Apparently, the creators of the first computers could never have imagined that over time there would be threats to the security of the system itself and user data stored in the device’s memory. But ... they appeared, which necessitated the creation of effective means of protection, which later became known as "anti-virus programs." A list of the most famous and powerful packages will be presented below. In the meantime, let us dwell on the understanding of what computer viruses are and how they can be detected, isolated, or removed.
Antivirus software: what is it? A bit of history
So, what are viral threats and means to combat them? If you look at those distant times when computer technology was just beginning to develop, as a rule, viruses were executable files (.exe, .bat, etc.), the launch of which activated built-in codes and commands that allowed damage to computer systems.
Unlike modern virus applets, they only worked after the user activated the corresponding files, and their actions were mainly aimed at disrupting the operating system. Thus, antiviruses initially protected only the system, but not the information.
Subject of protection
Today, such threats are becoming less common. The priority for viruses is espionage, theft of confidential data, extortion of money. However, various types of advertising modules fall into the category of viruses, which can be activated in the system and cause inconvenience to work, say, on the Internet.
Actually, the ways of threats penetrating computer systems have changed quite a lot. Mostly this is connected to the Internet. Less common are viruses on removable media. However, their behavior is also very different from what it was before. They can disguise themselves as official programs or system services, penetrate the system under the guise of standard libraries containing executable codes, create their own copies, etc.
After activation, tracking such actions is very difficult, therefore it is recommended that you install an antivirus program, regardless of whether the user is connected to the Internet. The consequences can be most disastrous, for example, the loss of money from a card account. Such confidential information as logins and passwords for access to financial services or secret developments is now in demand more than ever. How can one not recall the famous expression that the one who owns the information owns the world?
Types of viruses
It goes without saying that viruses and antivirus protection are very closely related. But the main problem is that viruses are always one step ahead of security software. It is not surprising, because today they grow on the Internet like mushrooms after rain, and the developers of means to counter such threats simply do not keep pace with them.
What are the recently emerging cryptographic viruses that, when they penetrate computers, instantly encrypt user information using 1024-bit algorithms, although anti-virus laboratories have just come to the possibility of counteracting 128-bit encryption. But forecasting methods are also here.
So what do we have today? It is believed that the following viruses are the most common at the present stage of computer technology development:
- bootable;
- file
- boot-file;
- documentary;
- networked.
According to the type of work, they are divided into resident and non-resident. The only difference is that the resident virus can remain in the memory of the machine after the operation of the application or service associated with it has ended, while the non- resident virus functions exclusively only during the program’s duration.
The main types of threats are considered the following:
- parasites;
- Worms
- Trojans
- rootkits;
- Invisibility
- self-encrypting viruses;
- matting viruses without a permanent signature;
- resting viruses with an incubation period before exposure;
- advertising modules;
- Keyloggers
- cryptographers;
- ransomware, etc.
And this is only a small part of what antivirus programs should be able to detect and neutralize. Unfortunately, for many of the simplest free packages this is, to put it mildly, an impossible task. But for a complete understanding of everything related to antivirus software, for a start we will understand the principles of its operation and methods for determining existing or potential threats.
Potential Threat Identification Technologies
First of all, we note that most of today's well-known anti-virus applications rely on the so-called virus signature databases. In other words, this is data that contains examples of the structures of such threats and conclusions about their behavior in the infected system.
Such databases are updated almost every hour in the antivirus packages themselves and on the remote developers' servers. In the second case, this is due to the emergence of new threats. A huge plus of such databases is that based on the available analysis results, it is quite easy to identify new potentially dangerous elements that are not in the signature databases. Thus, it can be said that anti-virus programs are entire complexes consisting of basic software packages, virus databases and means of interaction between them.
Signature Analysis
If we talk about the methodology that is used in determining threats, one of the first places is taken by signature analysis, which consists in comparing virus file structures with existing template or previously defined schemes, which is inextricably linked with heuristic analysis.
To identify potential threats, this thing is simply irreplaceable, although there is no 100 percent guarantee of determining the threat for modern viruses.
Varieties of probabilistic tests
Another technology used by almost all currently known security packages (for example, Doctor Web, Kaspersky, and many others) is to identify a threat based on its structural appearance and behavior in the system.
It has three branches: heuristic and behavioral analysis and a method for comparing file checksums (most often used to detect viruses that can disguise themselves as system services and harmless programs). Here you have a comparison of embedded codes, and analysis of the impact on the system, and much more.
But the most powerful tool is believed to be a comparison of checksums, which allows you to identify a potential threat in 99.9% of cases out of 100.
Proactive defense
One of the forecasting methods in identifying potential threats is proactive defense. Such modules are available in most antivirus programs. But about the appropriateness of its application, there are two diametrically opposed opinions.
On the one hand, it seems that you can identify a potentially unsafe program or file based on signature and probabilistic analysis. But on the other hand, with this approach, false positives often occur even with the blocking of legitimate applications and programs. However, as part of the overall technology, such a technique is used almost universally.
The most famous antivirus programs: list
Now, let's move on to antivirus programs directly. It goes without saying that it’s impossible to cover them all, therefore we will restrict ourselves to the most famous and powerful ones and consider anti-virus computer programs, which include both commercial and free software.
Among all this huge amount, the following packages can be singled out separately:
- Kaspersky Lab antivirus products
- Doctor Web antivirus and its related software products;
- ESET antivirus packages (NOD32, Smart Security);
- Avast
- Avira
- Bitdefender
- Comodo Antivirus;
- 360 Security;
- Panda Cloud
- AVG Antivirus ;
- Microsoft Security Essentials
- McAffe software products ;
- Symantec products
- antiviruses from Norton;
- Optimizers with built-in antivirus modules like Advanced System Care, etc.
Naturally, here you can find three types of programs:
- completely free (free);
- shareware (shareware version, or “trial antivirus”) with a trial period of about 30 days;
- commercial products (paid) requiring the purchase of a license or a special activation key.
Free, shareware and paid versions of packages: what is the difference?
Speaking about different types of applications, it is worth noting that the difference between them is not only that for some you need to pay or activate them, but not for others. The point is much deeper. For example, a trial antivirus, as a rule, works only 30 days and provides the user with the opportunity to evaluate all of its capabilities. But after this period it can either turn off completely or block some important protective modules.
It is clear that after the shutdown there can be no question of any protection. But in the second case, the user, roughly speaking, gets such a lightweight (Lite) antivirus, the free version of which does not have a complete set for detecting threats and has only the most necessary for detecting and neutralizing viruses either in an already infected system or at the stage of their penetration. But, as practice shows, such scanners are capable of passing through not only potentially dangerous programs, scripts or applets, but sometimes they do not even recognize existing viruses.
The simplest methods for updating databases and software
As for the update, in all packages these processes are fully automated. In this case, there is an update of the signature database and the modules of the program itself (this is especially true for commercial products).
However, for some programs, you can also use special freely distributed keys that activate absolutely all functions of the package for a certain period of time. For example, NOD32, ESET Smart Security, Kaspersky Lab programs, and many others work on this principle. Simply enter a special username and password to make the program work in full force. Sometimes it may be necessary to convert such data into a license code. But this problem is solved using the official sites of the developer, where the whole operation takes a couple of seconds.
What to choose the user?
As can be seen from the foregoing, anti-virus programs are quite complex systems, not local ones, but consisting of many modules between which direct interaction should be ensured (signature databases, program modules, scanners, firewalls, analyzers, “doctors” to remove malware codes from infected objects, etc.).
As for the choice, of course, for complete comprehensive protection, it is not recommended to use primitive programs or free versions of commercial products that are suitable only for home installation, and only if the terminal does not have Internet access. Well, for entire computer systems with branched local connections, without a doubt, you will have to buy official licensed releases of such software. But then, if not completely, then, at least in a very large measure, you can be sure of the security of both the system and the data stored in it.