Cyber Basics: Antivirus, A Trusted Prescription

Every day more than 60,000 people fall victim to malware, and they may not even know it. Luckily, though, it doesn’t have to be a hassle to defend yourself. A simple step to protecting your data is to install an antivirus software.

Antivirus is software used to protect your computer from malware and other forms of malicious code. While each antivirus is unique, they all have the basic functions of scanning files to detect malware, removing malicious code, and providing “health” exams for your computer. Antiviruses work by running in the background (commonly referred to as background scanning or on-access scanning) and “checking” files for malicious intent when opened. When the antivirus detects malicious code, it prevents the file from running by putting it “on hold.” When an antivirus wrongly accuses a file, you can simply approve the file manually. It is important to update your antivirus software regularly as updates typically contain new information necessary to detect new forms of malware.

caitlin-antivirus-graphic2.0 (1)

There are several different ways antiviruses operate. However, most modern antiviruses utilize a blend of methods:

Signature-based threat detection is a traditional method that remains very effective. The antivirus learns the code or patterns of attack of known malware. Any time this malware is detected, the antivirus alerts you. However, this is not effective against new malware or evolving malicious code strings as it can only detect known sequences. With almost 1 million new types of malware created every day, it is crucial to update this software regularly to keep your computer protected.

Think of it as a shepherd and his flock: a shepherd will allow his sheep into his barn but not wolves. He knows to guard against the known predator, but what about wolves in sheep’s clothing? This may fool the shepherd if he is not made aware of the wolves’ disguises. Users typically find the constant need to update this type of antivirus annoying, however it is critical to regularly update to remain effective.

Anomaly detecting tech compares standard activity to “strange” events. In order to be effective, you need to generate a “profile” that recognizes your standard traffic flow. There are two types of profiles: Statistics-Based Anomaly Detection and Specification-Based Anomaly Detection. The statistics-based approach monitors user behavior over a specific timeframe. When this observation period is complete, a mathematical process measures data quantitatively. Any time data exceeds a certain threshold, it is marked as a suspicious file for the user to address. While a statistics-based approach is affective, it requires constant training. Any time a new user is added, a server is removed, or the like, the software must “relearn” user behavior. On the other hand, a specification-based approach is much less mathematical and is more personable. It essentially behaves as a firewall that alerts the user of suspicious traffic after the user generates a list of approved behavior.

In this instance, the shepherd knows to keep wolves out of the barn in addition to knowing what is irregular wolf behavior, thus allowing him to keep disguised wolves out as well. However, the shepherd may occasionally mistake his own sheep for predators and may not know how to treat other types of predators, like foxes. While simpler to understand and in less need of consistent updates, it is much more difficult for users to strike a balance between reducing “false positives” (safe data that is incorrectly flagged as malicious) while effectively blocking malware.

Machine learning tech is the most advanced option, and it is better at detecting malware than signature-based detections. Machine learning allows your antivirus software to adapt to new threats independently, and without user supervision. So, while signature-based threat detection requires consistent updates to read new forms of code, machine learning analyzes patterns in network activity and utilizes probabilistic mathematics to detect new forms of malware. In this final case, the shepherd is constantly adapting to new predators and disguises in order to protect his flock.

Although many antiviruses require consistent maintenance, it is much easier in the long-run to regularly care for your antivirus than to not have one at all. The damage caused by malware can be costly and permanently damage your data and computer. With the constant evolution of malware and malicious code, it is nearly impossible to safeguard your information without some type of protective software.

Antiviruses are both free and available for purchase. Free antiviruses typically utilize signature-based threat detection, anomaly detecting tech, machine learning tech, or a blend of the three protection whereas paid antiviruses usually go one-step further and contain firewalls, spam filters, and anti-theft tracking. While it is smart for businesses to invest in these features, free antiviruses are normally enough to protect the average user.

When shopping for antiviruses, it’s important to keep in mind that sometimes malware disguises itself as antivirus software, including Antivirus Live, Advanced Virus Remover, and Internet Security 2010. To ensure your computer’s safety, it’s a good idea to research reviews before installing an unknown antivirus. PC Magazine has a ranked list of 2016’s best antivirus software, with the top performing free software including Avast Free Antivirus 2016, AVG AntiVirus Free (2016), and Panda Free Antivirus (2016). Of the three listed, AVG Antivirus contains the most features, including behavior-based detection and website rating to provide additional security.

Installing an antivirus is simple, and, with proper maintenance, it can help safeguard your data and computer from malware. It can help save you time, money, and hassle.