Η safety in cyberspace is one of the most important issues that concern companies and organizations as well as ordinary users. Below, some basic defense mechanisms (antivirus, anti-malware, firewall) and various virus detection methods.
Viruses are a type of malware that can be duplicated. Antiviruses are designed to deal with many types of malware, not just viruses. However, they do not provide complete protection. Typically, they target classic malware such as viruses, worms, Trojans, keyloggers, and adwares. The job of antivirus is to scan computer files to detect common threats and eliminate them.
Anti-malwares are different from antivirus. They scan the files to a deeper level and can find many more types of malware. In any case, it is good to use antivirus and anti-malware to protect it computer. Antivirus for everyday use and anti-malware for one on both.
Firewall is a network security system. Its job is to monitor the data stream of your device or network. The Firewall follows a set of rules you have set. According to these rules, it determines which packages are allowed to pass and which packages will be blocked because they are considered likely threatening.
For an antivirus to be effective, it must protect our computer from various possible sources of malware.
Initially, antivirus should check whether the procedures to be performed can cause damage or not. If there is a possibility of causing damage, the process should be stopped before it even begins.
Also, antivirus must be able to scan archives, when the user opens a folder, that is, before running any of the files.
Another important feature, which is not considered mandatory in all antiviruses, is the protection of users, which has to do with the protection of users' personal information (e.g. codes access).
In order for an antivirus to be good, it must also be able to protect itself. This means that all components must be safe so they can not easily be defeated by malicious software that tries to get into the victims' computers.
Antivirus can deal with a virus infection in two ways. They can remove the virus-containing file and restore the computer to its original state, or they can "quarantine" the malicious file so that the user can decide what to do with it.
Therefore, antivirus knows where to look, what to protect and how to deal with an attack. How, however, detects viruses?
Here are the detection methods:
The principle on which this method is based is that each virus has a signature that is unique and used to identify that particular virus. Antivirus compares the signature of a program with a list of known virus signatures. If found in this list, then the program is treated as a virus and deleted from the system.
Method based on "behavior"
This type of antivirus tries to understand the "behavior" or "likely behavior" of a specific program and thus determines whether it is a malicious program or not. When is a suspected behavior characterized?
Typically, certain behaviors are defined as normal. Therefore, any behavior that differs from them is considered suspicious. This method is similar to the algorithm used to detect credit card fraud. If someone uses the card in an area that is unrelated to the place where they live, it is considered unusual behavior and therefore suspicious.
Of course, this method has some negative ones. For example, behaviors can be considered suspicious, without being or not the opposite. Additionally, if the attacker knows what behavior is determined to be normal, he can bypass the antivirus.
It looks quite like the signature-based method, as it uses the program code to determine whether a suspicious program is a virus or not. Heuristic analysis, unlike the signature-based method, can recognize new viruses (not only known).
It is implemented in three ways: dynamic scanning, file resolution, and signature detection.
Dynamic scan uses a virtual machine. Antivirus runs the suspicious file on the virtual machine and monitors its behavior. It noticed, for example, whether it is playing or whether it performs a trojan's payload.
Almost the same as the signature-based method. The application is decrypted so that its source code can be verified. Next, the code is compared to the known virus code. If it looks like these viruses, it is considered a threat and quarantined.
Analyze the purpose of the code. It analyzes whether the purpose is to delete some files or if it is targeting something else unusual.
This detection method is better than signing, as it detects patterns in behavior rather than direct signature of viruses. Therefore, it can detect more viruses, however, it is not as effective as the behavior-based method.
Are Antivirus Effective?
Research has shown that the effectiveness of antivirus has declined over the last twelve years. There are many reasons for this. One main reason is the constant emergence of new viruses and attacks: zero-day vulnerabilities, ransomware etc .; The signature-based method is no longer as effective as viruses evolve continuously and rapidly. The behavior-based method is still in use, but it is not so effective against many modern viruses.