Password Alert: 72% of users are recycling passwords!
infosec

Password Alert: 72% of users are recycling passwords!

Password Alert: Users recycle the same password on average four times, according to a Security.org report ....
Read More
infosec

Oakland: The third US city forbidding face recognition

Oakland, California, becomes the third US city that has decided to ban face recognition software from ...
Read More
infosec

Apps are removed from the Google Play Store due to ads

Google has taken strictest measures against apps in the Play Store, which are trying with insidious methods to abuse their ...
Read More
infosec

Israeli spyware was detected on Google, iCloud and Facebook

An Israeli spyware from NSO has been particularly discussed over the past year. One of the most recent incidents concerns ...
Read More
infosec

RAT targets financial institutions and government agencies

Security researchers have identified a new campaign targeting financial institutions and government agencies with a custom version of a remote access ...
Read More
Latest Posts

Antivirus: Features, Virus Detection Methods and Efficiency

antivirusΗ safety in cyberspace is one of the most important issues that concern companies and organizations as well as ordinary users. Below, some basic defense mechanisms (antivirus, anti-malware, firewall) and various virus detection methods.

antivirus

Viruses are a type of malware that can be duplicated. Antiviruses are designed to deal with many types of malware, not just viruses. However, they do not provide complete protection. Typically, they target classic malware such as viruses, worms, Trojans, keyloggers, and adwares. The job of antivirus is to scan computer files to detect common threats and eliminate them.

Anti-malware

Anti-malwares are different from antivirus. They scan the files to a deeper level and can find many more types of malware. In any case, it is good to use antivirus and anti-malware to protect it computer. Antivirus for everyday use and anti-malware for one on both.

firewall

Firewall is a network security system. Its job is to monitor the data stream of your device or network. The Firewall follows a set of rules you have set. According to these rules, it determines which packages are allowed to pass and which packages will be blocked because they are considered likely threatening.

Antivirus design

For an antivirus to be effective, it must protect our computer from various possible sources of malware.

Initially, antivirus should check whether the procedures to be performed can cause damage or not. If there is a possibility of causing damage, the process should be stopped before it even begins.

Also, antivirus must be able to scan archives, when the user opens a folder, that is, before running any of the files.

Another important feature, which is not considered mandatory in all antiviruses, is the protection of users, which has to do with the protection of users' personal information (e.g. codes access).

In order for an antivirus to be good, it must also be able to protect itself. This means that all components must be safe so they can not easily be defeated by malicious software that tries to get into the victims' computers.

Antivirus can deal with a virus infection in two ways. They can remove the virus-containing file and restore the computer to its original state, or they can "quarantine" the malicious file so that the user can decide what to do with it.

Therefore, antivirus knows where to look, what to protect and how to deal with an attack. How, however, detects viruses?

Here are the detection methods:

Signature-based Method

The principle on which this method is based is that each virus has a signature that is unique and used to identify that particular virus. Antivirus compares the signature of a program with a list of known virus signatures. If found in this list, then the program is treated as a virus and deleted from the system.

Method based on "behavior"

This type of antivirus tries to understand the "behavior" or "likely behavior" of a specific program and thus determines whether it is a malicious program or not. When is a suspected behavior characterized?

Typically, certain behaviors are defined as normal. Therefore, any behavior that differs from them is considered suspicious. This method is similar to the algorithm used to detect credit card fraud. If someone uses the card in an area that is unrelated to the place where they live, it is considered unusual behavior and therefore suspicious.

Of course, this method has some negative ones. For example, behaviors can be considered suspicious, without being or not the opposite. Additionally, if the attacker knows what behavior is determined to be normal, he can bypass the antivirus.

Heuristic Method

It looks quite like the signature-based method, as it uses the program code to determine whether a suspicious program is a virus or not. Heuristic analysis, unlike the signature-based method, can recognize new viruses (not only known).

It is implemented in three ways: dynamic scanning, file resolution, and signature detection.

Dynamic Scanning

Dynamic scan uses a virtual machine. Antivirus runs the suspicious file on the virtual machine and monitors its behavior. It noticed, for example, whether it is playing or whether it performs a trojan's payload.

Signature Detection

Almost the same as the signature-based method. The application is decrypted so that its source code can be verified. Next, the code is compared to the known virus code. If it looks like these viruses, it is considered a threat and quarantined.

File Analysis

Analyze the purpose of the code. It analyzes whether the purpose is to delete some files or if it is targeting something else unusual.

This detection method is better than signing, as it detects patterns in behavior rather than direct signature of viruses. Therefore, it can detect more viruses, however, it is not as effective as the behavior-based method.

Are Antivirus Effective?

Research has shown that the effectiveness of antivirus has declined over the last twelve years. There are many reasons for this. One main reason is the constant emergence of new viruses and attacks: zero-day vulnerabilities, ransomware etc .; The signature-based method is no longer as effective as viruses evolve continuously and rapidly. The behavior-based method is still in use, but it is not so effective against many modern viruses.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *