Date First Published: 28th June 2022
Topic: Cybersecurity
Subtopic: Security Mechanisms & Technologies
Difficulty: EasyDifficulty Level: 3/10
Learn more about what an antivirus is in this article.
An antivirus, also spelt as anti-virus, is a software program designed to detect and remove computer viruses and other unwanted programs that harm a computer. Some antivirus programs may offer basic features for free, but additional features, such as real-time protection may only be available to paid users. Once an antivirus detects a virus, it may display a message asking the user if they want to quarantine, remove, or keep it. Quarantining a virus does not actually remove it. It just isolates it in a location where it cannot harm a computer.
Whilst antiviruses prevent malicious software from infecting a computer, no antivirus is 100% perfect. Antiviruses have to be regularly updated and maintained to ensure that the latest virus definitions are available and without updating, the antivirus would not be able to identify and block the latest threats. Also, antiviruses do not provide total protection as there are always new malware programs being written and it takes time to spot and create the virus signatures for the malware. Antiviruses can also slow down PCs and network performance as installing and running an antivirus takes up storage space, memory, and processing power.
Antivirus programs are considered the bare minimum for keeping a computer secure. If a computer had no antivirus software installed at all, it would be vulnerable to increased security threats, including malware.
The additional features that most antivirus programs include beyond scanning and removing computer viruses are:
Due to the closed sandbox, there are no real antivirus programs for iOS devices that scan individual files. iOS has enough security features to work as an antivirus itself as it does not allow third party apps to be installed unless the device is jailbroken.
However, there are mobile security apps on the App Store and Google Play, such as Malwarebytes Mobile Security and Bitdefender Mobile Security that provide some protection. They may provide features, such as call blocking, which blocks suspicious phone numbers and web protection, which provides protection against malicious websites. But, they do not include features to scan the filesystem for viruses as unlike Windows and macOS, iOS does not allow direct access to the entire filesystem.
On Android, where it is easier to install third-party apps due to the distribution of apk files, there are free and paid premium antivirus scanners on the Google Play store that will scan files for malware. Most run automatic scans on a regular basis and offer real-time protection to stop malware. Once malware is identified, the antivirus app will remove it.
Since computer viruses are constantly being created and spread by cybercriminals, it is necessary for antiviruses to keep an updated database of virus types. It is also important to keep antivirus software up to date so that users can stay protected against the latest threats. Antiviruses can detect viruses using the following methods:
Antiviruses detect viruses based on stored virus signatures. These are unique strings of data that are usual of known malware. These signatures are used by antivirus software to identify when it detects viruses that security experts have already identified.
Signature-based detection cannot detect new viruses that have not been discovered yet, including variants of existing malware. It can only detect new malware when the definition file is updated with information about the new virus.
The number of new malware signatures is constantly increasing. It is believed that it is increasing at around 10 million per year. As a result, modern signature databases will have millions or even billions of entries. Even though this type of virus detection does not trigger false positives, making antivirus software completely based on signatures is impractical.
Heuristic-based detection uses algorithms to compare the signatures of known viruses against threats. This enables antivirus software to detect viruses that have not been discovered yet and variants of existing viruses. However, heuristic-based detection can also trigger false positivies if it detects a program that behaves in a similar way to a malicious program and incorrectly detects it as a threat.
Virus researchers create a single generic signature by identifying common areas that all viruses in a family share uniquely. These signatures usually contain non-continguous code using wildcard characters. The wildcard characters allow the antivirus scanner to detect viruses even if they contain extra or meaningless code.
Behaviour-based detection is when an antivirus goes beyond identifying virus signatures and analyses code for suspicious behaviours or activities and works out whether it is malicious or not based on those investigations. For example, code that tries to modify, encrypt, or delete large amounts of files, log keystrokes, alter the settings of a computer, or disable security features would indicate that the program is malicious.
However, a disadvantage of behaviour-based detection is that it can trigger false positives. For example, a safe program might get detected as a virus because it has one bad behaviour that the antivirus is looking for.
There are lots of paid antivirus options out there, but why pay when most operating systems, such as MacOS and Windows come with built-in free antiviruses? Macs come with XProtect and Malware Removal Tool (MRT). XProtect makes use of a tool that checks for malware signatures based on a database that Apple updates on a regular basis.
On Windows, Microsoft offers a built-in antivirus called Windows Defender. This antivirus offers real-time protection against threats, scheduled scans, ransomware protection, and more. It detects threats by using virus signatures and security intelligence and automatically updates itself.
If you do decide to install an extra antivirus on your computer, be very careful where you get it from as there have been a lot of fake antivirus programs that trick users into thinking that something is a virus when it actually isn’t. Common reputable antivirus programs include McAfee, Norton AntiVirus, and Malwarebytes.
It is definitely possible to have more than one antivirus program installed. However, it is not recommended. Having more than one active antivirus program can result in conflicts between the two programs and additional use of resources, such as CPU and memory, causing a computer to become much slower. Installing more than one antivirus program will not provide any extra security for a computer. In fact, it might cause a computer to become unprotected due to the two conflicts between programs.
For example, if a threat was active on a computer and one antivirus detected and quarantined it, the other antivirus would then rediscover the threat and try to quarantine it again. Even though the threat has been quarantined, the second antivirus program would still claim that the file was present and give false alerts.
However, it is okay to have an antivirus program installed on the computer with an additional spyware/adware scanner (e.g. Microsoft Malicious Software Removal Tool). That additional scanner does not run in the background and is not a replacement for an antivirus.
The first known computer virus, known as the "Creeper virus," originally appeared in 1971, although its origins can be traced back to 1949, when the Hungarian scientist John von Neumann wrote the "Theory of self-reproducing automata." The PDP-10 mainframe systems from Digital Equipment Corporation (DEC) with the TENEX operating system were infected by this computer virus.
The "Reaper" program, developed by Ray Tomlinson, eventually eliminated the Creeper virus. Some people believe "The Reaper" to be the first antivirus programme ever created. Whilst this may be true, it's important to remember that the Reaper was actually a virus created to remove the Creeper infection.
G Data Software was founded in 1985 by Andreas Lüning and Kai Figge. In 1987, they launched it for the Atari ST platform. This was the first antivirus program written. The Ultimate Virus Killer (UVK) was also made available in 1987. The last version (version 9.0) of this virus remover, which was the industry standard for the Atari ST and Atari Falcon, was released in April 2004.
Later on, John McAfee founded the McAfee corporation (which was part of Intel Security) in the United States in 1987, and at the end of that year, he released the first version of VirusScan. The first version of NOD antivirus was developed by Peter Pako, Rudolf Hrub, and Miroslav Trnka in Czechoslovakia in 1987.
The growth of antivirus companies continued in 1988. Tjark Auerbach founded Avira (H+BEDV at the time) and launched the first version of AntiVir in Germany (named "Luke Filewalker" at the time). Vesselin Bontchev introduced his first free antivirus program in Bulgaria (he later joined FRISK Software). The original version of ThunderByte Antivirus, sometimes known as TBAV, was also launched by Frans Veldman (he sold his company to Norman Safeground in 1998). Pavel Baudi and Eduard Kuera founded avast! (then known as ALWIL Software) in Czechoslovakia and introduced the first version of their antivirus program there.
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection
