Antivirus is a software tool designed to combat computer viruses. Antivirus: definition, classification and reviews
With the advent of computers and the operating systems under which they worked, malware began to appear, called viruses by analogy with medical terminology. With this phenomenon it was necessary to somehow fight, so even in those days, the first antivirus was developed. This, in fact, was the only defense against threats that initially showed a destructive effect on the computer system. Today, viruses have evolved. Accordingly, the antivirus programs have changed.
Antivirus: what is it?
First, let's look at the history of the development of antivirus software. If we compare the very first means of protection and modern developments, we can say that today's antivirus is a comprehensive protection of the operating system, installed user programs, and personal data of the user, any other confidential or non-public information.
Why is that? Let's look at any modern antivirus. The basic concepts associated with his work will be considered separately, but for now, one should proceed from how the threats have changed since their first appearance.
Indeed, in the past, the impact of threats was mainly aimed only at disabling the operating system. The first hackers were engaged in the creation of such programs, as they say today, purely from sports interest. Over time, their intentions began to go even beyond the law. They began to steal secret information, activate advertising, fill the computer with unnecessary garbage in order to increase the load on the system, etc. That is why in the modern world the work of the antivirus is not limited to the detection of destructive threats.They are actively used anti-spyware and anti-advertising modules, providing the most complete protection against all that can be considered viruses. But it is impossible to defend absolutely everything, because today viruses appear like mushrooms after rain.
Antivirus software is ... Types of antivirus
As for modern antivirus programs, their classification is purely conditional, since most of the packages are full-featured complexes designed to detect, isolate or remove threats of all known types.
The only exceptions are scanners that are portable or run before the start of the operating system for detecting certain types of threats. For example, applications with the common name Rescue Disk start before the system boots and detect viruses that critically affect the system and cause a violation of its launch.
Applications like AdwCleaner and other software products from Malwarebytes are mainly focused on removing adware and related spyware. Thus, not always installed or portable applications provide complete protection and can be used mainly to scan a specific type of threat.
On the other hand, it is absolutely inappropriate to install several anti-virus programs in the system. At best, you can use paired, say, ESET Smart Security and some Malwarebytes product. But if you install antiviruses like NOD32 and Kaspersky Free at the same time, conflicts cannot be avoided (they will “compete” among themselves). Sometime on the Internet, one of the users on this topic expressed that, they say, to install two such packages together, it’s like putting Stalin and Hitler in one cell. And there is some truth in this.
Principles of work of modern antiviruses
Now a few words about how any modern antivirus works. It is a process that includes on-demand scanning stages, preventing the intrusion of threats based on several types of analysis of potentially dangerous files or resources on the Internet, and isolating or completely eliminating the threat.
Two types of analysis are used as tools for determining viruses: signature-based and probabilistic.
This type of analysis is based directly on accessing special databases that contain information about already known viruses.
When scanning a potentially dangerous object, the program compares its structure with the already known structures of other detected threats. That is why we can safely say that a modern antivirus is an application for which such databases need to be periodically updated, since new information is entered into them almost daily. As already mentioned, viruses evolve much faster than anti-virus software. Thus, the version of the antivirus is also subject to updating, since the built-in modules become obsolete and may not cope with the functions assigned to them over time.
This type of verification consists of three subtypes: heuristic and behavioral analysis, plus a method for comparing checksums.
Each of these three types could be divided into independent categories, but in world practice they are combined into one type in the form of subsections. Consider each one of them.
Heuristic analysis is inherently very similar to signature-based, because it is based on comparing the structure of a threat based on already known isolated threats.
The only difference iswhat is also provided here is the definition of the algorithms built into the virus, on the basis of which a possible method of possible influence of the malicious code on the computer system is detected.
Based on the name of this type of testing, it is easy to guess that it is associated with heuristic analysis and allows you to make a prediction of how the impact of the threat will affect the state of the system. However, this technique is used more in relation to all sorts of macros and scripts.
Another interconnected component that allows to detect the presence of a virus is the comparison of checksums of files. All information about the structure of any file that is present in the system is written to the cache, and when you try to change objects, the initial and final amounts corresponding to the same file are compared.
When a user or a system process makes changes to a file, now we don’t take it into account. But in the case when a massive or simultaneous change of checksums begins, this may indicate that the impact of the malicious code has already been activated.
Modern anti-virus packages
As a rule, almost all modern protection packages require activation or input of a license code. Even in the free version any antivirus provides them for a year (sometimes less). Paid and shareware products may work during the trial period, after which they will have to either be purchased or the license may be renewed. For example, you can not buy ESET programs. For them, it is enough to activate a new product code every 30 days. Reviews show that you can find daily updated logins and passwords on the Internet, which can then be converted to the required license code using a special rectifier.
As for the antivirus packages themselves, there are quite a lot of them today, but among all that is offered on the antivirus software market, the following products can be singled out (including antivirus programs, Internet protectors, etc.):
- Kaspersky Lab products;
- ESET protection;
- development Dr. Web;
- Malwarebytes tools;
- Antivirus Avast, Avira, Panda, AVG, 360 Security, Bitdefender, Comodo, MS Security Essentials, McAfee and many others.
Instead of an afterword
As you can see from the above,A modern antivirus is a fairly serious software package focused on the timely detection and elimination of any possible threat when attempting to enter it into a computer system. If we consider a completely logical question about what means to use to provide full protection, judging by the opinions of experts and many users on the forums, it is better not to install free programs, since many of them are able to skip threats, and some also cause conflicts on Windows system processes. Provided that the tools of the Windows systems themselves are clearly losing to third-party programs, it is better to install at least some package from ESET. Of course, it is necessary to renew the license every month. Inconvenient. But such packages will be able to protect both the computer and user information at all levels.