Antivirus

Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-malware

software, is computer software used to prevent, detect and remove malicious software.

Antivirus software was originally developed to detect and remove computer viruses, hence the
name. However, with the proliferation of other kinds of malware, antivirus software started to
provide protection from other computer threats. In particular, modern antivirus software can
protect from: malicious browser helper objects (BHOs), browser hijackers, ransomware,
keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools,
adware and spyware. Some products also include protection from other computer threats, such as
infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online
banking attacks, social engineering techniques, advanced persistent threat (APT) and botnet
DDoS attacks.

1
Why Antivirus is Important

For as long as computers have been and will be in existence, whether connected to the Internet
or not, there will always be a need for antivirus software. There will never be a time when
people, whether mischievous youths seeking a thrill or a hardened cybercriminals looking to
exploit billion-dollar companies, will stop looking to find ways to commit fraud, cause
widespread damage, or just experience the rush of breaking into a computer.

Antivirus software is an important tool to help prevent such attacks. Not every type of
cyberattack can be prevented with antivirus software, but it can be a great asset when trying to
prevent intrusion into a computer.Although not every intrusion into a computer is meant to cause
damage or steal valuable information, that doesnt mean that the attack isnt dangerous. All
intrusions into a computer exploit what is known as a vulnerability, or a weakness in the
computers operating system or other software that can act as an access point to an attack. Once
even the most innocuous of an intrusion exploits a vulnerability, it basically sends a signal to
others that this computer has been infiltrated. This opens the door wide open to much worse
attacks.When looking to purchase antivirus software, make sure to purchase a trusted and well
known, subscription-based program. This is important, as the makers of this type of software will
be able to keep their subscribers computers protected with real-time updates that scout out the
latest threats.

2
What antivirus software can protect against?

Antivirus protection isnt just a way to block computer viruses, as the name may apply. (Some
people think that all intrusions into a computer are called viruses, but that is a misnomer.) For
example, here is a list of the ways a good antivirus program can assist in protecting a computer
with data on it:

Antivirus Starting with the obvious, an antivirus program will protect against computer
viruses, or attacks that mean to damage a computer.
Rootkit protection This prevents rootkits, which are imbedded deep inside a computer
in order to mask other malware, from es tablishing in a computer.
Bot protection This alerts a subscriber when a cybercriminal is attempting to remotely
take over a computer to use as a source for automatic spamming and other crimes. Bots
are what botnets are based on (groups of ordinary people's computers that have been
infected in order to carry out attacks on other entities).
Worm protection By definition, worms attack networks rather than computers
themselves. However, worms can carry payloads of malware that can be deposited onto
computers, which will then do damage. Antivirus software can prevent this sort of attack
- stop computer worms.
Trojan horses Antivirus software cant stop a person from being duped into thinking
that a desired downloaded program or file is legitimate. However, antivirus software can
warn them when malware is detected within a Trojan horse file.
Spyware Antivirus software can detect when a computer has been infected with
spyware, or software thats meant to either collect data of usage or steal information,
even when the source came from a reputable, legitimate source.
Messaging protection Whether its instant messages or e-mails, antivirus software can
warn users when these messages contain dangerous attachments or fraudulent links.
Instant messaging security is important today.

Reputable antivirus software programs should also come with some sort of recovery tool. No
antivirus program is infallible (and if one claims to be, theyre lying). A recovery system will
help rid a computer of any malware that passed through its defenses. Also, antivirus software

3
isnt just for computer that are attacked from the Internet. Viruses can be spread via portable
storage drives. Conceivably, a person can plug one of these devices into a computer in a
library, then bring it home to a computer with no online capabilities, and spread some kind of
malware in this manner.

4
How does an antivirus work?

When a computer virus infects a computer, it must make changes to files on your computer,
critical areas like the Registry, or sections of memory to spread or damage the computer. An
antivirus program protects a computer by monitoring all file changes and the memory for
specific virus activity patterns. When these known or suspicious patterns are detected, the
antivirus warns the user about the action before they are performed. Below is a list of the
different forms of virus detection an antivirus can use to protect your computer.

1.Heuristic-based detection

The most common form of detection is a heuristic-based detection that uses an algorithm to
compare the signature of known viruses against a potential threat. Heuristic-based detection
allows an antivirus to detect viruses that have not yet been discovered or previous viruses that
have been modified or disguised and released as a new virus.

Heuristic-based scanning is the best-known method for detecting new viruses but can also
generate false positive matches, which means an antivirus scanner may report a file as being
infected that is not infected.

2.Signature-based or virus dictionary detection

Every antivirus scanner has a virus definition file, database, or dictionary that contains thousands
of known virus signatures. These signatures allow an antivirus program to identify past viruses
that have been analyzed by security professionals. Today, there are well over 100,000 different
known virus signatures that can be used for comparison.

Signature-based detection is an excellent way to prevent past known viruses and is the best
method of detection without creating a false warning. However, signature-based detection cannot
detect new viruses until the definition file is updated with new virus information.

5
3.Behavior-based detection

If a virus has made it past the above detections, the antivirus analyzes the behavior of programs
running on the computer. If a program begins to perform strange actions, the antivirus may
trigger a warning. Some of the strange actions, or behaviors, the antivirus watches for are listed
below.

Changing settings of other programs

Modifying or deleting dozens of files
Monitoring keystrokes
Remotely connecting to computers

Behavior-based detection is a useful method of finding viruses or other malware that attempt to
steal or log information. However, many programs today need to report to an online server or log
keystrokes to prevent online cheating, sometimes causing this type of detection to create false
warnings.

4.Sandbox detection

If a program is suspicious, some antivirus programs can also use sandbox detection, which
creates an emulated environment for the program to run and analyze its behavior. If when
executed in the emulated environment the program appears to perform destructive or abnormal
behavior the antivirus alerts the user before it running it on the computer.

5.Cloud antivirus detection

Cloud antivirus detection is a type of antivirus protection that uses a small client on the computer
that collects information and processes all of the forms of virus detection mentioned above in the
cloud. By running all detection in the cloud, the computer requires little processing compared to
a full antivirus program running on the computer but does always need an Internet connection.

6
Configuring an antivirus software ?

Configuring your Antivirus software Adjust thesettings to scan all files. Also, ensure that
realtime scanning is enabled by default. Create arecovery/reference/cure disk because if a
bootsector or MBR virus attack the system, it may failto boot. In that case, recovery cure disk
can beused to boot the system and remove the virus.Read the vendors manual. This will help you
tounderstand the advanced options and how to usethem according to your preference.

Some of the symptoms of infected computer

If your computer has a virus, it will more than likely begin showing certain symptoms which
will indicate that it has a virus, as well as, what type of virus it may be.
Here is a list of 20 computer virus symptoms or indicators that your computer may have a virus.

1.Your Computer Slows Down

One of the most common computer virus symptoms is slow down. You can know that
your computer has been affected by malware if your operating system, computer
applications, and internet speed begin to slow down. If you note such a tendency and
youre not running heavy applications or programs, there may be cause for alarm.

2.Crashing

If your system crash suddenly appears or the infamous Blue Screen of Death (BSOD)
appears more often, then its obvious that your computer isnt operating normally and
you should check it.

3.Pop-ups

One of the most annoying computer virus symptoms is characterized by unwanted

pop-ups. If these unexpected pop-ups appear on your system, know that your
computer has probably been affected by spyware/virus/malware.

7
4.Hard Drive Malfunction

In case you have discovered that your hard disk is exhibiting unusually high activity
even when you arent using it, consider checking for malware. However, hard disk
malfunction can also be caused by hardware failure.

5.Running Out of Storage Space

Computer virus symptoms can be triggered by numerous malicious software through

different methods to fill your storage space and may eventually cause it to crash.

6.Unwanted Programs or Messages That Start Automatically

Some of the warning signs that you should be suspicious about include:

Windows shutting down suddenly without reason

Programs opening or closing automatically

Strange windows as you boot

Message from windows that you lost access to your drive

7.Disabled Security Solution

In case your antivirus doesnt seem to work or if your update module all of a sudden
is disabled, make sure that you check what has happened as soon as possible. There
are some types of malware that are built to disable computer security solutions and
leave your machine defenseless.

8.Sending Strange Messages Automatically

The first step is to confirm whether the messages were sent from your account.
However, if you discover that you werent the sender, then the messages were sent by
an uncontrollable application.

8
9.Unusual Network Activity

Sometimes you may not be connected to the internet, and you arent running any
applications that can connect themselves to the internet, but you still observe high
network activity. Such computer virus symptoms can be confirmed by using a good
antivirus.

10. Applications

If you have tried to start applications from the start menu or desktop of your computer
and nothing happens, then your computer may be infected.

11.Error Messages

Your computer will know when something is wrong even before you do. One of the
noticeable computer virus symptoms includes messages that warn you of missing
files.

12.Advertisements

Ads are common when browsing. However, when you see them when not browsing,
this could be a sign of a virus.

13.Hardware and Accessory Problems

In case you have problems with your computer display, for instance color problems or
mixing pixels, this can be an indication of malware in your computer. Sometimes
network printers also malfunction if they become infected.

14.Sent Emails

Viruses can be spread via emails. Therefore, if you note that there are emails in your
outbox that you never sent or you receive suspicious emails from a friend, they may
be infected.

9
15.Computer Malfunction

Computer viruses can cause your computer to do all kind of strange things. When
your computer starts to open files on its own, or acts like keys have been clicked, then
you may be experiencing computer virus symptoms.

16.Affected Applications

Some viruses are created to affect some applications, and as a result your computer
may fail to run such applications until they are reinstalled.

17.Blocked From Antivirus Sites

If your computer has been infected by malicious viruses, your computer may be
prevented from accessing antivirus sites. Viruses attack browsers and may inhibit
them from using the internet normally.

18.Gibberish Dialog Boxes

If your computer opens up many dialog boxes on your screen all at once, this can be a
sign of malware. Most of the dialog boxes show gibberish messages that arent easily
decoded.

19.Slow Startup

If your computer suddenly experiences a slow startup most likely it has become
infected. There is the typical time your computer takes before it starts and you can
note when your computer starts slower than usual.

20.Printer Issues

If your printer seems to have a mind of its own and randomly prints documents,
you could possibly be dealing with a virus.

10
How to manually remove an infected file from your computer

In order to manually remove an infected item from your computer you need to perform the
following steps:

1. Restart the computer in Safe Mode. You can do that, by following the steps in our
article, here.

2. Display hidden objects in Windows; information on how to display the hidden object can be
found here.

3. Locate and delete the infected file (right click on the file and then select Delete). In our
example the infected file is:

C:\test\eicar.com.txt

4. After you do this, you can restart the computer in Normal Mode and run a Bitdefender System
Scan to be sure the computer is clean.

NOTE: If infected files are still found on the system (and they haven't been resolved by the
Bitdefender scan) please generate a scan log and send it to the Technical Support Team via the
open ticket you have with us. You can see here in our article how to generate a scan log. If you
don't have a ticket, please use the Contact Form.

NOTE: We recommend manually deleting an infected file only if you are sure the file isn't an
important operating system file. Deleting a system file may result in the malfunction of your
operating system. If you are not sure about the file, please contact the Customer Care
Department.

11
Antivirus Effectiveness

Studies in December 2007 showed that the effectiveness of antivirus software had decreased in
the previous year, particularly against unknown or zero day attacks. The computer magazine c't
found that detection rates for these threats had dropped from 4050% in 2006 to 2030% in
2007. At that time, the only exception was the NOD32 antivirus, which managed a detection rate
of 68%. According to the ZeuS tracker website the average detection rate for all variants of the
well-known ZeuS trojan is as low as 40%.

The problem is magnified by the changing intent of virus authors. Some years ago it was obvious
when a virus infection was present. The viruses of the day, written by amateurs, exhibited
destructive behavior or pop-ups. Modern viruses are often written by professionals, financed by
criminal organizations.

In 2008, Eva Chen, CEO of Trend Micro, stated that the anti-virus industry has over-hyped how
effective its products are and so has been misleading customers for years.

Independent testing on all the major virus scanners consistently shows that none provide 100%
virus detection. The best ones provided as high as 99.9% detection for simulated real-world
situations, while the lowest provided 91.1% in tests conducted in August 2013. Many virus
scanners produce false positive results as well, identifying benign files as malware.

Although methodologies may differ, some notable independent quality testing agencies include
AV-Comparatives, ICSA Labs, West Coast Labs, Virus Bulletin, AV-TEST and other members
of the Anti-Malware Testing Standards Organization.

12
Online scanning

Some antivirus vendors maintain websites with free online scanning capability of the entire
computer, critical areas only, local disks, folders or files. Periodic online scanning is a good idea
for those that run antivirus applications on their computers because those applications are
frequently slow to catch threats. One of the first things that malicious software does in an attack
is disable any existing antivirus software and sometimes the only way to know of an attack is by
turning to an online resource that is not installed on the infected computer.

Specialist tools

The command-line rkhunter scanner, an engine to scan for Linux rootkits. Here running the tool on
Ubuntu.

Virus removal tools are available to help remove stubborn infections or certain types of
infection. Examples include Trend Micro's Rootkit Buster, and rkhunter for the detection of
rootkits, Avira's AntiVir Removal Tool, PCTools Threat Removal Tool, and AVG's Anti-Virus
Free 2011.

13
A rescue disk that is bootable, such as a CD or USB storage device, can be used to run antivirus
software outside of the installed operating system, in order to remove infections while they are
dormant. A bootable antivirus disk can be useful when, for example, the installed operating
system is no longer bootable or has malware that is resisting all attempts to be removed by the
installed antivirus software. Examples of some of these bootable disks include the Avira AntiVir
Rescue System, PCTools Alternate Operating System Scanner, and AVG Rescue CD. The AVG
Rescue CD software can also be installed onto a USB storage device, that is bootable on newer
computers.

14
New viruses

Anti-virus programs are not always effective against new viruses, even those that use non-
signature-based methods that should detect new viruses. The reason for this is that the virus

designers test their new viruses on the major anti-virus applications to make sure that they are
not detected before releasing them into the wild.

Some new viruses, particularly ransomware, use polymorphic code to avoid detection by virus
scanners. Jerome Segura, a security analyst with ParetoLogic, explained:

It's something that they miss a lot of the time because this type of [ransomware virus]
comes from sites that use a polymorphism, which means they basically randomize the
file they send you and it gets by well-known antivirus products very easily. I've seen
people firsthand getting infected, having all the pop-ups and yet they have antivirus
software running and it's not detecting anything. It actually can be pretty hard to get rid
of, as well, and you're never really sure if it's really gone. When we see something like
that usually we advise to reinstall the operating system or reinstall backups.

A proof of concept virus has used the Graphics Processing Unit (GPU) to avoid detection from
anti-virus software. The potential success of this involves bypassing the CPU in order to make it
much harder for security researchers to analyse the inner workings of such malware.

15
Rootkits

A rootkit is a collection of computer software, typically malicious, designed to enable access to a

computer or areas of its software that would not otherwise be allowed (for example, to an
unauthorized user) and often masks its existence or the existence of other software.[1] The term
rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix-like
operating systems) and the word "kit" (which refers to the software components that implement
the tool). The term "rootkit" has negative connotations through its association with malware.[1]

Rootkit installation can be automated, or an attacker can install it once they've obtained root or
Administrator access. Obtaining this access is a result of direct attack on a system, i.e. exploiting
a known vulnerability (such as privilege escalation) or a password (obtained by cracking or
social engineering tactics like "phishing"). Once installed, it becomes possible to hide the
intrusion as well as to maintain privileged access. The key is the root or administrator access.
Full control over a system means that existing software can be modified, including software that
might otherwise be used to detect or circumvent it.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is
intended to find it. Detection methods include using an alternative and trusted operating system,
behavioral-based methods, signature scanning, difference scanning, and memory dump analysis.
Removal can be complicated or practically impossible, especially in cases where the rootkit
resides in the kernel; reinstallation of the operating system may be the only available solution to
the problem.[2] When dealing with firmware rootkits, removal may require hardware
replacement, or specialized equipment.

16
Antivirus Damaged files

If a file has been infected by a computer virus, anti-virus software will attempt to remove the
virus code from the file during disinfection, but it is not always able to restore the file to its
undamaged state. In such circumstances, damaged files can only be restored from existing
backups or shadow copies (this is also true for ransomware); installed software that is damaged
requires re-installation (however, see System File Checker).

Firmware issues

Active anti-virus software can interfere with a firmware update process. Any writeable firmware
in the computer can be infected by malicious code. This is a major concern, as an infected BIOS
could require the actual BIOS chip to be replaced to ensure the malicious code is completely
removed. Anti-virus software is not effective at protecting firmware and the motherboard BIOS
from infection.In 2014, security researchers discovered that USB devices contain writeable
firmware which can be modified with malicious code (dubbed "BadUSB"), which anti-virus
software cannot detect or prevent. The malicious code can run undetected on the computer and
could even infect the operating system prior to it booting up

Hardware and network firewall

Network firewalls prevent unknown programs and processes from accessing the system.
However, they are not antivirus systems and make no attempt to identify or remove anything.
They may protect against infection from outside the protected computer or network, and limit the
activity of any malicious software which is present by blocking incoming or outgoing requests
on certain TCP/IP ports. A firewall is designed to deal with broader system threats that come
from network connections into the system and is not an alternative to a virus protection system.

17
Cloud antivirus

Cloud antivirus is a technology that uses lightweight agent software on the protected computer,
while offloading the majority of data analysis to the provider's infrastructure.

One approach to implementing cloud antivirus involves scanning suspicious files using multiple
antivirus engines. This approach was proposed by an early implementation of the cloud antivirus
concept called CloudAV. CloudAV was designed to send programs or documents to a network
cloud where multiple antivirus and behavioral detection programs are used simultaneously in
order to improve detection rates. Parallel scanning of files using potentially incompatible
antivirus scanners is achieved by spawning a virtual machine per detection engine and therefore
eliminating any possible issues. CloudAV can also perform "retrospective detection," whereby
the cloud detection engine rescans all files in its file access history when a new threat is
identified thus improving new threat detection speed. Finally, CloudAV is a solution for
effective virus scanning on devices that lack the computing power to perform the scans
themselves.

Some examples of cloud anti-virus products are Panda Cloud Antivirus, Crowdstrike, Cb
Defense and Immunet. Comodo group has also produced cloud-based anti-virus.

18
Advantages of Anti-virus software

1. Protection from viruses

Viruses have been designed by cybercriminals to compromise the data in your system.

In the absence of an antivirus solution, they can easily damage important information and disturb
the operating system, ultimately rendering the machine virtually worthless.

With the security provided by strong antivirus protection, however, the self-replicating codes
dont stand a chance of reaching the heart and brain of your computer that is the CPU
accordingly protecting your system and the data it contains.

2. Protection from hackers

Hackers are the human version of viruses.

They use backdoor entries to access important data such as credit card and bank account
information, with which they gain access to your financial activities and transact on your behalf.

A strong antivirus software can detect the spyware and other suspicious files such as keyloggers
used by these hackers, alert you, and proceed to block them from entering your computer system.

3. Restoration of corrupted data

Several antivirus solutions can identify and eliminate the specific bits of your data affected by
malware without damaging your original data.

This facility could really come in handy when youre at risk of losing the only copy of the file in
question.

4. Protection from spam

Albeit most spammers are honest marketers with no malicious intent in their trade, some spam
messages are actually a result of viruses hiding in your hard disc.

19
An antivirus solution will disable the viruses and drastically reduce the amount of unsolicited
emails you receive.

5. Extends the life of your computer

Malwares and Viruses greatly affects the systems performance Some of the most comprehensive
and reliable antivirus applications on the market are viewed as an unnecessary and costly
addition to your computer when, in real sense, they are offering insurance against future
expenses.

Viruses and malware are known to gradually deteriorate both the computers hardware and
software if left in the system for too long.

This not only slows the computer and makes some tasks virtually impossible to perform, but also
poses the risk of completely crashing your system.

Important data could be lost in the process and, possibly worse for some, an unforeseen expense
in a new computer emerges.

This can be quite inconvenient and cannot compare even when weighed against the most
overpriced antivirus there is.

6. Offers peace of mind

If you are acquainted with the dangers of using an unprotected computer, you may not
experience that much peace browsing the internet without an antivirus; you will rationally worry
about the prospect of inflicting a virus on yourself, and would avoid visiting some websites and
downloading files in the name of protecting your computer.

These are things you barely think about when using a computer equipped with an active
antivirus.

20
7. Protection for your acquaintances

Notorious viruses are self-replicating and can be transferred to other computers while being
disguised as ordinary data.

The people you share the data with will obliviously spread the virus, further forming a long chain
of infections that could have been managed by a simple antivirus installation in your computer.

Even if the corrupted data didnt originate from your machine, an antivirus would help you
detect the threat before it reaches the next unprotected person.

21
References

o Naveen, Sharanya. "Anti-virus software". Retrieved May 31, 2016.

o Henry, Alan. "The Difference Between Antivirus and Anti-Malware (and Which to Use)".
o "What is antivirus software?". Microsoft. Archived from the original on April 11, 2011.
o von Neumann, John (1966) Theory of self-reproducing automata. University of Illinois
Press.
o Thomas Chen, Jean-Marc Robert (2004). "The Evolution of Viruses and Worms".
Archived from the original on May 17, 2009. Retrieved February 16, 2009.
o From the first email to the first YouTube video: a definitive internet history. Tom Meltzer
and Sarah Phillips. The Guardian. October 23, 2009

22