US-CERT Cyber Security Tip ST04-005 — Understanding Anti-Virus Software


 

US-CERT Cyber Security Tip ST04-005 — Understanding Anti-Virus Software

Hi everyone,

        This is Part 2 of my multi-part series intended to make you more aware of good security habits (and general computing concepts).  I was debating about this or the “Understanding Firewalls” and decided this is more important (albeit only slightly).  As always, I highly recommend that you check out the US-CERT website and their cyber security tips as well.

        So, what is an Anti-Virus software program, and why do you need one?  Before we go into that, we need to discuss viruses (and Trojans) a little.  By explicit definition, a virus is a program that self-replicates (makes copies of itself).  Trojans are viruses in one sense, however they actively seek out new hosts (computers) to infect– either through e-mail or attempting to connect with operating systems or programs installed on the target.  For the most part, you’ll see Trojans more than the traditional virus– but there are a few ‘viruses’ still floating around.

        This tip goes into some fairly good detail about anti-virus programs, however it’s a little old.  Most newer anti-virus programs use a feature called “Real-time scanning” which means that anything you download gets scanned automatically for viruses or Trojans.  Also, they employ a feature called heuristics, which is a “trial and error” approach, using patterns that most viruses follow.  Basically, heuristics says If it looks like a virus, or acts like a virus, then I’m going to err on the side of security and call it a virus.  (Note: this is a really simplified explanation of how heuristics work in Anti-virus software, and may not be accurate).

      ****Important note of caution*****  With Anti-Virus software (and Anti-Spyware and Firewalls also) the adage of more is better DOES NOT APPLY.  If you install more than one Anti-Virus program, they will conflict with each other (and possibly cause your computer to crash).  If you’re deciding to switch from one Anti-Virus program to another, you need to make sure that ALL traces of the original are gone.  (Symantec offers a program to completely remove their software after the uninstaller finishes– check with other Anti-Virus companies to see if they do the same).

Have a great weekend everyone:-)  Next week, I’ll be discussing Firewalls.

Patrick.

Leave a comment

Your email address will not be published. Required fields are marked *