Wilson Technology Group and More

Your One Stop IT and Telecommunications Firm

Antivirus Software

Leave a comment

Antivirus software is used to prevent, detect, and remove malware (software designed specifically to damage or disrupt a system), including computer viruses, worms (replicates itself over a computer network and performs malicious actions such as using up the computer’s resources and possibly shutting the system down), and Trojan horses (a destructive program that masquerades as a benign application).  Such programs may also prevent and remove adware, spyware, and other forms of malware.

A variety of strategies are typically employed.  Signature-based detection involves searching for known malicious patterns in executable code.  However, it is possible for a user to be infected with new malware in which no signature exists yet.  To counter such so called zero-day threats, heuristics can be used.  One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses for looking for known malicious code (or slight variations of such code) in files.  Some antivirus software can also predict what a file will do if opened/run by emulating it in a sandbox and analyzing what it does to see if it performs any malicious actions.  If it does, this could mean the file is malicious.

However, no matter how useful antivirus software is, it can sometimes have drawbacks.  Antivirus software can degrade computer performance if it is not designed efficiently.  Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with.  An incorrect decision may lead to a security breach.  If the antivirus software employs heuristic detection (of any kind), the success of it is going to depend on whether it achieves the right balance between false positives and false negatives.  False positives can be as destructive as false negatives.   In one case, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PC’s unable to boot.  Finally, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attach.

For more information, visit us on our web site at:   http://www.wilsontechgroup.com


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s