Some Antivirus Concepts – 2 of 2

Concluding a look at the basics of Antivirus Software

Click here for the first part of this blog

How does your antivirus software detect threats?

This is likely to be through a combination of two different types of analysis:

  • Computer Screen and MicroscopeSignature-based detection – this is when the coding in the file being checked is compared with code that is known to be present in malicious files. Every day your antivirus software automatically connects to the online server (computer) of its manufacturer and downloads to your computer the latest list of known problems, together with their “signatures” – ie some specfic coding of the file that your antivirus software can check against the coding of the files it checks. This way, your antivirus program is usually no more than 24 hours behind in its knowledge of the known threats.
  • Heuristic detection – this is when the antivirus software looks at a number of factors in the suspect file, assign “weights” (or “scores”) to these factors, adds the scores together and then makes an overall judgment as to the likelihood of the file being malicious.

The downsides of anivirus protection

  • False negatives – if an antivirus program fails to detect a problem this is known as a “false negative”. The malware is then left free to do its business.
  • False Positives – your antivirus program may falsely accuse something on your computer of being malware. This is known as a false positive and can be a pain in the neck as it could take time, money, and expertise to analyse the situation and conclude that the antivirus program got a bit over-keen. Alternatively, you might just follow the on-screen prompts of your antivirus software and de-activate an important and valuable part of your system that wasn’t doing any harm.
  • Overhead – antivirus programs can slow down your system. With some complicated and large antivirus programs (disparagingly referred to as “bloatware”) this system degradation can be a noticeable nuisance – especially on older and less powerful systems.
  • Unhelpful messages – some antivirus programs are prone to popping up semi-cryptic messages about what they are doing and what they have found. These can be unsettling, annoying, and difficult to interpret.

Data file updating and program updating

Symbols representing internet connectionAs described above, almost all antivirus programs update their “virus definition files” or “signature definition files” every day. This does not affect the functionality of the program (ie what the program can do) – it just lengthens the list of known problems and how to recognise them. This is not the same thing as “updating the program”. Most antivirus programs now issue a new release towards the end of the year. Updating to a newer version of a program probably adds some bells and whistles but probably won’t change the basic antivirus detection of the program. I would suggest that it is far more important to ensure that the daily signature definition files are updated regularly than worrying about updating the program itself (especially if updating the program involves paying for it again).

So why bother with antivirus protection?

  • It’s not just your own system you are threatening. You could pass on malware to anyone you share files with.
  • The potential costs of not protecting your system are just too high. Over the years there have been several occasions when I have needed to re-format a client’s hard drive – ie wipe everything clean and re-install everything – to get rid of a virus infection. Apart from the disruption and potential loss of data, a half day spent trying to recover from a virus infection followed by resorting to re-formatting and starting again could easily cost £500-£750. Why would you risk that? Well, one response I sometimes hear to that question is “I only use my computer for web browsing and I use webmail so not even my emails are vulnerable”. My answer to that is that it could still take a day or more to re-format and re-install the basics of Windows, Windows Updates, printer drivers, other driver updates, browser updates, etc. And that is assuming that you have recovery DVDs or access to a recovery partition on your hard drive. Again I ask “why would anyone risk that”? And yet some people still do.They tend to change their minds, though, if they suffer a nasty infection that’s hard to remove. Please believe me when I say that it really isn’t worth waiting until that happens before installing an antivirus program.

If you want to do it now, with the minimum of fuss, download Microsoft Security Essentials from here and just follow the prompts. It’s free and it works.

But don’t do this if you already have an antivirus program installed. Don’t ever install more than one antivirus program on one computer. You might think that that would be a good way of improving your protection but what can happen is that the two competing products can get in each other’s way and cause the whole system to freeze.