What does Antivirus software do?

Colin Yeung

Normal Day to Day:
To understand what Antivirus software aims to do, first consider your daily use of your mobile phone, tablet, home or work computer.

You open your Word processor, check your emails and login to your internet banking to pay some bills.

When it all works, it’s smooth, time saving and allows you to do what you want quickly and effortlessly.

Infected, Compromised, Hacked:
However, imagine opening the last document you saved and find that everything is unreadable – it has been corrupted. Or when you go to check your email, you find your contacts have all been emailed by “You” and the last 20 photos that have synced off your mobile phone onto your computer (as a backup) have been emailed to them.

Or worse – you have logged into your internet banking to find that you have no money in your bank accounts and your credit card has been maxed out.

Each of the above – file corruption, phishing and identity theft contribute to a $450 Billion a year industry that has modern day criminals, organised crime syndicates and even State based Government authorities in a constant battle.

Antivirus monitors your devices & environment
Antivirus software helps to stem the possibility of uncontrolled software commandeering your computer or device. The monetary outlay alone is worth it against reducing the possibility of malware wrecking your invested time and energy in files you have saved to your computer.

Analogy – think about the house you live in:

  • Level 0 – No Locks on the doors or windows.
  • Level 1 – Locks on the doors and windows
  • Level 2 – Locks on doors and windows, with monitoring that issues a status report, alerting you if they are unlocked.
  • Level 3 – Locks on doors and windows, monitoring & cameras on the front and back door.
  • Level 4 – Locks on doors and windows, monitoring and cameras inside the house in each room, cameras cover all corners of the house on outside. Perimeter fence with cameras and additional monitoring of the lawns and gardens.
  • Level 5 – Locks on doors and windows, monitoring and cameras inside the house in each room, cameras cover all corners of the house. Perimeter fence with cameras and additional monitoring of the lawns and gardens. Regular Site Survey of furniture, items of value and identification of special areas needing additional protection and restricted access.

The above example is extreme – not many people in our society go beyond the locks on the doors and windows – Level 1. The very physical act of invading a home has social stigma and programming attached to it, meaning that security beyond this is not required in most circumstances.

Cybercrime: silent, fast and untraceable
In the above analogy, doors and windows being substituted for Virtual access via Ports, Internet Connection and Physical access to the machine/device by way of USB memory sticks, DVD’s inserted into the device or someone physically sitting at the device.

Cybercrime in the digital realm is different. For the most part, its anonymous, silent, fast and untraceable. Often compromised systems and environments aren’t even aware they’ve been invaded. The notion of Level 5 security monitoring computers, devices and networks is a reality many organisations need to come to terms with.

Many of the more expensive suites offer additional software, services and features which attempt to add value. This may include password safes, email spam filtering, multiple device installations e.g. Mobile, tablet, computer, registry cleaners, real person IT technical support.

  • Level 0 – No antivirus
  • Level 1 – Basic Antivirus
  • Level 2 – Antivirus & Firewall
  • Level 3 – Antivirus, Firewall, System Snapshots
  • Level 4 – Antivirus, Firewall, System Snapshots, Password Safe, Multiple Devices
  • Level 5 – Antivirus, Firewall, System Snapshots, Password Safe, Multiple devices, real time IT tech support.

At a high level, antivirus software varies in quality in delivering the below 3 outcomes. How each software suite goes about offering each varies depending on the vendor:

  1. Prevention – how the product avoids infection entering the computer/device
  2. Monitoring/Detection – identifying and alerting to infection appearing on the device
  3. Treatment – eliminating and minimising damage from the infection

Summary:

  1. Antivirus Software is designed to monitor and detect if your computer/device has been compromised by external threat
  2. All software has the following components, which each of the software vendors manage and deliver slightly differently: Prevention, Monitoring/Detection and Treatment
  3. In general, the vast majority of computer users will be well served by any of the products from McAfee, Norton, Kaspersky, Trend Micro, Bitdefender or Avast.

Read more:

Published by Colin Yeung

Active: cycling, skiing, family; strategy marcomm & tech job. I like single malts. Life's a bit Grand Designs: planning, stress, humor, surprises, epic results.