Hey everyone! One of the things I struggled with when I first started learning about computers was, what makes a virus, and how does an antivirus know them when it sees them. It still is very hard to understand some of them! especially because there are new and more sophisticated ones being created every day. A virus is different to an exploit, an exploit is when someone finds a weakness or a hole in a legitimate program or system that allows them to gain control of of the system. However both rely on a system being kept up to date for protection.
Viruses are just another program really, they are lines of code that are created to perform a task, unfortunately the task is mostly an undesirable one, and the program that is the virus, is snuck onto your device with out your permission. Virus is a very broad term, there are many different types, Malware, Spyware, Trojan, Rootkits, Worms, but for the purpose of this blog we will keep referring to them by the blanket term of virus. Some viruses are so ingrained in a system, that once the system starts, they can not be detected, these can only be detected by having your hard
drive scanned by another PC while it is not running. Rootkits are usually detected by running a scan as your computer is booting up. Once found, a virus is either blocked, quarantined, or deleted.
So how does an antivirus know a virus when it sees it? well antivirus programs scan your system looking for "lines of code" or patterns or behaviors, certain keywords, and it may also have a list of suspect web domains on its list to watch for.
So the bad news to all this! Unfortunately the antivirus program needs to know what its looking for. So a virus needs to be discovered, analyzed, then either a "fix" created or the virus "signature" distributed to relevant need to know companies.
Antivirus companies have things called "honey pots" these are groups of devices set strategically around the Internet, and their main purpose is to catch everything that's going!. Once caught, it is a race against the clock to to get the signature out there so the virus can be detected and stopped. This is the reason why it is absolutely imperative that you keep your antivirus updated daily if possible, that way it will receive the latest virus signatures.
It is often thought that once your antivirus subscription or license expires, that you are left unprotected, this is not entirely true, you still have all the virus signatures that you have received up until this point. Your system will just stop receiving latest updates for new viruses.
If you have a look at a lot of paid verses unpaid antivirus products, the difference usually isn't in the virus updates, it may be in the form of extra Malware protection, if the unpaid version doesn't have it (some do, some don't) often you are paying for extra services and trimmings like customer support, password systems, sandbox's, key scramblers etc. I am in no way saying don't buy an antivirus, but make sure you know what extra you are getting for your money.
4 comments:
It DOES help. Thanks!!!
Your welcome Mel
Great post thankyou
Thanks Deb
Post a Comment
Please feel free to let me know your thoughts