ANTIVIRUS Mikhail Daneyko Cyber Security IASP 470 CONTENT
ANTIVIRUS Mikhail Daneyko, Cyber Security, IASP 470
CONTENT • What is antivirus and how it works. • How do malware samples get into viral laboratories? • Antivirus Anatomy • How to antiviruses detect malicious program. • Antivirus overview • • Avast Ahn. Lab Internet Security Kaspersky Norton • Conclusion
What is antivirus and how it works. Antivirus is a computer program whose purpose is to detect and remove computer viruses and other malicious programs. Depending on which threat is neutralized (known or unknown to the virus analysts of this product), the antivirus provides reactive or proactive protection. Reactive protection is protection against known threats using knowledge about code snippets and other unique features of malicious programs. Proactive defense is protection against unknown viruses based on knowledge of the code features and behavior specific to malware. Proactive defense is especially effective against modified viruses based on preexisting threats.
How do malware samples get into viral laboratories? Antivirus companies traditionally have several channels for the arrival of new samples. First, these are online services like Virus. Total, that is, servers on which any anonymous user can check the detection of an arbitrary file by the top ten most popular anti-virus engines at once. Each uploaded sample, regardless of the test results, is automatically sent to vendors for a more detailed study. The second channel is “drift”, suspicious files that users transfer to viral lab through the site of the antivirus company, at the request of the support service or unloaded from quarantine. The third channel is honeypots, special baits for virus makers in the form of virtual servers with open ports and login and password like root / root, where some bot drivers happily upload their creations, marveling at the curvature of admins. Finally, the fourth way is the exchange of databases between the vendors themselves, but in recent years, due to increased competition in the market and a narrowed feed base, cooperation between antivirus companies has practically disappeared.
Antivirus Anatomy Anti-virus programs of various manufacturers include a different number of components. Usually modern anti-virus applications have the following set of functional modules: antivirus scanner - a utility that searches for malware on disks and in the device’s memory at the user's request or according to a schedule; resident monitor - a component that monitors the state of the system in real time and blocks attempts to download or launch malicious programs on the protected computer; firewall - a component that monitors the current connection, including the analysis of incoming and outgoing traffic web antivirus - a component that prevents user access to dangerous resources spreading malware, phishing and fraudulent sites using a special database of addresses or rating systems;
Antivirus Anatomy(continued) mail antivirus - an application that checks the security of attachments to e -mail messages and (or) links sent by e-mail; anti-rootkit module - a module designed to combat rootkits (malicious programs with the ability to hide their presence in an infected system); preventive protection module - a component that ensures the integrity of the data vital to the health of the data system and prevents the dangerous actions of programs; update module - a component that provides timely updates of other antivirus modules and virus databases; quarantine - a centralized secure storage in which suspicious (in some cases, definitely infected) files and applications are placed before the final verdict is issued.
How to antiviruses detect malicious program. Modern anti-virus programs use several methods for detecting malicious programs in their various combinations. The main one is signature-based threat detection. This method of detecting malware is based on the creation of so-called signatures - unique digital file identifiers. In fact, a signature is a kind of “fingerprint” of a file: using a signature, you can uniquely identify a file or application. File hashes are similarly arranged, for example, SHA-1 or SHA-256, while hashing in this case refers to converting the contents of a file using a unidirectional mathematical function (cryptographic hashing algorithm), which results in a unique set of hexadecimal characters.
How to antiviruses detect malicious program. (continued) Signatures are collected in a data block called virus databases. The anti-virus program examines files stored on disks (or downloaded from the Internet) and compares the results of the study with the signatures recorded in the anti-virus database. In case of coincidence, such a file is considered malicious. Until a new malware sample enters the virus lab and its signature is added to the databases, the antivirus will not be able to recognize and eliminate this threat.
ANTIVIRUS OVERVIEW • Avast (Europe) • Anh. Lab Internet Security (South Korea) • Kaspersky (Russia) • Norton (USA)
AVAST
Avast has long been a go-to choice for free antivirus. It’s feature-rich, system light and pretty secure, to boot. You have protection against basic malware along with secure browsing, network protection and behavior monitoring. Outside of that, you have a sandbox mode for testing files, a password manager and more. Something unique to Avast is Sandbox mode where you can test suspicious files in a safe environment. This is particularly useful for pirates that hoard data from around the web. One of the unique extensions is a video downloader. Avast allows you to download video from platform like You. Tube and Vimeo in native resolution. You can access Bank Mode inside Secure Browser or the Avast UI. It’s a separate desktop for any online transactions, shielding you from exploits that could be carried out with a normal browser window.
The last and most unique feature Avast Pro offers is Wi-Fi Inspector. It will scan all devices on home or public wi-fi for vulnerabilities, a quick way to know if your router or another device is infected. In a public setting, it gives you an overview of all devices connected to the network, so you know if there’s a hacker lurking among you.
AHNLAB INTERNET SECURITY
Ahn. Lab Internet Security is an antivirus for comprehensive device protection. Powered by cloud technology and offers a full range of functions for the security of files, information from threats and network attacks. Ahn. Lab lived up to its reputation, providing excellent protection for both endpoint and network security. Its enterprise-grade V 3 Internet Security Package is definitely one of the best platforms on the market for ensuring that critical business assets are protected from both traditional and emerging cybersecurity threats.
The program offers reliable protection against viruses, spyware, trojans. With the help of the True. Find function, the software detects even hidden rootkits. There is web protection against phishing sites, due to which the user's personal data will not be intercepted and transferred to third parties. Enhanced mail security is available: you can scan incoming and outgoing messages for malicious files. The spam filter provides a group of keywords that are included in the scan filter. Firewall provides a reliable firewall to block viruses in an online environment. USB media can also be checked: the system automatically blocks any files with a potential threat. There is a possibility of irretrievable deletion of information due to its multiple overwriting. The program includes utilities to speed up the computer cleans the registry and removes temporary files. It guarantees instant computer protection without false positives.
KASPERSKY
With powerful real-time malware protection, an easy-to-use interface, and virtually no impact on system performance, Kaspersky does basic virus protection extremely well, some of the best in the industry. But while Kaspersky boasts a lot of advanced features, like Cloud Protection, a VPN, and a password manager, some of these are not worth the added cost on the more expensive plans.
Kaspersky Anti-Virus is a basic antivirus product for Windows. It offers real-time and ondemand protection against all types of malware, including viruses, spyware, and ransomware. Kaspersky Internet Security adds support for Mac and mobile, plus extra protection against cybercrime such as phishing scams and credit card theft. Kaspersky Total Security is Kaspersky’s top-of-the-range plan. It includes bonus features such as a password manager and parental controls. What’s particularly great is that Kaspersky provides its powerful ransomware protection across all of its plans. Detecting and removing ransomware is a big challenge for most antivirus programs. Kaspersky’s Safe Money can stop cybercriminals from stealing your payment information. The Safe Money feature automatically detects if you’re about to make an online payment or use online banking. With Safe Money, you can use Kaspersky’s On-Screen Keyboard when entering payment information. This stops keylogger spyware from recording your keystrokes.
NORTON
Norton has obviously worked hard to improve its product, and with the 360 -antivirus package, Norton has created something exceptional. Norton 360 is built around 5 core security features: • Device Security. • Cloud Backup. • Secure VPN. • Password Manager. • Parental Control (360 Deluxe and 360 Premium only).
Norton calls its antivirus technology “SONAR” — Symantec Online Network for Advanced Response. SONAR uses several methods to protect your computer from malware. In addition to traditional definition and signature-based antivirus techniques, SONAR uses heuristics to analyze the behavior of files. This means SONAR can detect “zero-day” threats (unknown and emerging types of malware). Norton’s “Cloud Backup” feature offers secure remote storage for your important files. A VPN also lets you hide true location by connecting to secure servers all around the world, so you can access online content that’s unavailable where you live. Another great thing about Norton Secure VPN is that it lets you use unlimited data. Norton Password Manager one of the best one among other antiviruses Password Managers. The Password Vault has a clear and simple interface. The “Safety Dashboard” tool gives you an overall score for the strength of your passwords. Along with login credentials, you can also store payment details, addresses, and notes in the Password Vault.
Conclusion. So, there's no longer any question that you should use antivirus software. But what kind of antivirus software should you get? Do you need to pay for it, or is free software good enough? Is anti-malware software the same as antivirus software? First, pick software with a high malware-detection rate. Second, look for a light system load. Next, see how easy the software is to use. Finally, look for email and web protection. You'll want antivirus software that automatically screens email attachments before you open them, and also checks websites before you load them. REMEMBER important thing: anti-malware software is not antivirus software.
- Slides: 23