Network Security pt. 3 - Antivirus Software

Rich Watts
Feb 8, 2019 8:05:00 AM

Did you miss part 2? Click HERE to watch it first.

––––––––––––––––––––––––––––––––––––

 

Transcript:

The Old Antivirus Software

Interestingly enough, antivirus software has been around as long as I can remember, and for a long time its mode of operation really didn't change.

Any file that you have on your systems has a signature. Each one has information about its size, date of creation, and additional information that is very unique to each one.

Identifying Viruses

What antivirus writers first realized then, was if they could identify what a malicious file's signature looked like, they could write a signature-based antivirus program that looks for that information, quarantines it, and finally deletes that file.

That's exactly how the software has functioned for decades. The race always was to find a virus as quickly as possible, identify its signature and react as quickly as possible to counteract it.

The Issue With Signature-Based Antivirus

The problem, is that there is always a gap between the identification of a virus and writing a valid signature file for it.

Of course, even after the entire process of identifying a virus and updating the software to counteract it, it only works if the end user updates their signature files. Without that updated signature file, any new, malicious viruses wouldn't be tagged or deleted.

At the end of the day, signature-based antivirus softwares are inefficient in identifying new viruses. They continuously face the problem of always being a little bit behind the virus writers as they attempt to identify the signatures for those viruses.

The Modern Antivirus

In trying to make antivirus softwares more effective, it became clear that a new method of identifying and eliminating viruses needed to be found. And with that motivation came the modern antivirus model.

Nowadays, the best modern antivirus softwares are behavior-based rather than signature-based.

Really, there are only a few things that viruses try to do, and they can be easily categorized by these behavior types. Essentially, they are trying to gain root or admin access to your system, modify files, or delete a bunch of files.

In essence, the viruses are designed to operate in a way that allows the designer to command and control a computer over the Internet. Those kinds of behaviors are pretty similar across the board, and the signature of each file might change, but the behavior is there.

With the advent of machine learning and artificial intelligence, the really good software companies are able to detect the behavior and not worry as much about what the file looks like, or how it is defined.

The Consequences Of Poor Protection

I remember a few months ago, a ransomware virus impacted a city office building, taking down all of their infrastructure as a result. People couldn't go to the DMV, they were struggling to properly use their police force, and their fire departments were impacted as well.

Because of the single ransomware virus, virtually all of their infrastructure was encrypted and held for ransom money. It was simply caused by a variation of a well-known virus. If they had been using a really quality endpoint security system that was behavior-based, they could have stopped the encryption before it spread from across their servers and through their entire environment.

In this situation, and many others like it, the right endpoint security would have saved them hundreds of thousands of dollars. And the impact it had on their entire town could have been avoided, or at least minimized.

How To Choose A Good Antivirus Software

If you have antivirus software that is signature based, avoid it.

I can't say it enough. Even even the best of the signature-based softwares of today are less and less effective because of how good virus writers have gotten at modifying or tweaking existing known viruses.

In the meantime, make sure yours is up to date. Make sure you do have the latest signature files. It's important to know, that any antivirus that maybe came pre installed on your computer or laptop, even if it's up to date, is likely signature-based. And any software that's more than a couple years old is likely signature-based.

If your antivirus software is signature-based, you should look at replacing it with something more modern. I also don't think it's too hard to find a really good antivirus. All you have to do is read a few google reviews.

It's also worth noting that it's really not that expensive. It's not significantly different in price than antivirus software that is signature-based.

So without too much investment in too much time, you'll be able to find the right solution that will protect you against all of the modern day variants of malware that are out there.

––––––––––––––––––––––––––––––––––––

Did you miss part 2? Click below to watch it now

network-security-pt-2-patching-vulnerabilities_fb

You May Also Like

These Stories on Technology

Get News Updates

No Comments Yet

Let us know what you think