Information Protection in Computer Networks: Antivirus Solutions
If earlier the transfer of dangerous software (software) took place mainly on such media as floppy disks, optical disks, and so on, then in the conditions of the rapid development of the Internet, the spread of malicious software via a computer network comes first. First of all, through the Internet. Viruses are one of the common reasons why anti-virus solutions, which are increasingly reliable and effective, are so necessary.
However, at this stage in the development of information technology, attacks are not organized alone. A whole industry with a multimillion-dollar turnover has been created. “Botnets” are created (computers where an autonomous software is launched and which are controlled remotely), which can be sold in the future. With the help of infected computers, DDos attacks, spam (spam) or brute-force passwords can be organized on a remote server. Given the above, the organization of information protection should be approached comprehensively, not limited to the only information protection tool and not hesitate to contact specialists.
An antivirus program (or just an antivirus) is a program that is designed to find unwanted software (here we include computer viruses, trojans, spyware and others), to treat infected files, and also to prevent infection of an information system. The task of such software is to block and virus removal.
Often, all unwanted software is called viruses, which is not entirely correct. A computer virus is a type of computer program whose distinguishing feature is the ability to reproduce. Also, unwanted software includes Trojans (an unwanted program that penetrates the system under the guise of various kinds of useful software) and spyware (software that is installed in an information system for full or partial control over it without the corresponding consent of the user of this system) . This type of software is defined as unauthorized installed.
Types of Antivirus Software
Today, all modern antiviruses provide real-time protection against viruses and other unwanted software. Moreover, widespread solutions that allow you to install more than one antivirus tool (as a rule, the firewall already has a built-in antivirus, but you can still install another one of your choice).
Although antivirus software must be installed on a computer, especially one that interacts with others over the network, it should be clearly understood that no antivirus can provide 100% protection against unwanted software.
Network technologies cannot be considered in isolation from the comprehensive protection of information transmitted by network communication channels. Since the beginning of the creation of antivirus software, quite a lot of time has passed. At the initial stages of the evolution of antiviruses, there was a division of antivirus programs into those that detected viruses during the scan and those that were constantly in the computer’s RAM, thus preventing infecting the information system. In addition, it was necessary to install software that was designed to counteract spyware, trojan and other programs and carry out the removal of viruses.
Virus Detection Principles
To detect and neutralize unwanted software, anti-virus programs use various methods:
1) the correspondence of the virus in the description of the database of available signatures. The antivirus program looks for a virus description matching the signature database that it has at its disposal. The disadvantage of this approach is that using this method you cannot find unwanted software whose description was not added to the signature database;
2) finding inappropriate program behavior. The behavior of programs that work in the system is monitored, and in case of a dangerous action of the program (for example, changing the executable file), the antivirus reports this to the user. The advantage of this method is the ability to find unwanted software that has not yet been added to signature databases. The disadvantage is the probability of an incorrect operation under certain operating modes (for example, installing updates for software);
3) emulation of software behavior. Before transferring the rights to execute the software directly, the antivirus attempts to emulate the start of execution. If the program behaves differently, it will be considered harmful to the system. This method also has disadvantages in the form of incorrect responses;
4) “white list”. It is allowed to use only the software that is directly allowed in the system. Thus, even software that does not pose a threat in the form of viruses or other software will not be executed in the system. This approach is usually used in corporate management of antivirus software.