Types, Functions &
Limitations
The protection of a good Antivirus Software is
essential to maintain the security of any computer system. That is
why it is worth knowing how an antivirus works, what its functions are
and, also, its limitations.
Antivirus software tries to cover
the main forms of attack on your device, be it a computer or a smartphone, and
not having any kind of protection, knowing how an antivirus works, is
foolish, since there are many threats that you can find browsing the Internet
or copying files to your device. Currently, it is possible to find good free or
low-cost antivirus. Antivirus must be updated frequently to ensure protection
against the latest threats. Almost all antivirus can be
configured to update automatically, it is advisable that this option is
enabled.
How an antivirus works
All antivirus acts in the background,
inspecting every file or page that is opened on the device where they are
installed.
Antivirus Software uses
three methods to protect the system:
·
Analyze our
files by comparing them to a database of malicious software or programs
· Monitor
computer files as they are opened or created to ensure they are not
infected. This is real-time protection against viruses , which
can affect system performance.
· Periodically inspect the
entire system to verify if there are corrupt files and eliminate existing
viruses, in case they could have entered your computer.
The antivirus compares
each file on the hard disk with a dictionary of known viruses . If
any piece of code in a file on the hard drive matches the virus known to the
dictionary, the antivirus software kicks in, taking one of the possible
actions.
Antivirus functions
·
Repair
the file. The antivirus tries to repair the infected file by removing the
virus.
· Quarantine
it. The antivirus
will try to provide protection against the virus, making programs inaccessible
to this file, preventing its spread and execution.
· Delete
the file. The antivirus removes the file. If it cannot be removed
from the file, it will always ask us first if we want to do this.
· Analyze
the behavior of system files. In this case, the antivirus will keep track
of all the programs that are running on a system. For example, if a
program tries to perform a suspicious activity, such as writing data to an
executable program, the antivirus
alerts the user of this fact and informs him of the measures to take.
One of the advantages of scanning
files for suspicious behavior is that it offers protection against new
viruses for which information is not yet available and are not part of the
list of known viruses.
When a new virus is created, antivirus software companies
analyze its characteristics, how to eliminate the virus (if possible) and
update the database with this information to ensure that the antivirus can
detect new threats.
On the other hand, it is very common
for these types of programs to incorporate other types of features that allow
them to expand the security they offer, such as:
· Firewall. It acts as a barrier between the
computer and the Internet. It is used to control who accesses the
information stored on the equipment and what information comes out of it to the
outside.
· Analyze
web addresses (URL's). It
allows you to check if a web address links to a page that contains viruses or
if, on the contrary, it is safe.
· Email
protection. Scans
incoming and outgoing emails to verify that they do not contain
viruses. They usually include an antispam filter to prevent
"junk mail" from entering the inbox and an anti- phishing filter to
detect attempts to impersonate trusted pages, banks, public administrations,
prestigious companies, etc.
· Antispyware. Capable of detecting and eliminating
spyware, that is, those that are installed on the computer or device in a
hidden way in order to know the user's browsing habits, passwords and other
data, which could later be transmitted to an unauthorized entity.
· Anti
pop-ups. Its
main objective is to avoid opening annoying pop-up windows that may appear
while browsing the Internet. Various spyware can be hidden in some of
these windows.
·
Backups. Make backup copies of the most
important documents stored on your computer.
Limitations of antivirus
Antivirus programs, despite being
constantly updated and offering more and more functionalities, also have
certain limitations when it comes to keeping your computer system safe.
Therefore, when selecting an antivirus
you should keep in mind some of the tasks that basic antivirus does not
perform:
· They
do not prevent Spam,
which must be examined with specific Anti-Spam software.
· They
do not prevent direct attacks from
a hacker on the system.
· They
do not prevent criminal activities online. The antivirus is not capable
by itself of preventing these actions.
Despite its limitations, you
should never stop the antivirus operation because it will leave your
system more exposed to external attacks.
In
the same way, if you do not update your antivirus with the latest virus definitions available
on the Internet, the software will become practically useless, since it
will not be able to detect or eliminate the most recent viruses.
Having
an antivirus
installed on your computer almost always means that your computer slows down a
bit, that is, it works slower than it should. This is mainly due to the
fact that antivirus programs use many system resources.
A general rule of thumb in this regard
is that the more functions the antivirus provides, the
more resources such as RAM memory and CPU cycles it will use.
Types of antivirus
Basically, Antiviruses are divided
into several categories, depending on the function for which they were
designed: prevention, identification or elimination of viruses.
· Preventive
antivirus, which fulfill the function of anticipating infection by intercepting
and analyzing all data input and output operations. This type of antivirus, to perform
its task, must be installed on the disk and reside in the memory of the
computer, so they tend to consume a considerable amount of resources that in
the end slows down the computer.
· Identifying
antivirus, whose main function is to identify threats that may already be
active in the system. To achieve its mission, this type of antivirus
analyzes all files on the computer in search of byte strings related to
malware.
· Decontaminating
antivirus, whose purpose is to eliminate an infection when it has already
occurred and attacked the computer. Many of these Antiviruses will also
try to revert to the state before the infection occurred.
·
Heuristic
antivirus, which act as a simulator, that is, they pretend the launch or the
usefulness of various programs to observe their behavior and identify possible
suspicious situations.
In general, modern security solutions
combine these three types of antivirus, also integrating other functionalities.
Online antivirus
In addition, you can also use an
online antivirus, which does not need to be installed on the computer. The antivirus
in the cloud is nothing other than traditional antivirus, but with the
characteristic of not being running on your system, with the consequent saving
of resources and process time.
Online antivirus is especially
interesting in the case of having already suffered an infection, because
some viruses and malicious programs prevent the correct functioning of
antivirus, and continue to act after a complete system check. Online antivirus
can also be useful when you need to use unknown or suspicious systems,
such as community computers. Another advantage of antivirus in the cloud is
that you always have your virus database and search engine up-to-date.
In addition, an online antivirus allows you
to always be protected against any virus threat with the latest technology,
even if you have an outdated computer in terms of hardware, because the
software necessary for the scan does not reside on your system, but on the
Internet.
However, it is important to know
that online antivirus tools are not designed to replace antivirus programs ,
as they do not offer real-time protection. In addition, it is necessary to
differentiate between online tools that perform a complete analysis of the
system to detect and eliminate infected files and those that are more focused
on analyzing files individually.
Antivirus installed on
your computer
One of the best features that a
traditional antivirus offers compared to one hosted in the cloud is the
possibility of being used without an Internet connection, with all the
advantages that this implies.
Likewise, the traditional antivirus
system has a series of very important characteristics when managing everything
related to infected files, such as the ability to make backup copies of them
in the so-called " Quarantines " or the possibility
of excluding them from the I scan certain folders , functions not
offered by cloud antivirus
systems.
These security tools can act as resident
antivirus , ie. that are loaded into memory constantly monitoring
what is happening on your computer. Or they can be activated from
time to time to perform a system scan or inspection of a
specific file or storage unit.
No comments:
Post a Comment