A piece of software designed to protect against malicious software and cyber attacks in general.
What Is Antivirus Software?
Computer viruses have existed almost as long as computers have. At first these pieces of code were created for self-replication and did no harm. Very soon, their purpose has changed. Usually a virus is an executable file or a piece of code that is designed to do malicious things on a computer system. Initially, they were spread mainly through floppy disks, but viruses have really flourished in the era of networked computers.
The first antiviruses appeared almost the same time as the first viruses. The term has evolved over time, along with the programs themselves. Today, we expect anti-virus software to protect our computer systems from viruses, adware and spyware, ransomware and keyloggers, backdoors and rootkits, trojas, worms, dialers, fraud tools, etc., but very often it has the additional functionality of a network firewall, such as protecting us from DDoS attacks, spam, scam and phishing attacks.
There are three basic mechanics behind antivirus software workings:
- scanning the computer system for known virus signatures;
- heuristic analysis: scanning for code that looks like known viruses;
- real-time monitoring for suspicious behaviour, such as accessing certain files and registries, changing permissions, copying without user consent and others.
However, new tools are emerging every day, the most recent include data mining, sandboxing and many more.
In order for the antivirus software to work its best and keep up with the latest viruses, it has to be regularly updated. Among the established antivirus product vendors one can often find ESET NOD, Norton, Kaspersky, Avast!, McAfee and many more.
A common critique against antivirus software often touches a few key points:
- they impact computer performance;
- they can not possibly provide 100% security, especially against new viruses and 0-day vulnerabilities;
- they may bring a false sense of security to a user, thus leading to non-cautious behaviour;
- they sometimes give false positive results that can disrupt normal operation, delete programs or even damage the operating system.