Antivirus software is used to prevent, detect, and remove malware (software designed specifically to damage or disrupt a system), including computer viruses, worms (replicates itself over a computer network and performs malicious actions such as using up the computer’s resources and possibly shutting the system down), and Trojan horses (a destructive program that masquerades as a benign application). Such programs may also prevent and remove adware, spyware, and other forms of malware.
A variety of strategies are typically employed. Signature-based detection involves searching for known malicious patterns in executable code. However, it is possible for a user to be infected with new malware in which no signature exists yet. To counter such so called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses for looking for known malicious code (or slight variations of such code) in files. Some antivirus software can also predict what a file will do if opened/run by emulating it in a sandbox and analyzing what it does to see if it performs any malicious actions. If it does, this could mean the file is malicious.
However, no matter how useful antivirus software is, it can sometimes have drawbacks. Antivirus software can degrade computer performance if it is not designed efficiently. Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection (of any kind), the success of it is going to depend on whether it achieves the right balance between false positives and false negatives. False positives can be as destructive as false negatives. In one case, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PC’s unable to boot. Finally, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attach.
For more information, visit us on our web site at: http://www.wilsontechgroup.com