Custom Search

Cyber Security:

Anti-Virus Software

OR 'Anti-Malware'

Antivirus software is an essential part of protecting your computer but it is not a complete solution to malware problems. Although called 'anti-virus software' it actually targets a range of malware, so really ought to be called 'anti-malware software'.

The growth in malware over the last two decades has been accompanied by an explosive growth in software designed to prevent it spreading.

It is a multi-billion pound business with a large number of commercial and free packages available for all computer users ranging from individuals to large corporations.

Issues with anti-virus software

Despite the best endeavours of its makers, antivirus software has occasionally proved to contain bugs that affect its reliability to protect you, like:

being inaccurate or out of date in identifying risks and so compromising your safety.

The majority of companies issue regular updates to their programs to fix known problems.

Major operating systems and some application packages (such as Microsoft Office and the Adobe productivity suite) automate most of the process of updating software by automatically checking for updates, prompting the user to install them and then actually performing the update itself.

This process is sometimes called 'patching'.

failing to update itself or warn the user an update is available

slowing your system down while in operation

increasing start-up and shut down times

consuming huge amounts of computer power

Fortunately, these problems are much less serious than the risk from a malware attack.

Computer operating systems and application programs are so large that they inevitably contain bugs, some of which could compromise your security.

 

What does it do?

Antivirus software aims to act on malware on your computer before it can harm data.

By:

detecting it

isolating it

deleting it (if necessary)

How does it identify malware?

Antivirus software uses several techniques to identify malware – the two most common being 'signatures' and 'heuristics'.

Signatures

A malware's signature is a distinctive pattern of data either in memory or in a file.

An antivirus program may contain thousands of signatures, but it can only detect malware for which a signature has been identified and published by the antivirus program's authors.

As a result there is a period between a new piece of malware being released 'into the wild' and when its signature can be incorporated into antivirus products.

During this period, the malware can propagate and attack unprotected systems, exploiting the so-called 'zero day' vulnerabilities that exist until the systems are fixed and antivirus signatures are updated.

It is not uncommon for several variants of a malware program to be published at intervals, each sufficiently different that they possess different signatures.

A second weakness of signatures is that more sophisticated malware has the ability to change its program (it is said to be polymorphic or metamorphic), disguising itself without affecting its operation.

Heuristics

Complementing signatures, heuristics use rules to identify viruses based on previous experience of the behaviour of known viruses.

Heuristic detection may execute suspicious programs in a virtual machine (a software recreation of a physical computer) and analyse the program for operations typical of known malware (such as replicating itself or attempting to overwrite key operating system files); or it might revert the program back to its original source code and look for malware-like instructions.

If the heuristic analysis considers that the file acts in a malware-like manner, it is flagged as potentially dangerous.

Unlike signatures, heuristics do not require specific knowledge about individual types of malware – they can detect new malware, for which signatures do not exist, simply by their behaviour.

The drawback of heuristics is that they can only draw conclusions based on past experience; radically new malware (which appears all too regularly) can pass unnoticed.

Buying anti-malware software

Not all anti-malware software is equally good.

There is even fake anti-malware offered for sale, especially for mobile devices. Also there are 'fake' versions of reputable software on offer.

Before you install or change anti-malware software you should check the reviews from a number of reputable and independent organisations. Look at how they rate the free packages as well as the paid for packages.

https://www.av-test.org/en/

https://selabs.uk/

https://www.av-comparatives.org/

You should then buy the software that best suits your purpose - from a reputable source.

Windows 10 has Windows Defender built into the OS and (it got a top rating in June 2019) and there are a number of good, free packages available, but you should always check that it meets your needs before installing it.

Some important features to consider are:

Is it compatible with your computer? You will have to make sure the antivirus software is appropriate for the operating system and computer that you have.

Does it come from a reputable source? For example, it may have been developed by one of the major computer security companies, such as Norton, Kaspersky, Sophos or AVG. Alternatively, it may have been provided or recommended by your bank or internet service provider.

Does it provide updates that allow it to protect you against the latest malware? New malware is being developed all the time, and it is important that you use an anti-malware application that will update itself.

Scams related to Antivirus Software

In October 2019, the BBC reported that a combined operation by British Police, Indian police and Microsoft had shut down two Indian call centres using web pages and phone calls to sell fake computer security services.

Victims were conned out of thousands of pounds.

There are many 'call-centres' around the world whose sole purpose is to con you out of money, steal your identity or take over your computer. If they call you - hang up and contact the servive they purport to be via a different route than the one they tried to contact you on.

The City of London Police say it is one of the most common online scams, with over 2,000 cases reported to Action Fraud every month.

The police offered these tips to avoid being scammed:

Always check out callers, especially cold callers who claim to be Microsoft, your telephone provider or internet service provider.

Legitimate organisations will encourage you to call back via a number you've obtained from a trustworthy source - not from the 'alert' you recieve.

Do not assume that the number displayed on your phone/screen is accurate, these can easily be spoofed, leading you to believe that the caller is in the UK or from a trusted organisation.

Never call phone numbers that are given on pop-up messages that indicate there is a problem with your computer.

Recovering from a virus or other malware

In this unfortunate state your aim is to update your antivirus software then isolate your computer so that the malware doesn't spread.

On Windows 10: run the Malicious software removal tool: https://support.microsoft.com/en-us/help/4026667/windows-10-how-to-remove-malware-or-viruses.

Steps if you think you have an infected machine:

update antivirus software

disconnect from any network

restart in ‘SafeMode’

initiate a complete disk scan

In a worst case scenario, you may need to:

reformat your hard drive,

reinstall your operating system and

reinstall your keys.

You will then need to reinstall any programs you use and then your data from your secure backup files.

Note that the reason for a slow running, old computer can be a build up of dust in vents, fans and internal surfaces so that the processor slows down to avoid overheating.