Everyone knows them: antivirus programs. There are different ones: free, paid, manual scanners, real-time scanners, etc.
They should protect us from viruses and similary. But what exactly does a virus scanner do and what does it protect the computer from?
Protection against malware
An anti-virus program can detect malicious software, quarantine or block it, and delete it from affected computers. What does malware fall under?
Some examples:
Computer viruses , like real viruses, need a host to attack you. In this case, it is files that are “infected” and the user then downloads this infected file.
Worms, on the other hand, can spread without a host, i.e. independently.
Trojans hide in programs that can be used by the user, e.g. an add-on for the web browser. Trojans are used to download additional malware.
This list could now be continued and divided into many more sub-categories. However, these points have one thing in common: virus scanners recognize them according to the signature or heuristic characteristics.
How virus scanner work
A virus scanner has a “scan engine”. This is essential and is there to detect suspicious programs and then, if necessary, to quarantine or even to delete them directly. Just as a virus is constantly evolving, this scan engine must also develop continuously.
Virus scanners work as follows: First, the scanner searches the database so that malware can be found using signature-based recognition (similar to a fingerprint). An attempt is then made to identify the behavior of malware using heuristic detection.
Advantages and disadvantages of virus scanner
Since modern Malware try to change your signature continuously, simple scanners can do this slower or not at all recognize more. Similar to a flu vaccination, these scanners can only help against viruses that are known in advance. Hence, heuristic methodologies are more likely to detect more advanced malware. However, this also increases the rate of false alarms triggered.
Disadvantage: Frequent hitting leads to dulling of the user, just as light hitting can let too much through. A healthy balance is therefore important.
The differences between virus scanner providers are only noticeable in the detection rate. The biggest difference actually only relates to the free or paid version. The rule of thumb says: if you get something for free, you pay with personal data and of course only receive a scaled-down amount.
A regular update of the anti-virus scanner is essential so that the database of the “signatures” is always up to date.
The more modern and paid versions have a sandbox function.
Sandbox solutions are recommended when opening external files if you cannot trust the source 100%, in order to have a secure area to run programs in advance and to check for inconspicuousness.
Conclusion on the virus scanners
According to the quote “Small cattle also make crap”, it makes sense to use a virus scanner. Nevertheless, it is not advisable to rely solely on your antivirus program, as it generally only detects known malware and less advanced malware. It also does not replace a functioning IT department, IDS / IPS solutions, or application firewalls, nor does it replace network segmentation or proper RBAC (roll-based account control management)
The human factor also plays a role here. Therefore, you should always treat files and addressees that are supposed to be known to you with caution. The combination of proactive uncovering your vulnerabilities , suitable endpoint protection and User Awareness , offers you comprehensive protection of your IT landscape.