Under virus scanners or Antivirus Software (sometimes under the term “virus protection” to find), one understands software, which detects, blocks and possibly eliminates known computer viruses, worms and Trojan horses. These programs either work as real-time protection (“on-access”) with every access in the background or are started manually (“on-demand”). Many programs also offer both functions. There are a large number of such products on the market, including some that are at least available free of charge for private use.
How do these antivirus software work?
The principle of operation is quite similar for all products and is based on two strategies:
In this case, a pest is only recognized if a corresponding signature has been made available by the manufacturer of the antivirus software. This is the classic way of detecting viruses, which has been used for over 20 years. Almost every virus protection program does this. The disadvantage is obvious – the scanner only recognizes what the manufacturer has already analyzed. Today, malware spreads rapidly across the globe in just a few minutes. This is the typical rabbit and hedgehog problem for the manufacturers of the virus protection programs. The virus or worm is usually with the user earlier than the signature update. It was half as wild 20 years ago, when viruses spread extremely slowly by exchanging floppy disks or other data carriers. But in the Internet age, the chances of virus protection programs are unfortunately bad. The advantage of the method is that false alarms (the cases in which harmless software is incorrectly recognized as malware) are extremely rare.
The heuristic method
This system takes advantage of the ability to search for common features of malware to detect unknown viruses based on their typical characteristics, use Behavioral Blocking, or bring a rudimentary Intrusion Detection System (IDS). This approach is significantly newer than signature-based detection, and its importance is increasing steadily as the periods in which new viruses and variants of a virus enter the market are becoming shorter and shorter.
The big disadvantage of this method is the low hit rate, which is well below 50%. In addition, the false alarms already mentioned often occur. The advantage is that at least a small part of new malware can be identified with it. But that does not help much either. And the reason is quite obvious: who wants to get a new malware in circulation, undoubtedly has the opportunity to test his “product” with a large number of scanners and to optimize it until at least the market leaders no longer respond. The low hit rate of the heuristic method shows that this is happening increasingly.
Should I use an Antivirus Software?
Let’s try an analogy: you want to get out of an airplane anytime, anytime. You know, of course, that this would not be a good idea, because you would hardly survive an impact on the ground from a great height. Now the technical aids come into play – here the parachute would be the device of choice. He provides security, with his help manages the gentle and safe landing. When visiting the parachute shop, the seller will tell you when looking at the latest model that it is guaranteed to open correctly in 90% of the cases.
We do not need to deepen this example further. If the parachuting industry offered the kind of “security” that antivirus software manufacturers are doing, all parachute producers would have gone bankrupt.
So the basic problem is this: Assuming the scanner discovers 90% of the malware in circulation (the exact percentage may vary from product to product – but that’s not what matters), then it does not spot 10%. And if the user behaves as if the scanner has a hit rate of 100%, then it gets him just slightly later, as if he would not use a scanner. This conclusion also does not depend on whether the scanner now recognizes 90% or at least 95% or even 99%.
Antivirus Software and its Benefits
So the basic problem is this: Assuming the Antivirus Software discovers 90% of the malware in circulation (the exact percentage may vary from product to product – but that’s not what matters), then it does not spot 10%. And if the user behaves as if the scanner has a hit rate of 100%, then it gets him just slightly later, as if he would not use a scanner. This conclusion also does not depend on whether the scanner now recognizes 90% or at least 95% or even 99%.
What do we learn from this: A virus scanner does not increase security!On the contrary – he REDUCES her. Because I think I’m protected, I may be reckless than I would without a scanner. In addition, these programs often open up further gaps in the system’s health. At the end of 2007, security experts from N.runs AG tracked down around 800 vulnerabilities in antivirus products that could be used by attackers to launch denial-of-service (DoS) attacks and contaminate corporate networks with malicious code.
Since the detection rate of the virus scanner is considerably less than 100%, you need other protective measures. And if you adhere to them, the virus scanner is simply superfluous. But if you really want to use one, then you do not consider it as part of a reliable security solution, but as an upstream filter that may save you some malware that you no longer need to worry about. It’s similar to a spam filter that you know knows a lot, but lets you through a lot of spam while still eating one or the other important email.
Incidentally, it is quite common that this so-called “security software” completely disassembled your Windows system, because a Windows system file is mistakenly classified as a threat and then deleted or moved to a quarantine directory. The result is then that Windows does not start anymore. You can find some of these recent cases here , here and here . These are just a few example cases and thus only the tip of an extremely annoying iceberg. False alarms from anti-virus software have become a real nuisance.
Last but not least, you should keep in mind that the scanners offered not only have a large price range (from “free” to “very expensive”), but also significant differences in the size of the system’s load on the system , On PCs that are no longer fresh, it is useful if the virus scanner does not generate too much system load. And if at some point you come to the conclusion that you no longer need this software, then it is advantageous if the scanner can be removed again without leaving any residue. Hence use XA Technologies’ XA Secuflex for the most secured virus Protection.