Nowadays we all know what an antivirus is, we know what we must have to stop a virus from entering our computer and making it unusable.
The basic theory is fine, but to really know in depth what an antivirus does?
I will explain in depth what it is and the reason for having it.
How does an antivirus work?
The main mission of antivirus software is to detect and remove malware (or ‘ malicious software’) from computers and devices before it has even infected the system.
To identify malware, antivirus programs perform a continuous analysis that compares the files present in the computer’s operating system with a database containing the identifying characteristics (or ‘signatures’) of different types of malware previously encountered. This database must be frequently updated with the signatures of new types of malware that emerge from time to time. Some antivirus programs are also capable of detecting threats by identifying patterns in files, locating system alterations and analyzing strange behavior of computer components.
Today’s antivirus software therefore has two essential functions: scanning the computer’s files one by one for risks using the threat database and monitoring the device for any unusual activity.
Contrary to what you might think, having more than one antivirus installed on the same device is counterproductive. This is because one antivirus may mistakenly detect another as ‘malware’ and they may try to block each other, potentially leaving the devices unprotected.
What threats do antivirus programs defend us from?
Antivirus software prevents various types of malware.
Viruses are malicious programs that camouflage themselves in user files. They are designed to access computers without users’ consent or knowledge and are usually aimed at stealing information, deleting documents or changing settings.
We are going to explain in depth a little bit about the different types:
Computer viruses
Computer viruses have earned their name because of their ability to “infect” multiple files on one computer. They spread to other machines when infected files are sent via e-mail or when users carry them on physical media, such as USB drives or (long ago) floppy disks. According to the National Institute of Standards and Technology (NIST), the first computer virus, called “Brain,” was developed in 1986. Tired of customers pirating software from their store, two brothers claim to have designed the virus to infect the boot sector of the software thieves’ floppy disks; when the disks were copied, the virus was transmitted.
2. Worms
Unlike viruses, worms do not need the help of humans to spread and infect: they infect once and then use computer networks to spread to other machines without the help of users. By exploiting network vulnerabilities, such as weaknesses in email programs, worms can send out thousands of copies of themselves in the hope of infecting new systems, where the process begins again. While many worms simply “eat” system resources, thus reducing performance, most now contain malicious “payloads” designed to steal or delete files.
3. Adware
One of the most common online problems is adware. The programs automatically deliver advertisements to host computers. Familiar types of adware include pop-up ads on web pages and advertisements embedded in programs that often accompany “free” software. While certain adware is relatively harmless, other variants use tracking tools to collect information about your location or browser history and add customized ads to your screen. As BetaNews noted, a new form of adware has been detected that can disable antivirus software. Because adware is installed with users’ knowledge and consent, these programs cannot be considered malware: they are usually identified as “potentially unwanted programs.”
4. Spyware
Spyware does exactly what it says: it spies on what you are doing on your computer. It collects data such as keystrokes, browsing habits and even login information, which is then sent to third parties, usually cybercriminals. It can also modify your computer’s security settings or interfere with network connections. According to TechEye, emerging forms of spyware can allow companies to track users’ behavior across multiple devices without their consent.
5. Ransomware
The ransomware infects your computer, then encrypts sensitive data, such as documents or personal photos, and demands a ransom for their return. If you refuse to pay, the data is deleted. Some ransomware variants completely block access to your computer. They can impersonate legitimate law enforcement and suggest that you have been caught doing something wrong. In June 2015, the FBI’s Internet Crime Bureau received user complaints reporting $18 million in losses from a common ransomware threat called CryptoWall.
6. Bots
Bots are programs designed to perform specific operations automatically. They are useful for many legitimate purposes, but have also been repurposed as a type of malware. Once introduced into a computer, bots can cause the machine to execute specific commands without the user’s approval or knowledge. Hackers may also try to infect multiple computers with the same bot to create a “botnet” (short for “robot network”), which can then be used to manage compromised computers remotely to steal sensitive data, spy on the victim’s activities, distribute spam automatically or launch devastating DDoS attacks on computer networks.
7. Rootkits
Rootkits allow remote access or control of a computer by a third party. These programs are useful for IT professionals trying to troubleshoot network problems remotely, but they can easily become a nefarious solution: once installed on your computer, rootkits allow attackers to take complete control of your machine to steal data or install other malware. Rootkits are designed to go unnoticed and actively hide their presence. Detecting this type of malicious code requires manual monitoring for any unusual behavior, along with periodic installation of patches to your operating system and software to eliminate possible infection paths.
8. Trojan Horses
Commonly called “Trojans,” these programs hide in plain sight by masquerading as legitimate software or files. Once downloaded and installed, Trojans make changes to a computer and carry out malicious activities, without the victim’s knowledge or consent.
How can a computer or device be infected?
The most common method of spreading viruses today is by e-mail. It is enough for the user to download an attachment or install a program accessed via a link to infect his computer with malicious code. It is very important to avoid this:
- Do not let your guard down in the face of suspicious emails (from unknown senders, emails that are not expected, ’emails’ whose content denotes urgency, containing spelling mistakes and strange wording).
- Activate the ‘antispam’ filters for unwanted or harmful mail and be especially careful if you are going to open an email marked as such.
- Think twice before downloading attachments.
- Be sure before clicking on links in e-mails. It is preferable to hover your mouse over them to check the address to which they redirect.
It is also easy to infect devices when downloading and installing programs that come from unofficial sources, appear in pop-up windows or advertisements, or are included in emails from unknown senders.
Another common route of contagion is that which occurs when other external devices are connected to the computer, such as pen drives or hard disks that have been previously connected to other devices, whose origin is unknown or that have been lent by other people. And also the other way around: when devices are connected to unknown external sources such as public chargers.
How effective are antiviruses?
As of today, there is no 100% effective method to protect against all the malware circulating on the Internet. Cybercrime is a very lucrative industry that evolves at great speed and forces antivirus companies to update their databases and reinvent their detection algorithms quickly to be able to detect the new threats that are constantly emerging.
Despite having an antivirus installed, it is necessary to continue to maintain safe behaviors and not to lower our guard against social engineering attacks such as ‘phishing‘ -through email- or ‘vishing‘ -which is executed through telephone calls-. In short, an antivirus cannot protect against the deception techniques used by social engineering.
On which devices is it advisable to install an antivirus?
Every day users have more and more objects, devices and appliances connected to the Internet, and therefore, exposed to be infected with some type of malware.
In addition to installing an antivirus on computers and laptops, it is also highly recommended to do so on mobile devices such as smartphones and tablets, and on objects connected to the Internet. There are already antivirus programs that analyze the data traffic of the home network, protecting cameras, SmartTVs, printers, consoles, etc.
Which antivirus to choose?
There are a multitude of antivirus products on the market, many of them are free and others are paid. The Oficina de Seguridad del Internauta has a wide analysis of free antivirus with a detail of their specifications to be able to choose the most suitable for the user’s needs. Most of these free antivirus programs have a paid part that includes additional functionalities such as password management and automatic program updates, among other features. In addition, paid antivirus programs do not include advertising.
On the other hand, the user can consult rankings of the best antivirus programs according to the results they have obtained in technical tests. An example of such rankings is the one prepared by the specialized magazine Virus Bulletin or the Trusted Antivirus Review web page, which also gathers the opinion of users.
In case you need more generic advice on the maintenance of computers, tablets and smartphones, the American non-profit organization Privacy Rights Clearinghouse, offers on its website a comprehensive guide to protecting privacy.
Myths and truths
But there are a number of myths surrounding computer viruses:
- Any error message on a computer indicates a virus infection. This is false: error messages can also be caused by hardware failures or software errors.
- Viruses and alerts always require user interaction. False. Code must be executed for a virus to infect a computer, but this does not require user interaction. For example, a network worm can infect automatically if certain vulnerabilities exist on a user’s computer.
- E-mail attachments from known senders are safe. This is not true, because they could have been infected by a virus and are being used to spread the infection. Even if you know the sender, don’t open anything that looks untrustworthy.
- Antivirus software will stop all threats. Although antivirus software vendors do their best to stay ahead of malware developments, it is important to run a comprehensive Internet security product that includes technologies specifically designed to proactively block threats. Even then, of course, security is not 100% guaranteed. Therefore, it is important to adopt common sense online to reduce your exposure to attacks.
- Viruses can inflict physical damage on your computer. What if malicious code causes your machine to overheat or destroys critical microchips? Antivirus software vendors have debunked this myth several times: damage of this kind is simply not possible.
And finally, what maintenance does an antivirus need?
The only maintenance that an antivirus needs is regular updating. New threats in the form of viruses emerge every day in many parts of the world and as soon as they are detected and analyzed, they are included in antivirus programs so that they are able to effectively protect our computers, devices and objects connected to the Internet.
In conclusion, antivirus programs are becoming more sophisticated every day and provide a very high level of security: they are undoubtedly the best ally of users to avoid malware and its consequences. But let us remember that the first link in the security chain is still the individual.