Antivirus

Antivirus describes products that are used for the identification and destruction of viruses and other forms of malware and the organizations that produce them. The term can also be used as another word for helper viruses and worms that destroy other malware. It can also be an adjective used to describe people or attitudes that fear all viruses and strongly desire their destruction. This entry focuses on antivirus products.

Characteristics

The basic characteristics of an antivirus program are that it usually includes a scanner to scan for malicious software, and a disinfector to remove the software. Many antivirus programs also monitor the behavior of running programs for possible viral activity or programs being downloaded, transfered or opened for viral content. Some come bundled with firewalls, pop-up blockers, child protection and other security products, while others are stand-alone virus scanners.

Detection

The most common method of identifying a virus is with a virus signature, which means that a virus scanner must recognize a certain unique porton of the virus's code in order to identify the virus. These must be updated regularly (some analysts say daily), or else the computer will be vulnerable to the latest malware.

Another method is behavior-based scanning. This method does not look for a specific virus signature, but rather checks the file's behavior. A program detected as malware by a behavior scanner would be one that contains instructions to format the hard drive or make many different writes to random files.

History

The first documented removal of a virus was by Bernd Fix after receiving a copy from Ralf Burger. In 1986, G Data began work on CeBIT, one of the first antivirus programs and released it in 1987.

In 1988, Peter Norton dismissed the idea of viruses as an urban myth. This is often seen as ironic, given that one of the most popular antivirus products bears his name. Norton's company was however not purchased until 1990, and it did not include an antivirus product at the time of the purchase.

Since the 1990's, the antivirus industry has adapted to the threats by new forms of malware from the simple boot and file infectors of the 1980's to the botnets of the present day.

Common Problems

Antivirus products can be either too lax in destroying malware, or overzealous. An antivirus product may not detect a certain piece of for any number of reasons. Most often, it is a case of PEBKAC manifested in not updating the computer or keeping the antivirus software up to date. It may also be the user's fault if the software is not configured correctly. Sometimes, the antivirus product itself may be defective or the patch for detecting the most recent malware has not been released yet.

False Positives

An overzealous virus scanner may be more dangerous than a virus itself. Important applications and even system files that are clean and legitimate may be falsely detected as malware. If the program decides to quarantine or destroy these files, important work could be lost, or at worst, the computer could be unusable.

Criticism

Scanning methods have sometimes been a target of criticism for security experts and antivirus industry analysts. Rob Rosenberger has said antivirus products could easily detect many different types of malware well before they ever appear with behavioral scanning. He believes they stick with signature scanning because they can keep the users dependent on them for updates.

Conspiracy Theories

There is a theory that antivirus companies create many viruses and worms themselves in order to get computer users to buy their products. While antivirus vendors benefit indirectly from viruses and worms, there is no evidence of any antivirus company creating a virus or of any collaboration with virus writers or groups.

Sources

Johnathan Yarden. TechRepublic, "Why there is no global antivirus software conspiracy". 2005.11.15

Adrian Kingley. ZDNet, UPDATE: CA antivirus trashing Windows system files. 2009.07.09

MacDailyNews, Sophos anti-virus software mistakes real files for pests, breaks Mac OS X systems. 2006.02.22

Rob Rosenberger. VMyths, CERT® missed Melissa's ultimate lesson. 1999.07.06

Jim Kerstetter. ZDNet, Melissa finds more fertile ground. 1999.10.22 (Archive.org)

G Data Software, G Data presents security firsts at CeBIT 2010 2010.02.18

The Tech Herald, Malware then and now – a look back on the anniversary of the Melissa Virus. 2009.03.26

Funding Universe, Symantec Corporation History.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License