Cyber Security: Anti-Virus Software OR 'Anti-Malware' Antivirus software is an essential part of protecting your computer but it is not a complete solution to malware problems. Although called 'anti-virus software' it actually targets a range of malware, so really ought to be called 'anti-malware software'. The growth in malware over the last two decades has been accompanied by an explosive growth in software designed to prevent it spreading. It is a multi-billion pound business with a large number of commercial and free packages available for all computer users ranging from individuals to large corporations. Issues with anti-virus softwareDespite the best endeavours of its makers, antivirus software has occasionally proved to contain bugs that affect its reliability to protect you, like:
Fortunately, these problems are much less serious than the risk from a malware attack. Computer operating systems and application programs are so large that they inevitably contain bugs, some of which could compromise your security.
What does it do?Antivirus software aims to act on malware on your computer before it can harm data. By:
How does it identify malware?Antivirus software uses several techniques to identify malware – the two most common being 'signatures' and 'heuristics'. Signatures A malware's signature is a distinctive pattern of data either in memory or in a file. An antivirus program may contain thousands of signatures, but it can only detect malware for which a signature has been identified and published by the antivirus program's authors. As a result there is a period between a new piece of malware being released 'into the wild' and when its signature can be incorporated into antivirus products. During this period, the malware can propagate and attack unprotected systems, exploiting the so-called 'zero day' vulnerabilities that exist until the systems are fixed and antivirus signatures are updated. It is not uncommon for several variants of a malware program to be published at intervals, each sufficiently different that they possess different signatures. A second weakness of signatures is that more sophisticated malware has the ability to change its program (it is said to be polymorphic or metamorphic), disguising itself without affecting its operation. Heuristics Complementing signatures, heuristics use rules to identify viruses based on previous experience of the behaviour of known viruses. Heuristic detection may execute suspicious programs in a virtual machine (a software recreation of a physical computer) and analyse the program for operations typical of known malware (such as replicating itself or attempting to overwrite key operating system files); or it might revert the program back to its original source code and look for malware-like instructions. If the heuristic analysis considers that the file acts in a malware-like manner, it is flagged as potentially dangerous. Unlike signatures, heuristics do not require specific knowledge about individual types of malware – they can detect new malware, for which signatures do not exist, simply by their behaviour. The drawback of heuristics is that they can only draw conclusions based on past experience; radically new malware (which appears all too regularly) can pass unnoticed. Buying anti-malware softwareNot all anti-malware software is equally good. There is even fake anti-malware offered for sale, especially for mobile devices. Also there are 'fake' versions of reputable software on offer. Before you install or change anti-malware software you should check the reviews from a number of reputable and independent organisations. Look at how they rate the free packages as well as the paid for packages. You should then buy the software that best suits your purpose - from a reputable source. Windows 10 has Windows Defender built into the OS and (it got a top rating in June 2019) and there are a number of good, free packages available, but you should always check that it meets your needs before installing it. Some important features to consider are:
Scams related to Antivirus SoftwareIn October 2019, the BBC reported that a combined operation by British Police, Indian police and Microsoft had shut down two Indian call centres using web pages and phone calls to sell fake computer security services. Victims were conned out of thousands of pounds. There are many 'call-centres' around the world whose sole purpose is to con you out of money, steal your identity or take over your computer. If they call you - hang up and contact the servive they purport to be via a different route than the one they tried to contact you on. The City of London Police say it is one of the most common online scams, with over 2,000 cases reported to Action Fraud every month. The police offered these tips to avoid being scammed:
Recovering from a virus or other malwareIn this unfortunate state your aim is to update your antivirus software then isolate your computer so that the malware doesn't spread. On Windows 10: run the Malicious software removal tool: https://support.microsoft.com/en-us/help/4026667/windows-10-how-to-remove-malware-or-viruses. Steps if you think you have an infected machine:
In a worst case scenario, you may need to:
You will then need to reinstall any programs you use and then your data from your secure backup files. Note that the reason for a slow running, old computer can be a build up of dust in vents, fans and internal surfaces so that the processor slows down to avoid overheating. |
|