NCSAM: Anti-Virus and other layers of protection (Part 1)

Anti-Virus Part 1.(IMG:J.Anderson)

Anti-Virus (AV) comes in all shapes and sizes. AV protection is one of the key layers of security you simply must have on your computer. Part one of this article, moving into the second week of National Cyber Security Awareness Month, will discuss Anti-Virus solutions, focusing on what they do and how.

What is Anti-Virus?

These days, Anti-Virus is a name given to a program that protects your computer from Internet related threats. The generic term for these threats is called Malware, or malicious software.

Malware can mean a Trojan; it can mean Spyware or Adware, it can mean a Root Kit, as well as a Worm. As the Internet grew, so did the volume of malicious applications and people online. Another generic term for Malware is Virus. While to some this is second nature and common information, marketing materials from various AV vendors and security related press coverage can and will confuse the public by mixing and matching terminology.

Crimeware is a marketing created buzzword that was quickly adopted by the press. It is often associated with software or code that is used in the commission of a crime online, or something that can be used to commit a crime in the future. In short, it is malicious software, or in other words, Malware.

Anti-Virus in the early days used to cover Worms, Trojans, and a select amount of Spyware only. Now it covers just about everything, as best as it can. Yet, there are still gaps in the protection that a single AV program can offer you. To defeat these gaps, you layer your security. Some of the newest AV programs come with layered defense included, which is a great start.

Layering the defense on a computer can include Malware protection, as well as software based firewalls. The problem with the all inclusive “Internet Security” packages you see for sale is that while they can offer several layers of protection, they often pack too much into a single package.

One of the largest complaints about security software is that it is bloated. It takes up too many system resources and it bogs down the system with too many alerts and pop-ups. This bloat is caused by the number of tools the software includes. Most of the 2009 AV products are working to add as much protection as they can in as little space as possible. This means the software packs in all the same tools, but takes less system resources and less space.

Another problem with all inclusive protection is that there is no such thing as all inclusive. Sure, you can try to cover all the types of Malware, Spam, and even add a firewall to the program for layered protection. However, someone somewhere will create Malware that slips past these detections. This is why you should only count Internet Security products as one single layer of security, not as the entire security solution.

How does an AV program know what files are good and what files are bad?

If an AV program is to work, it has to know what files are safe and what files can pose a risk to the system. However, as mentioned, someone somewhere will find a way to slip past the AV detection methods and infect a system. The shortcomings with AV detection are addressed in constant signature updates. In AV software, a signature is a little database or dictionary that contains the identifying characteristics of malicious code. If code is executed on your system that matches a signature, the AV program will prevent it from running, and in most cases remove it.

Some AV vendors are moving away from signature only methods of detection. This is logical progression, as without a signature to match Malware to, there is no way to know if the code that is running is harmful. So to compensate for this, some vendors are moving into the Cloud.

The Cloud is a fancy term to explain hosted services or refer to the Internet. Cloud Computing is used in AV protection by allowing the AV engine (what monitors and scans the computer for threats) to connect to a central server that offers nearly instant updates to a huge signature file.

Now, you just read that vendors are moving away from signature only protections and moving into the Cloud. If this is the case, why use the Cloud only to access another type of signature file? The answer is speed. Most of the vendors who offer Cloud based protections rely on a global monitoring network to detect threats or a community of users to detect them.

Global monitoring does a few things, and each AV vendor does this. Using monitoring stations across the globe, vendors can detect threats and other malicious code within hours. The stations can be actual humans examining code samples, or servers just sitting online. When new malicious code is found, a signature is written, this signature is then sent into the Cloud. If your AV program uses Cloud based protection, then the new signature is available to you instantly.

Community based monitoring is the same thing, with a slight twist. Instead of a series of stations, the vendor takes sample data and minor information from their customer base. So if Susan accidently discovered new Malware, the AV engine will pick this up, and silently update the rest of the community, allowing for instant protection.

For Cloud or community based monitoring to stay up to date, there must be an internet connection. If there is no Internet, there is no Cloud, and your signature database will not be updated to the most current threat information available. However, the database will always be present on your computer to allow for scanning in the event there is no connection, and when you download a new signature, it will act to protect you against the most current threats offline as well as online.

It is important to note that in some cases both Cloud Computing and community based methods of protection are used in the same product. For marketing reasons they can often be interchanged, which is not false marketing, just fogging up the level of information handed off to a consumer.

So now we move to detection in-depth.

How does an AV program detect Malware?

The fist thing to remember when learning how an AV program will detect malicious applications or code is that no two are alike. Symantec and McAfee, each offer AV protection, and each one scans for Malware completely differently. They both get the job done, but they do go about it differently. This is the same for any AV vendor, such as AVG, Sophos, Panda, Kaspersky, and BitDefender.

Did you know that the biggest complaint, other than bloated AV software, is the time it takes to scan a system? Why would this be an issue? Mostly because when the AV program scans, it kills productivity by slowing the system down. So how is this issue resolved?

AV vendors resolve the slow scanning issue a few ways. Some use active monitoring, which is a constant scan of the system. Active monitoring also includes scanning every file as it is executed or downloaded. Some of the recent versions of AV software will scan the system in the background, as long as the CPU is idle.

Slow scanning is also addressed by allowing a user to pick a time of day when the program will launch a scan automatically. These scheduled scans are often performed overnight, when no one is using the system.

However, the true power of every one of the AV programs on the market is centered on the ability to look at running processes on a computer and determine if they are malicious or not. Each AV vendor has something that does this, there are various technical and marketing related names for them, but the overall point is that they can scan for malicious activity and detect it in real time, without the use of a signature. Moreover, this technology often leads to the creation of new signatures.

Anti-Virus protection is one of the largest factors in a secure system. While only one layer of protection, the AV software is what protects you from the little bits of code used to control or ruin your computer.

Part 2 of this Anti-Virus article for the NCSAM series will focus on what to look for when purchasing Anti-Virus software as well as list some of the well-known vendors and what they offer.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

Man Makes Tiny Edible Pancakes with Tiny Kitchen Tools (Video)

This Japanese guy cooks up some pancakes…nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!

What Color is this Dress?

White and Gold or Blue and Black?
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably  causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most […]

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

McLaren 675LT Wallpaper

Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.