and PCMag.com. For example, even though AVG Antivirus 2014 is rated as the No. 1 antivirus software product to block malware and viruses, it is important for users to select antivirus software products according to the requirements of their own computer operating systems and other related limitations. CNET.com and PCMag.com are well worth visiting when looking for the latest free antivirus software reviews and user ratings. How to prevent computer viruses in our networked world? Installation of a computer antivirus program is only the first step toward securing your computing environments. Limited by current computer technologies, there is no antivirus software product available that can provide 100 percent protection against all kinds of malicious computer malware. As a consequence, college and university students must learn how to use their computers safely in our networked academic learning environments. No matter whether you are using a public-accessed or a private-accessed computer, you must follow the advice and suggestions provided by IT specialists and other computer users; otherwise, you run the risk of losing your identity and sensitive data while surfing the net

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Video Systems in an IT Environment

  The Basics of Professional Networked Media and File-based Workflows

  • Al Kovalick(Author)
  • 2013(Publication Date)
  • Routledge

    (Publisher)

  customer period), the longer the period of vulnerability. Within hours of detection, an antivirus vaccine is normally available. Again, virus scanners must be installed on RT A/V equipment in cooperation with the equipment provider to guarantee RT performance when scans are active or scheduled for off-hours.

  For RT gear it is especially important to have confidence that any software patch will not affect performance. Should IT install the patch, hurriedly test, and deploy, hoping that the patch works, or should IT wait until more is known about its ramifications? These are difficult decisions and keep the window of vulnerability open. For worms, OS providers often notify the community of the vulnerability and then provide the patch. The delay before the patch is installed gives attackers time to exploit defenseless system elements.

  8.3 PREVENTION TECHNOLOGY

  In the end, it is the prevention technology that will keep out the pirates. In general, there are five main means to prevent/discover attacks over a network:

  1.  Main firewall 2.  Intrusion Prevention System (IPS) 3.  Intrusion Detection System (IDS) 4.  Antivirus methods 5.  Virtual Private Network (VPN)

  Figure 8.5 shows the overall landscape to prevent outside attacks against internal, private networks. Of course, there are other configurations, but let us use this one for the purposes of discussion.

  FIGURE 8.5 Strategies for protecting business and A/V systems.

  8.3.1 The Main Firewall

  The main firewall is the classic method used to protect against outside intrusion. Firewalls come in many flavors from a variety of companies. Some are host based and run on desktops, servers, and so on. Microsoft’s Vista Internet connection firewall is a prime example. Others are network based, such as FireWall-1 from Check Point Software and Cisco’s PIX Firewall family. Figure 8.6

  Sign up to read

  Learn more about book
• 

  eBook - ePub

  Network and System Security

  • John R. Vacca(Author)
  • 2013(Publication Date)
  • Syngress

    (Publisher)

  19 Antivirus software is developed to detect the presence of malware, identify its nature, remove the malware (disinfect the host), and protect a host from future infections. Detection should ideally minimize false positives (false alarms) and false negatives (missed malware) at the same time. Antivirus software faces a number of difficult challenges:

  • Malware tactics are sophisticated and constantly evolving. • Even the operating system on infected hosts cannot be trusted. • Malware can exist entirely in memory without affecting files. • Malware can attack antivirus processes. • The processing load for antivirus software cannot degrade computer performance such that users become annoyed and turn the antivirus software off.

  One of the simplest tasks performed by antivirus software is file scanning. This process compares the bytes in files with known signatures that are byte patterns indicative of a known malware. It represents the general approach of signature-based detection. When new malware is captured, it is analyzed for unique characteristics that can be described in a signature. The new signature is distributed as updates to antivirus programs. Antivirus looks for the signature during file scanning, and if a match is found, the signature identifies the malware specifically. There are major drawbacks to this method, however: New signatures require time to develop and test; users must keep their signature files up to date; and new malware without a known signature may escape detection.

  Behavior-based detection is a complementary approach. Instead of addressing what malware is, behavior-based detection looks at what malware tries to do. In other words, anything attempting a risky action will come under suspicion. This approach overcomes the limitations of signature-based detection and could find new malware without a signature, just from its behavior. However, the approach can be difficult in practice. First, we must define what is suspicious behavior, or conversely, what is normal behavior. This definition often relies on heuristic rules developed by security experts, because normal behavior is difficult to define precisely. Second, it might be possible to discern suspicious behavior, but it is much more difficult to determine

  Sign up to read

  Learn more about book