AllExperts > Encyclopedia 
Search      
Find out about volunteering to AllExperts

Antivirus software: Encyclopedia BETA


Free Encyclopedia
 Home · Index · Browse A-Z  · Questions and Answers ·
Encyclopedia

Contents

Browse A-Z
ABCDEFGHIJKLMNOPQRSTUVWXYZNum


License
Disclaimer

 
 
 
 
Free Online Courses
12 Weeks to Weight Loss
Take Charge of Stress
Learn How to Bake
Budgeting 101
Deeper Faith
DIY Fashion Makeover

       MORE E-COURSES
 
   

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  Misc

Antivirus software

See also: Antiviral drugАntivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).

Аntivirus software typically uses two different techniques to accomplish this:
* Examining (scanning) files to look for known viruses matching definitions in a virus dictionary
* Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Historically, the term antivirus has also been used for benign computer viruses that spread and combated malicious viruses. This was common on the Amiga computer platform.

Approaches

Dictionary

In the virus dictionary approach, when the antivirus software examines a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:# attempt to repair the file by removing the virus itself from the file# quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread)# delete the infected file

To achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically minded and technically inclined users identify new viruses "in the wild", they can send their infected files to the authors of antivirus software, who then include information about the new viruses in their dictionaries.

Dictionary-based antivirus software typically examines files when the computer's operating system creates, opens, closes or e-mails them. In this way it can detect a known virus immediately upon receipt. Note too that a System Administrator can typically schedule the antivirus software to examine (scan) all files on the user's hard disk on a regular basis.

Although the dictionary approach can effectively contain virus outbreaks in the right circumstances, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and more recently "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.

Suspicious behavior

The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, the antivirus software can flag this suspicious behavior, alert a user and ask what to do.

Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it can also sound a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the antivirus software obviously gives no benefit to that user. This problem has worsened since 1997, since many more nonmalicious program designs came to modify other .exe files without regard to this false positive issue. Thus, most modern antivirus software uses this technique less and less.

Other approaches

Some antivirus-software uses of other types of heuristic analysis. For example, it could try to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable. If the program seems to use self-modifying code or otherwise appears as a virus (if it immediately tries to find other executables, for example), one could assume that a virus has infected the executable. However, this method could result in a lot of false positives.

Yet another detection method involves using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, software analyzes the sandbox for any changes which might indicate a virus. Because of performance issues, this type of detection normally only takes place during on-demand scans.

Some virus scanners can also warn a user if a file is likely to contain a virus based on the file type.

Issues of concern

* The spread of viruses using e-mail as their infection vector could be inhibited far more inexpensively and effectively, without the need to install additional antivirus software, if bugs in e-mail clients, which allow the unauthorized execution of code, were fixed.
* User education can effectively supplement antivirus software; simply training users in safe computing practices (such as not downloading and executing unknown programs from the Internet) would slow the spread of viruses and obviate the need of much antivirus software.
* Computer users should not always run with administrator access to their own machine. If they would simply run in user mode then some types of viruses could not spread outside of their own personal area of the system, leaving the operating system and files belonging to other users intact.
* The dictionary approach to detecting viruses does not always suffice yet the suspicious behavior approach does not work well due to the false positive problem; hence, the current understanding of antivirus software will never conquer computer viruses.
* Various methods exist of encrypting and packing malicious software which will make even well-known viruses undetectable to antivirus software. Detecting these "camouflaged" viruses requires a powerful unpacking engine, which can decrypt the files before examining them. Unfortunately, many popular antivirus programs do not have this and thus are often unable to detect encrypted viruses. See Executable compression.
* The ongoing writing and spreading of viruses and of panic about them gives the vendors of commercial antivirus software a financial interest in the ongoing existence of viruses.
* Some antivirus software can considerably reduce performance. Users may disable the antivirus protection to overcome the performance loss, thus increasing the risk of infection. For maximum protection the antivirus software needs to be enabled all the time - often at the cost of slower performance (see also Software bloat). Some antivirus software has less impact on performance.
* It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers for example. Having antivirus protection running at the same time as installing a major update may prevent the update installing properly or at all.
* When purchasing antivirus software, the agreement may include a clause that your subscription will be automatically renewed, and your credit card automatically billed at the renewal time without your approval. For example, McAfee requires one to unsubscribe at least 60 days before the expiration of the present subscription, yet as of this writing it does not provide phone access nor a way to unsubscribe directly through their website; in that case, the subscriber's recourse is to contest the charges with the credit card issuer.

List of software and companies

Corporate market

*AVG Anti-Virus by Grisoft
*Proland Software (Protector Plus) Antivirus & Antispam Software
*MicroWorld (MicroWorld) AntiVirus & Content Security Software
*BitDefender from Romania - email security solutions
*Cisco Security Agent (CSA), from Cisco Systems.
*Dr.Web by Doctor Web, Ltd. from Russia - email/www security solutions, corporate networks protection
*GFi WebMonitor and GFi MailSecurity - WWW and email security solutions, by GFI Software
*Kaspersky Antivirus from Kaspersky Lab - Security Solutions for Enterprises, SMB and Consumers
*Panda BusinesSecure, Panda EnterpriSecure and Panda GateDefender - Panda Software solutions for corporate markets
*Sophos Anti-Virus by Sophos plc (UK) provides antivirus solutions for desktops, can create a customised installer and update from the corporate network rather than the internet.
*Security solutions by Sybari Software. Sybari Software had been purchased by Microsoft in early 2005.
*Trend Micro Security Solutions for Enterprises, SMB and Consumers. Leader in gateway protection.
*Uniwares Leon Enterprise Anti-Spam Server (with integrated AV)
*Vexira from Central Command -- Antivirus, antispam, and antispyware solutions.
*Virus Chaser from Korea and Russia. Anti-Virus, antispyware; heuristic algorithm for detecting unknown viruses. Developed by technical affiliation with Doctor Web.

Commercial and shareware

*AVG Anti-Virus by Grisoft
*eScan AntiVirus (eScan) By MicroWorld (MicroWorld)
*The Shield Pro Antivirus by PC Security Shield
*Bullguard Antivirus Software, Firewall and Backup, by BullGuard from Denmark/UK
*Command Antivirus by Authentium from USA
*Quick Heal Antivirus by CAT Computer Services Pvt. Ltd. from India
*F-Prot, by FRISK Software International in Iceland
*F-Secure Antivirus by the eponymous firm from Finland
*Kaspersky Anti-Virus by Kaspersky Lab from Russia
*McAfee VirusScan by McAfee from USA, also driving Dr. Solomon's antivirus packages
*NOD32 by Eset from Slovak Republic, shareware
*Norman from Norway
*Norton AntiVirus by Symantec
*Panda Antivirus+AntiSpyware Titanium, and Panda Platinum Internet Security from Panda Software, Spain
*PC-cillin Internet Security by Trend Micro, headquartered in Japan
*Pocket Antivirus by JSJ Software
*Rising AntiVirus from China
*LinuxShield by McAfee
*Viguard by Tegam
*Virex by McAfee
*Windows Live OneCare by Microsoft
*BitDefender line of security products by SOFTWIN from Romania (also has a free edition)
*ZoneAlarm AntiVirus from Zone Labs

Freeware

This section includes usable free-of-charge versions of commercial software.
*AntiVir PersonalEdition Classic by Avira from Germany
*avast! by Alwil from Czech Republic
*AVG Free Edition by Grisoft
*BitDefender Free Linux and Windows editions
*HouseCall Onlinescanner by Trend Micro
*Panda ActiveScan from Panda Software, Spain

Note: BitDefender Free Edition doesn't provide any real-time protection.

Free software

*ClamAV by Tomasz Kojm
**ClamWin by alch
***Winpooch - combined with ClamWin makes a GPL antivirus product with on-access scanning.
**ClamTk
**ClamXav
* OpenAntivirus

Testing organizations

These organizations provide testing of virus scanning and related programs.
*AV Comparatives - http://www.av-comparatives.org
*Virus Bulletin - http://www.virusbtn.com
*AV-Test.org - http://www.av-test.org
*ICSA Labs - http://www.icsalabs.com
*West Coast Labs - http://www.westcoastlabs.org
*GFI Software - http://www.emailsecuritytest.com

History

The first anti-virus software was created by Dr. Peter Tippet in 1981. Dr. Tippet was an emergency room doctor who also ran a computer software company. He read an article about the first computer virus released onto the market (the Brain, Lehigh and Jerusalem2 were the first viruses to be developed, but it was Lehigh that Dr. Tippet read about) and he questioned whether they would have similar characteristics to viruses that attack humans. From an epidemiological viewpoint, he was able to determine how these viruses were affecting systems within the computer (the boot-sector was affected by the Brain virus, the .com files were affected by the Lehigh virus, and both .com and .exe files were affected by the Jerusalem virus). Dr. Tippet's company Certus International Corp. then began to create anti-virus software programs. The company was sold in 1992 to Symantec Corp, and Dr. Tippet went to work for them, incorporating the software he had developed into Symantec's product - Norton AntiVirus.

Do's and don'ts

*Always have anti-virus software installed on every computer within your network.
*Update anti-virus files frequently.
*Run the anti-virus program at all times for full protection.
*Complete a start up run where it scans your memory; it does not take long and most good antivirus softwares should have this option.
*Arrange the anti-virus program to scan all files " not just programs.
*Do enable the anti-virus scanning properties. A full scan takes a little longer, but not so much longer that it makes much difference to users.
*Enable Macro Virus Protection in all your Microsoft Office programs.
*Don't allow your e-mail programs to "auto open" attachments.
*Don't open files from emails that you don't recognize or attachments that might seem apprehensive.
*Configure your e-mail programs to show messages in plain text only if HTML format mail is not required.
*Do educate all your users on the dangers of e-mail attachments and viruses in general.
*Do use the security features that come with the product.
*Do educate your users about the anti-virus program you are using and how it works. This helps eliminate confusion, and staff will be less likely to try to disable the anti-virus program on their desktop machines

See also

*OpenAntivirus
*Computer virus
*Spyware
*Adware
*Worms
*Trojan horse
*Computer insecurity
*malware
*virus hoax
*List of computer viruses
*List of computer virus hoaxes
*List of trojan horses
*Timeline of notable computer viruses and worms
*Turing completeness
*Black hat
*Security through obscurity
*Spam
*Melissa worm, ILOVEYOU
*Cryptovirology
*Palm OS Viruses

External links

* Carnegie Mellon's CERT coordination center
* EICAR - European Institute for Computer Anti-Virus Research
* The History of Computer Viruses - A Timeline



Email this page
About Us | Advertise on This Site | User Agreement | Privacy Policy | Kids' Privacy Policy | Help
About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.
This is the "GNU Free Documentation License" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.