ANTIVIRUS- An Indispensable Tool for Our Security
Due to the fact that
nowadays the exchange of information and communication between people are very
frequently carried out by electronic means, we must have protection mechanisms
for our computer equipment, as a measure to protect confidentiality, integrity
and availability. of our information. Of the fundamental tools required for the
protection of our computers , Antivirus software
is at the top of the list , which is a computer
program that, through a file scan, aims to detect, identify and eliminate malware.
User interface: is
the means by which a user can communicate and interact with antivirus software and
make settings
Search engine: the search engine is the brain of the antivirus software as it is responsible for the search and detection of malware, using the virus definitions database. As new viruses are created, the engine must be updated so that it can search areas, files or systems that have not been checked before.
Virus definition database: contains updated files on malware signatures and is used by antivirus software to detect them. It is essential that the virus definition database is always up-to-date for efficient and early detection that includes the latest viruses.
There are three technologies used by antivirus programs to detect malware, these are:
a) Matching signatures (Matching signature): This technology is based on the search for matches between the scanned files and records of the signatures of malware (contained in the database definition of virus). Detection occurs when there is a match between the points in comparison. The drawback of this technology lies in the need to previously have the signature associated with the malware in order to detect it, which requires the user to make periodic updates to the database containing the malware's signatures.
b) Heuristic (Heuristic): This technology consists in that antivirus software can detect malware that does not yet have the associated signature. This is possible through the use of a malware behavior signature database. To carry out the detection, the antivirus software that uses this technology, analyzes the code for any routine or subroutine and compares it with the behavioral signatures stored in the database (static level), on the other hand if the heuristic technology recurs to the execution in a virtual machine that allows analyzing the behavior of the malware it is called dynamic level. The disadvantage of using this technology is that due to its operation it can cause false positives.
c) Verification Integrity (Integrity checksum): This technology is based on the idea that a malware that want to infect a system, you must make changes in it to meet its goal. An example of this could be the presence of a virus that overwrites a system file, adding malicious code inside the file (it mainly occurs in this type of files because they are in reserved areas and are minimally accessed by users). The method resorts to obtaining the checklist of clean malware files and any alteration in this value will indicate that a modification has been presented, which may indicate the presence of a malware. The disadvantages of using this method is the generation of false positives, as well as its inefficiency towards the detection of macro viruses or those viruses capable of inserting themselves into memory and achieving their execution without the need to be previously stored within a file.
Another important point is the malware detection process; this is done through two operating procedures which are defined in Table 1:
Table 1. Operating procedures
|
OPERATING
PROCEDURES |
||||
|
Functioning |
|
REAL
TIME (Real
Time) |
|
ON-DEMAND
SCANNER (on-demand
scanner) |
|
|
||||
|
They
search for malware when a file is accessed or an application is run. |
|
The
user can indicate at any time, the review of the file, folder or content in
search of malware. |
||
|
Advantage |
|
It
can be programmed to perform checks on all files for malicious code. |
|
|
|
Disadvantages |
|
It
only performs the check when the file is accessed, in case an infected file
is hosted on the hard drive and is not accessed, the antivirus software will
not be able to detect it. |
|
It
offers a good evaluation of the system at a single point in time (only at the
moment it is invoked). |
The
evaluation criteria that home users, businesses, and institutions might
consider to select the right Antivirus Software for
their needs are presented in Table 2:
|
EVALUATION CRITERIA |
DESCRIPTION |
|
Detection |
Two
important aspects within this criterion are: the number of viruses that the
software can detect (known as detection speed) and under what circumstances
it can perform it (detection on shared network resources, via email or if it
is running in memory). |
|
Technology |
Verify
the type of technologies included in the product (compatibility with software
and hardware, operation process --real time, on Access scanner--,
technologies used to perform the detection. |
|
Maintenance |
Due
to the importance of updating the virus definitions database, it is advisable
to choose an antivirus that is easy to update and for which database updates
are performed more frequently. In
addition, the time in which the update process is carried out must be
evaluated. |
|
Performance |
Impacts
that affect the performance of the computer equipment where it was installed. |
|
Manageability |
In
the case of business environments, the importance of being able to centralize
the management of antivirus software, which allows setting update periods,
establishing policies, verifying the protection of clients and servers. |
|
qTechnical support |
Know
the different levels of support available (home user, corporate solutions),
as well as the means to provide support (online, telephone contact). As
well as alerts about unknown malware that represents a high risk for computer
equipment. |
|
Third party reviews and evaluations |
Evaluations
published by third parties, which allow to know in depth the performance of
an antivirus software under particular evaluation procedures. |
|
Products and vulnerabilities |
Identify
the vulnerabilities detected in the antivirus software. |
|
Distributor profile |
Research
information about distributors, their position and recognition in the market,
as well as how long they have been in it. |
No comments:
Post a Comment