Definitions: Antivirus

Definition

Antivirus is software that scans a personal computer for  evidence of malicious software. When it finds a file infected by a virus or  other type of malware, antivirus software either neutralizes or eliminates the  file to prevent the infection from spreading and damaging systems. Antivirus  programs can protect systems against a variety of malicious code, including  worms, Trojans, spyware, rootkits and more.

Business applications

Businesses should deploy antivirus on all personal computers  as one of many layers in a defense-in-depth security strategy. Many security vendors offer antivirus products, and while  there are small variations in the way they respond to viruses, antivirus  products ultimately perform the same function. Some of the more popular vendors  include McAfee, Symantec, CA and Sophos. When choosing an antivirus  vendor, businesses may consider price, recommendations, features or  availability.

Deployment Concerns

Stand-alone antivirus software is no longer enough to  protect systems against the barrage of malware that constantly attempts to  undermine systems. Experts recommend deploying a suite of applications, including  antivirus, for more complete protection against malware.

Antivirus software also has been found to have its own  vulnerabilities that could pose a danger to the very systems it’s meant to  protect. A consulting firm found that many antivirus programs can be exploited through vulnerabilities within the malware-scanning process  known as parsing. That’s yet another good reason to deploy  defense-in-depth.

Technical details

Antivirus software can perform manual and automatic scans.  Best practices dictate running a complete scan immediately after installing the  software, configuring full automatic scans to run periodically and running  manual scans on incoming files (for example, e-mail attachments or Web  downloads).

Antivirus programs can also use two methods for detecting  malware: matching signature files and heuristic analysis. When matching  signature files, antivirus software compares the code in a file to a dictionary  of known virus signatures. When it finds a match, the antivirus software either  repairs, deletes or quarantines the file. This type of antivirus software must  be regularly updated to include the latest virus signatures. New viruses are  constantly being created so antivirus vendors are challenged to keep up by  creating signatures for each new virus.

Heuristic analysis is the examination of suspicious behavior  to determine whether it’s being caused by a virus. For example, if one program  attempts to write data to an executable program, the antivirus software may  raise a warning to the user. Because this method does not rely on current  signatures, it is used to detect new viruses for which signatures are not yet  available, and variants of old viruses. However, heuristic analysis requires  user action when suspicious behavior is flagged. That can be a problem if the antivirus  software has a high false-positive rate and users begin to ignore the warnings.