Here is full info

How antivirus works and which software to give preference to

The information security of any computer or mobile system cannot be imagined without the use of special protective software products called antiviruses. A lot of such software has been developed to date, and users often face a difficult choice in favor of a particular application that could provide full protection. In order to get the most correct approach to solving this problem, initially it is necessary to have at least basic knowledge regarding how the antivirus works.

Letโ€™s take a look at the fundamental principles of organizing a security system on a computer or mobile device and find out exactly what criteria the antivirus that is supposed to install on the device should meet.

How antivirus works: general principles

As for the main directions in providing comprehensive protection for any computer device, it should be clearly understood that different security modules respond differently to potential threats, since nowadays among them you can find not only pure viruses that harm the operating system, so to speak stored on the hard drive and removable storage medium, installed equipment, and entire categories of applets like trojans, spies, keyloggers or adware that are actually not viruses, rather, they are related to unwanted software.

Types of antiviruses, detection and neutralization of potential threats

But, if you understand how the antivirus works in relation to the main types of threats, you can distinguish several basic principles by which they are detected:

  • signature analysis;
  • heuristic definition (behavioral analysis);
  • comparison of checksums;
  • threat analysis at the firewall level.

The first technique is the most common and based on a comparison of signatures (structures) of suspicious objects with those stored in anti-virus databases. That is why such databases must be kept up to date, and the update is usually done automatically by the antivirus itself. The signature method allows you to track in time the appearance of known viruses in the system, but very often it turns out to be completely ineffective when trying to identify unknown and new threats.

In this case, the second method comes into effect. How does antivirus work in such a situation? It simply tracks the launch of some programs or files (especially those that start with the system), analyzing their behavior. If during the startup process something suspicious is observed, the antivirus will identify such a component as a potentially dangerous infected object. The advantage of the method is that it can be used to identify new threats, but among the shortcomings, false positives are considered to be the main one, even when trying to launch some kind of official software.

The checksum comparison technique is often used in cases when virus applets try to replace system elements or program files with their own components containing malicious codes.

Finally, the use of firewalls (firewalls), which constantly monitor incoming and outgoing traffic when there are network connections and active access to the Internet, is quite widespread. This also allows you to set an obstacle in time on the way in which theoretically a virus or threat could infiltrate the system and cause unwanted actions, damaging important OS files or spoiling user data. The most dangerous here are all kinds of ransomware viruses and ransomware that can make files completely unreadable.

Finally, let's see how the antivirus program works in the light of the latest computer developments. Recently, cloud technologies in the form of so-called โ€œsandboxesโ€ have begun to be used more and more, in which suspicious files received from the Internet, network environment, or when they are copied to a hard disk from removable media are sent for analysis without physical storage in a computer system.

Why do some antiviruses skip threats?

How antivirus detects a virus, a little understood. Now itโ€™s worth looking at the weaknesses of regular protection programs. In particular, we are talking about all kinds of advertising applets that have recently flooded the Internet. So why, with this distribution, some free antiviruses do not respond to them? Yes, just because most of these applets have security certificates and digital signatures of the developer or publisher. This is enough for the anti-virus to recognize the software as legal. But anti-virus scanners do not respond to changing start pages and search engines in browsers! And here you have to remove the threats yourself.

What is the best antivirus for Windows?

As for preferences in choosing security software, it is very difficult to determine any one software product that would be considered the best in all respects.

Best antivirus software for Windows

True, most experts recommend installing only paid software products, since free antiviruses or analogues of paid applications often do not provide the proper level of protection, and some are truncated. If you look at the ratings of such software, you can give preference to antivirus programs from Kapersky Lab, ESET, Symantec, Dr. Web, F-Secure, professional or advanced modifications of Avast, Avira, AVG or the notorious Bitdefender.

Free antivirus with sandbox Panda Cloud Antivirus

Among the free antiviruses equipped with sandboxes, the most interesting Panda Cloud protector is increasingly recommended.

Android Antivirus Applications

If we talk about antiviruses on Android, then everything is also simple. By and large, almost all well-known developers of security software recently, along with stationary applications, create their analogues for mobile systems, so choosing one for yourself is not difficult.

The best antiviruses for Android

You can add more applications to the list, such as McAfee, CM Security or 360 Internet Security antiviruses, which compete with eminent brands for good reason.

Brief information about removing adware viruses

Now briefly about the removal of advertising applets that were ignored by the defense. The general procedure is as follows:

  • determine the name of the virus by changing the start page or search engine;
  • Uninstall the corresponding application in the programs and components section or in the list of browser extensions;
  • get rid in manual mode of all residual registry keys and files on disk by searching by the name of the remote applet;
  • check the browser shortcut for any possible posts or links in the object type field after the name of the browser start file with the .exe extension.
Infected browser shortcut

Note: if the program is not deleted or it is not in the list, first delete the entries in the registry, and then get rid of everything else. Some ad-type threats can be detected by targeted applications like AdwCleaner. If you remove existing applications, in order not to clean the leftovers yourself, it is better to use uninstall programs (iObit Uninstaller or Revo Uninstaller).

Conclusion

Here is a brief summary of everything that concerns the basic principles of the functioning of antivirus software and the choice of antivirus that is suitable for your needs by all criteria. As security tips, you can add the following:

  • install only antiviruses from trusted publishers (even shareware applications can be constantly activated using freely distributed license keys);
  • monitor the current status of anti-virus databases (especially when using portable scanners);
  • do not ignore antivirus warnings and do not follow links to obviously dangerous pages on the Internet;
  • Do not install programs downloaded from dubious sources or presented in the form of pirated and user assemblies of unknown origin;
  • as soon as you notice the first signs of the presence of the virus in the system, urgently take measures to neutralize it;
  • check the system for threats at least once a month (it is better to do this weekly).

Source: https://habr.com/ru/post/C43201/

More articles:


All Articles