With the eminent threat of data loss, being hacked or some catastrophic computer failure as a result of an evil mind somewhere in the cyber space, implementing computer security has become paramount. Besides plain old hacks relying on luck to find weaknesses, computer attacks have evolved to be more deadly – malware. In this article, we shall look into how antivirus programs work and of course; you shall realize some new definitions. Read along as the Antivirus mystery is demystified.
An antivirus is a computer program that is designed to
detect and remove malware in a computer as well as prevent infection
from such malware. Note, an antivirus has three key goals; detect, remove, prevent without which it would not be effective.
What is malware?
Malware is a broad term used to refer to any malicious software including but not limited to viruses, worms, Trojans horses, key loggers, rootkit, adware and spyware. The terms malware is a contraction of two terms Malicious Software.
Antivirus programs have their origins as early as the 1980’s and back then, the only problem was computer viruses hence the name antivirus. An antivirus program is also referred to as an anti-malware program. With the evolution of computer threats into more sophisticated programs, computer software engineers adopted new mechanisms to counter the threats but the name had already stuck. Now that we do know some definitions and a bit of history, let us get right into the main aim of this article.
A word of caution
It is important to note that there is no antivirus program (or algorithm) that can detect all possible malware; you can never be completely safe. This was stated as early as 1987 by one Frederick B. Cohen and it remains true to date. Let no one fool you that you are 100% immune from computer viruses. Let no one.
Different antivirus program designers use different algorithms to compete with others in the market but when it comes to actual antivirus work, one of two ways is used; data mining or sand boxing. The former is a more recent development while the latter is quite archaic. Let us look at both mechanisms to see what they really are.
Data Mining as used in Antivirus programs.
You can read more about Data Mining here.
For data mining to work in an antivirus program, the antivirus program designers have to come up with viable algorithms featuring both data mining and machine learning. The data mining algorithms extract data from files being scanned by the antivirus program while machine learning algorithms used the data extracted to classify the program as either safe or executable. This follows a series of file features from the scanned program itself. It is still a fairly new mechanism being implemented in antivirus programs.
Sand Boxing as used in Antivirus programs.
This is the more widely used mechanism to protect you form harmful software. For it to work; the antivirus program executes a computer program in a virtual environment and logs the actions of the program being executed and depending on the actions logged, the antivirus program can categorize the software as malicious or not. In this case, the program always runs in the virtual environment before it can run for your to interact with it or to perform some command. Of course, there is a performance problem associated with this method and that is causing your computer to appear slower.
To identify and eradicate malware, antivirus programs rely heavily on databases pre-loaded with information regarding known malware. This information is referred to as signatures. To generate these signatures, antivirus firms analyse software and from such an analysis, a signature is generated and stored in a database accessible by an antivirus software. Each time the antivirus scans a software, it checks for these signatures and can then flag the software as a malware or not. In recent times however, this method is not really effective against emerging threats. Malware engineers have evolved to create malware that is mutative in nature. These mutations cause continuous change and specific encryption that render the signature databases ineffective. That brings us to another form of detection.
Where signature based detection is ineffective, the use of generic detection is implemented. Generic detection refers to the detection and removal of multiple threats using a single virus signature, definition. In cases where mutation of malware is eminent, then this mechanism comes to the rescue. In this case where the malware encrypts itself, or even layers itself with useless code as a disguise generic detection is not only faster but also effective. The signatures may be different but the behavior is almost the same, the malware is doomed.
Another way to eliminate threats from your computer is the use of Real-Time Protection. This strategy utilizes a preventive mechanism to eliminate any potential harm from malware. As earlier mentioned, antivirus software has evolved over the years to spread the levels of security required in modern times. When this mode of protection is on, background activities of antivirus software take scan and ensure protection in several areas including but not limited to; emails, connected external media, network, media files and software programs.
In computers every aspect has its pros and cons but as along as the cons are significantly outweighed by the pros, you go ahead an implement such an aspect. Antivirus program have a number of cons including performance issues, monetary inconveniences and malfunctions in virus detection but the overall point is – you’d rather be secure.