History of antivirus software

History of antivirus software Antivirus Software History of Antivirus Software There are competing claims for the innovator of the first antivirus product. Possibly the first publicly documented removal of a computer virus in the wild was performed by Brent Fix in 1987. An antivirus program to counter the Polish MKS virus was released in 1987. Dr. Solomons Anti-Virus Toolkit, AIDSTEST and AntiVir were released by in 1988. Dr. Ahn Chul Soo (Charles Ahn, founder of AhnLab Inc) in South Korea also released the Anti-Virus software called V1 in June 10, 1988. By late 1990, nineteen separate antivirus products were available including Norton AntiVirus and McAfee VirusScan. Early contributors to work on computer viruses and countermeasures included Fred Cohen, Peter Tippett, and John McAfee. Before Internet connectivity was widespread, viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable files and the boot sectors of floppy and hard disks. However, as internet usage became common, initially through the use of modems, viruses spread throughout the Internet. Powerful macros used in word processor applications, such as Microsoft Word, presented a further risk. Virus writers started using the macros to write viruses embedded within documents. This meant that computers could now also be at risk from infection by documents with hidden attached macros as programs. Later email programs, in particular Microsoft Outlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. Now, a users computer could be infected by just opening or previewing a message. This meant that virus checkers had to check many more types of files. As always-on broadband connections became the norm and more and more viruses were released, it became essential to update virus checkers more and more frequently. Even then, a new zero-day virus could become widespread before antivirus companies released an update to protect against it. What is an Antivirus program? An antivirus program is used as a security measure and protection tool against computer viruses. The job of an antivirus program is to scan, detect and prevent viruses. Not all antivirus programs can perform these basic tasks, but this will be discussed later on in this report. Antivirus programs are an essential tool you must have installed on your computer or network. Antivirus programs offer real-time, on-access and on-demand protection for your computer. The way the programs works is based on the version of the antivirus program you have. Antivirus programs can be a standalone or can be included in a protection suite and are distributed in 32 and 64-bit versions on multiple operating systems such as Windows, Linux and Mac, allowing all different types of computers to be protected from malicious software. Why is Antivirus Software Necessary? Security is a major concern when it comes to the safety of your personal information. If someone were to access your information and use it, the consequence would be drastic. Information security is concerned with three main areas; Confidentiality peoples information should only be available to someone who has the right to view it. Availability information should only be accessible when someone needs it. Integrity information should only be modified by people who are authorized to edit it. These concepts apply to home Internet users just as much as they would to any corporate or government network. You probably wouldnt let a stranger look through your important documents. In the same way, you may want to keep the tasks you perform on your computer confidential, whether its tracking your investments or sending email messages to family and friends. Also, you should have some assurance that the information you enter into your computer remains intact and is available when you need it. Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you werent connected to the Internet (e.g. hard disk failures, theft, power outages). The bad news is that you probably cannot plan for every possible risk. The good news is that you can take some simple steps to reduce the chance that youll be affected by the most common threats and some of those steps help with both the intentional and accidental risks youre likely to face. Virus? What is a Virus? Before we go on and tell you how an antivirus program scans, detects and prevents viruses and malware, lets discuss what exactly a virus is. Like its genetic equivalent, a computer virus is a program that spreads unwanted and unexpected actions through the insides of your PC. Not all viruses are malicious, but many are written to damage particular types of files, applications or even operating systems. Some examples of viruses are; Trojan horse viruses, worms, spyware, adware, rootkits, and many other types of malware. Viruses have been around since the early 1970s. Even though they never had an internet connection back in the 70s viruses still infected computers by floppy disks. Yes, FLOPPY DISKS, the old 5 14 disks. The first recorded virus was in 1971 and it was called the Creeper Virus, which was written by Bob Thomas. What the Creeper virus did was it infected a remote computer by the ARPNET and copied itself displaying the message â€Å"IM THE CREEPER: CATCH ME IF YOU CAN!. Ironically the Reaper was created to delete the Creeper. The Reaper program was not like the anti-virus programs we know today, but in fact was a virus itself in that it was self replicating and spread through a network. How an Antivirus Program Works The first and most important task of an antivirus program is to protect, prevent, or block any malicious activity in your computer or home and office network in real-time. The real-time protection should trigger an alert or provide automatic action whenever a suspected or positively identified malware activity is detected. Most antivirus programs will only monitor some critical areas in your computer. When an antivirus program is installed, it will start monitoring the activity of the system by searching files that are being accessed, transferred, or stored to or from the hard disks and external/removable drives. Files that are being downloaded from the Internet are scanned. If a suspicious activity is detected, the antivirus program will automatically remove the file or stop the processes that are posing risk to your system, your contacts, or other computers or devices in on your network, unless you trust the file that you are receiving. Antivirus programs offer several types of detection methods to identify malware, but the most common detection methods is heuristic analysis and by using traditional virus detection (signature-based). 1. Characteristics of a program This is called heuristics scanning. Heuristic scanning engines work on the principle that viruses will usually use certain tricks or methods of infecting, and therefore if a program looks like it might be using those tricks, there is a possibility that the program is a virus. Sound simple? No, not really, its actually incredibly hard to write a foolproof 100% effective heuristics engine. (Engine, simply put, is just a word we use to describe the bit that drives the virus detector and compares files to the database of known infection agents) The more aggressive heuristic scanner may well detect large numbers of so called False Positives i.e. files that are really totally innocent but look like they might alter other files, the less aggressive ones might miss files that really are viruses. A method of heuristic analysis is for the anti-virus program to decompile the suspicious program, and then analyze the source code contained within. In reality heuris tics work quite well for some types of viruses, such as Macro Viruses, but not so well for other types. However, they are a reasonable attempt at providing protection against currently unknown viruses. The advantage to this method is the fact that there is no time period when the computer is not protected after specific viruses are released. The disadvantages include the fact that false positives may occur and some viruses may not be identified during the length of a scan. The first heuristic engines were introduced to detect DOS viruses in 1989. However, there are now heuristic engines for nearly all classes of viruses. 2. Footprint or Signature-based detection of virus program A virus signature is a particular pattern of bits or information contained in a virus that appears in no other file or program in the world, except for that virus. This method is the most common method used to identify viruses and false positives are very rare. It compares the virus footprint against a library of known footprints which match viruses. A footprint is a pattern in the data included in a file. Using this method, viruses must be identified as viruses, and then added to the library of footprints. The advantage to this method lies in the fact that false positives are very rare. The disadvantage to this method is the fact that there is a time period between when the virus is released to when the library of known footprints is updated. During this time period, the virus will not be recognized and could infect a computer. How do antivirus programs rate possible risk? Antivirus programs use a threat level index to determine what type of action to take. If the program is adware only, most antivirus programs will display a dialog box to inform the user why a program or related file of an adware program was detected. If the detected object is posing security and privacy risks, the threat level is medium, high, or severe. The threat level ratings by antivirus programs are not all the same. Some antivirus programs may not detect or even scan for tracking cookies. Some of these are installed when legitimate software downloaded from third-party websites is bundled with another installer from a company that is known to have a spyware or adware business. Quarantine and False Positives in Antivirus Programs Antivirus programs work also by quarantining suspect and malware files. This process is to prevent the offending objects from doing any damage in the system and to allow the end-user to restore back a quarantined object to its original location if it is found to be a false positive. A false positive detection is when a malware signature detected an uninfected file or process. In some cases, a false positive can cause a system to not to boot or run properly. If another program is affected by the false detection, the system will run normally, but not the program that the Antivirus have falsely identified and removed. Types of Antivirus Programs That Are Available On the following page there is a list, in alphabetical order, of some the companies who provide Antivirus programs and the platforms on which they are supported. Company Windows Apple Linux Mobile Free? AntiVir Yes No Yes No Yes AVG Yes No No No Yes Avira Yes No Yes Yes Yes BitDefender Yes No Yes Yes No ClamWin Yes No No No Yes ESET NOD32 Yes No Yes Yes No F-Prot Yes No Yes No No Kaspersky Yes Yes Yes Yes No McAfee Yes Yes Yes Yes No MSE Yes No No No Yes Network Associates Yes Yes Yes Yes No Panda Software Yes No Yes No No RAV Yes Yes Yes No No Sophos Yes Yes Yes No No Symantec (Norton) Yes Yes Yes Yes No Trend Micro Yes No No Yes No Vipre Yes No No No No Webroot Yes No No No No Antivirus Software Now that you have a basic understanding of how an antivirus program works and why you need one, here are some examples of three of the main antivirus programs available today. The main three that this report is going to discuss is Norton, Bitdefender, and Kaspersky. There are different types of antivirus programs available for each manufacturer and the following information is going to discuss these types of programs. Norton by Symantec Norton offers 3 antivirus programs; Norton Antivirus Norton Internet Security Norton 360 Here is a full list of what Norton by Symantec offers for their product line. (Symantec) Core Protection Blocks viruses, spyware, Trojan horses, worms, bots, and rootkits Defends against hackers with quiet two-way firewall Pulse updates every 5 15 minutes for up-to-the minute protection Advanced Protection Norton Bootable Recovery Tool repairs, restores and boots severely infected, unbootable PCs Leverages cloud-based online intelligence for real-time detection of threats Download Insight proactively warns of potential dangers in newly downloaded files and applications before you install or run them Guards against Web attacks that exploit software vulnerabilities Stops threats unrecognized by traditional antivirus techniques Filters unwanted email with professional-strength antispam Helps keep your kids safe online with parental controls (Microsoft Windows only) Networking Helps secure and monitor your home network Automatically secures your PC when connecting to public wireless networks Identity Protection Block hackers from accessing your computer Blocks phishing websites and authenticates trusted sites Secures, stores, and manages login and personal information Prevents hackers from eavesdropping and stealing information as you type Identifies unsafe Web sites in your search results Backup and Restore Automatically saves important files locally or to secured online storage Restores lost files and folders PC Tuning Optimizes the hard drive to free up disk space Optimizes PC performance with disk cleanup Provides clear insight into recent PC activities to help prevent slowdowns Optimizes application performance with one-click Support Free email, chat, or phone support Automatically finds and fixes common PC problems The following is a table of what exactly the three antivirus programs from Norton offer. Norton Internet Security Norton 360 Norton Antivirus Blocks viruses, spyware, Trojan horses, worms, bots, and rootkits Yes Yes Yes Defends against hackers with a quiet two-way firewall Yes Yes No Pulse updates every 5-15 minutes for up-to-the minute protection Yes Yes Yes Intelligence-driven technology for faster, fewer, shorter scans Yes Yes Yes Norton Bootable Recovery Tool repairs, restores and boots severely infected, unbootable PCs Yes Yes Yes Leverages cloud-based online intelligence for real-time detection of threats Yes Yes Yes Download Insight proactively warns of potential dangers in newly downloaded files and applications before you install or run them Yes Yes Yes Guards against Web attacks that exploit software vulnerabilities Yes Yes Yes Stops threats unrecognized by traditional antivirus techniques Yes Yes Yes Filters unwanted email with professional-strength antispam Yes No No Helps keep your kids safe online with parental controls (Microsoft Windows only) Yes Yes No Helps secure and monitor your home network Yes Yes No Automatically secures your PC when connecting to public wireless networks Yes Yes No Block hackers from accessing your computer Yes Yes No Blocks phishing websites and authenticates trusted sites Yes Yes No Secures, stores, and manages login and personal information Yes Yes No Prevents hackers from eavesdropping and stealing information as you type Yes Yes No Identifies unsafe Web sites in your search results Yes Yes No Automatically saves important files locally or to secured online storage No Yes No Restores lost files and folders No Yes No Optimizes the hard drive to free up disk space No Yes No Optimizes PC performance with disk cleanup No Yes No Provides clear insight into recent PC activities to help prevent slowdowns Yes Yes Yes Optimizes application performance with one-click Yes Yes Yes Free email, chat, or phone support Yes Yes Yes Automatically finds and fixes common PC problems Yes Yes Yes Bitdefender Bitdefenders product line for antivirus software is; Bitdefender Antivirus Bitdefender Internet Security Bitdefender Total Security Here is a list of what Bitdefender offers for there product line. (Bitdefender) Protection Antivirus Protects against viruses and other malware with industry-leading technology Multi-layered proactive protection against new and unknown threats Antispyware Blocks concealed programs that track your online activities Antiphishing Blocks web pages that attempt to steal your credit card data Antispam Stops unwanted e-mails from reaching your Inbox Firewall Automatically secures your Internet connection wherever you are Helps prevent outsiders form accessing your Wi-Fi network Performance Special Operating Modes Game Mode reduces system load postpones scans Laptop Mode prolongs battery life Tune-up Removes unnecessary files registry entries, for optimized performance Privacy IM Encryption Keeps your conversations private on Yahoo! And MSN Messenger File Vault Locks up confidential files in an encrypted vault File Shredder Ensures that no traces of deleted sensitive files remain on your PC Control Parental Control Blocks access to inappropriate websites and e-mail Limits kids access to the Internet, games, etc†¦ to specific times Home Network Manages the security of your entire network from a single location Data Backup Automatically backs up files and folders The following is a table of what exactly the three antivirus programs from Bitdefender offer. Bitdefender Antivirus Bitdefender Internet Security Bitdefender Total Security Antivirus Yes Yes Yes Antispyware Yes Yes Yes Antiphishing Yes Yes Yes Antispam No Yes Yes Firewall No Yes Yes Special Operating Modes Yes Yes Yes Tune-up No Yes Yes IM Encryption No Yes Yes File Vault No Yes Yes File Shredder No No Yes Parental Controls No Yes Yes Home Network Yes Yes Yes Data Backup No No Yes Kaspersky Kasperskys product line for antivirus software is; Kaspersky Antivirus Kaspersky Internet Security Here is a list of what Kaspersky offers for there product line. (Kaspersky) Protection from†¦ Viruses and spyware Infected websites Hacker attacks Spam and phishing Identity theft Features Comparison Virus and vulnerability scanner Proactive protection against programs based on their behaviour Restriction of access to private data by suspicious programs Application control Safe run mode (sandbox) to test questionable programs Network Protection Two-way personal firewall Secure wireless connections in public areas Email Protection Real-time scanning of email Anti-spam, Anti-phishing Web Protection Virtual keyboard to safely enter sensitive data Removal of Internet activity (history, cookies, etc) Parental Control Kaspersky Antivirus Kaspersky Internet Security Viruses and spyware Yes Yes Infected Websites Yes Yes Hacker attacks No Yes Spam and phishing No Yes Identity theft No Yes Virus and vulnerability scanner Yes Yes Proactive protection against programs based on their behavior Yes Yes Restriction of access to private data by suspicious programs No Yes Application control No Yes Safe run mode (sandbox) to test questionable programs No Yes Two-way personal firewall No Yes Secure wireless connections in public areas No Yes Real-time scanning of email Yes Yes Anti-spam, Anti-phishing No Yes Virtual keyboard to safely enter sensitive data Yes Yes Removal of Internet activity (history, cookies, etc) Yes Yes Parental Control Yes Yes As you can see from the previous lists, there is a difference in what the manufacturers of these programs offer. They all offer virus and spyware on their basic applications. If you want more features/protection you are going to have to spend the extra money to obtain those features/protection. All of these versions of Antivirus software offer real-time protection and do regular scans. Kind of a behind the scenes scan. Which is a good feature to have, knowing that most users just want it there to do its own thing, kind of like knowing it is protecting you but dont want to have to deal with it. Norton and Kaspersky offer protection for one year. At the end of that year you have to spend more money before you can obtain more updates from them. The good thing about Bitdefender is that when you purchase a subscription from them you get it for 2 years. S