History of antivirus software

Keywords: antivirus software overview, antivirus technology history

Antivirus Software

History of Antivirus Software

There are competing claims for the innovator of the first antivirus product. Possibly the first publicly documented removal of a computer virus in the wild was performed by Brent Fix in 1987. An antivirus program to counter the Polish MKS virus was released in 1987. Dr. Solomon’s Anti-Virus Toolkit, AIDSTEST and AntiVir were released by in 1988. Dr. Ahn Chul Soo (Charles Ahn, founder of AhnLab Inc) in South Korea also released the Anti-Virus software called ‘V1’ in June 10, 1988. By late 1990, nineteen separate antivirus products were available including Norton AntiVirus and McAfee VirusScan. Early contributors to work on computer viruses and countermeasures included Fred Cohen, Peter Tippett, and John McAfee.

Before Internet connectivity was widespread, viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable files and the boot sectors of floppy and hard disks. However, as internet usage became common, initially through the use of modems, viruses spread throughout the Internet.

Powerful macros used in word processor applications, such as Microsoft Word, presented a further risk. Virus writers started using the macros to write viruses embedded within documents. This meant that computers could now also be at risk from infection by documents with hidden attached macros as programs.

Later email programs, in particular Microsoft Outlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. Now, a user’s computer could be infected by just opening or previewing a message. This meant that virus checkers had to check many more types of files. As always-on broadband connections became the norm and more and more viruses were released, it became essential to update virus checkers more and more frequently. Even then, a new zero-day virus could become widespread before antivirus companies released an update to protect against it.

What is an Antivirus program?

An antivirus program is used as a security measure and protection tool against computer viruses. The job of an antivirus program is to scan, detect and prevent viruses. Not all antivirus programs can perform these basic tasks, but this will be discussed later on in this report.

Antivirus programs are an essential tool you must have installed on your computer or network. Antivirus programs offer real-time, on-access and on-demand protection for your computer. The way the programs works is based on the version of the antivirus program you have. Antivirus programs can be a standalone or can be included in a protection suite and are distributed in 32 and 64-bit versions on multiple operating systems such as Windows, Linux and Mac, allowing all different types of computers to be protected from malicious software.

Why is Antivirus Software Necessary?

Security is a major concern when it comes to the safety of your personal information. If someone were to access your information and use it, the consequence would be drastic. Information security is concerned with three main areas;

  • Confidentiality – people’s information should only be available to someone who has the right to view it.
  • Availability – information should only be accessible when someone needs it.
  • Integrity – information should only be modified by people who are authorized to edit it.

These concepts apply to home Internet users just as much as they would to any corporate or government network. You probably wouldn’t let a stranger look through your important documents. In the same way, you may want to keep the tasks you perform on your computer confidential, whether it’s tracking your investments or sending email messages to family and friends. Also, you should have some assurance that the information you enter into your computer remains intact and is available when you need it.

Some security risks arise from the possibility of intentional misuse of your computer by intruders via the Internet. Others are risks that you would face even if you weren’t connected to the Internet (e.g. hard disk failures, theft, power outages). The bad news is that you probably cannot plan for every possible risk. The good news is that you can take some simple steps to reduce the chance that you’ll be affected by the most common threats — and some of those steps help with both the intentional and accidental risks you’re likely to face.

Virus? What is a Virus?

Before we go on and tell you how an antivirus program scans, detects and prevents viruses and malware, lets discuss what exactly a virus is. Like its genetic equivalent, a computer virus is a program that spreads unwanted and unexpected actions through the insides of your PC. Not all viruses are malicious, but many are written to damage particular types of files, applications or even operating systems. Some examples of viruses are; Trojan horse viruses, worms, spyware, adware, rootkits, and many other types of malware.

Viruses have been around since the early 1970’s. Even though they never had an internet connection back in the 70’s viruses still infected computers by floppy disks. Yes, FLOPPY DISKS, the old 5 14″ disks. The first recorded virus was in 1971 and it was called the Creeper Virus, which was written by Bob Thomas. What the Creeper virus did was it infected a remote computer by the ARPNET and copied itself displaying the message “I’M THE CREEPER: CATCH ME IF YOU CAN!”. Ironically the “Reaper” was created to delete the Creeper. The Reaper program was not like the anti-virus programs we know today, but in fact was a virus itself in that it was self replicating and spread through a network.

How an Antivirus Program Works

The first and most important task of an antivirus program is to protect, prevent, or block any malicious activity in your computer or home and office network in real-time. The real-time protection should trigger an alert or provide automatic action whenever a suspected or positively identified malware activity is detected. Most antivirus programs will only monitor some critical areas in your computer.

When an antivirus program is installed, it will start monitoring the activity of the system by searching files that are being accessed, transferred, or stored to or from the hard disks and external/removable drives. Files that are being downloaded from the Internet are scanned. If a suspicious activity is detected, the antivirus program will automatically remove the file or stop the processes that are posing risk to your system, your contacts, or other computers or devices in on your network, unless you trust the file that you are receiving.

Read also  Facebook and Knowledge Management

Antivirus programs offer several types of detection methods to identify malware, but the most common detection methods is heuristic analysis and by using traditional virus detection (signature-based).

1. Characteristics of a program – This is called heuristics scanning. Heuristic scanning engines work on the principle that viruses will usually use certain “tricks” or methods of infecting, and therefore if a program looks like it might be using those tricks, there is a possibility that the program is a virus. Sound simple? No, not really, it’s actually incredibly hard to write a foolproof 100% effective heuristics engine. (Engine, simply put, is just a word we use to describe the bit that drives the virus detector and compares files to the database of known infection agents) The more aggressive heuristic scanner may well detect large numbers of so called “False Positives” i.e. files that are really totally innocent but look like they might alter other files, the less aggressive ones might miss files that really are viruses. A method of heuristic analysis is for the anti-virus program to decompile the suspicious program, and then analyze the source code contained within. In reality heuristics work quite well for some types of viruses, such as Macro Viruses, but not so well for other types. However, they are a reasonable attempt at providing protection against currently unknown viruses. The advantage to this method is the fact that there is no time period when the computer is not protected after specific viruses are released. The disadvantages include the fact that false positives may occur and some viruses may not be identified during the length of a scan. The first heuristic engines were introduced to detect DOS viruses in 1989. However, there are now heuristic engines for nearly all classes of viruses.

2. Footprint or Signature-based detection of virus program – A virus signature is a particular pattern of ‘bits’ or information contained in a virus that appears in no other file or program in the world, except for that virus. This method is the most common method used to identify viruses and false positives are very rare. It compares the virus footprint against a library of known footprints which match viruses. A footprint is a pattern in the data included in a file. Using this method, viruses must be identified as viruses, and then added to the library of footprints. The advantage to this method lies in the fact that false positives are very rare. The disadvantage to this method is the fact that there is a time period between when the virus is released to when the library of known footprints is updated. During this time period, the virus will not be recognized and could infect a computer.

How do antivirus programs rate possible risk?

Antivirus programs use a threat level index to determine what type of action to take. If the program is adware only, most antivirus programs will display a dialog box to inform the user why a program or related file of an adware program was detected. If the detected object is posing security and privacy risks, the threat level is medium, high, or severe. The threat level ratings by antivirus programs are not all the same. Some antivirus programs may not detect or even scan for tracking cookies. Some of these are installed when legitimate software downloaded from third-party websites is bundled with another installer from a company that is known to have a spyware or adware business.

Quarantine and False Positives in Antivirus Programs

Antivirus programs work also by quarantining suspect and malware files. This process is to prevent the offending objects from doing any damage in the system and to allow the end-user to restore back a quarantined object to its original location if it is found to be a false positive.

A false positive detection is when a malware signature detected an uninfected file or process. In some cases, a false positive can cause a system to not to boot or run properly. If another program is affected by the false detection, the system will run normally, but not the program that the Antivirus have falsely identified and removed.

Types of Antivirus Programs That Are Available

On the following page there is a list, in alphabetical order, of some the companies who provide Antivirus programs and the platforms on which they are supported.

Company

Windows

Apple

Linux

Mobile

Free?

AntiVir

Yes

No

Yes

No

Yes

AVG

Yes

No

No

No

Yes

Avira

Yes

No

Yes

Yes

Yes

BitDefender

Yes

No

Yes

Yes

No

ClamWin

Yes

No

No

No

Yes

ESET NOD32

Yes

No

Yes

Yes

No

F-Prot

Yes

No

Yes

No

No

Kaspersky

Yes

Yes

Yes

Yes

No

McAfee

Yes

Yes

Yes

Yes

No

MSE

Yes

No

No

No

Yes

Network Associates

Yes

Yes

Yes

Yes

No

Panda Software

Yes

No

Yes

No

No

RAV

Yes

Yes

Yes

No

No

Sophos

Yes

Yes

Yes

No

No

Symantec (Norton)

Yes

Yes

Yes

Yes

No

Trend Micro

Yes

No

No

Yes

No

Vipre

Yes

No

No

No

No

Webroot

Yes

No

No

No

No

Antivirus Software

Now that you have a basic understanding of how an antivirus program works and why you need one, here are some examples of three of the main antivirus programs available today. The main three that this report is going to discuss is Norton, Bitdefender, and Kaspersky. There are different types of antivirus programs available for each manufacturer and the following information is going to discuss these types of programs.

Norton by Symantec

Norton offers 3 antivirus programs;

  • Norton Antivirus
  • Norton Internet Security
  • Norton 360

Here is a full list of what Norton by Symantec offers for their product line. (Symantec)

Core Protection

  • Blocks viruses, spyware, Trojan horses, worms, bots, and rootkits
  • Defends against hackers with quiet two-way firewall
  • Pulse updates every 5 – 15 minutes for up-to-the minute protection

Advanced Protection

  • Norton Bootable Recovery Tool repairs, restores and boots severely infected, unbootable PCs
  • Leverages cloud-based online intelligence for real-time detection of threats
  • Download Insight proactively warns of potential dangers in newly downloaded files and applications before you install or run them
  • Guards against Web attacks that exploit software vulnerabilities
  • Stops threats unrecognized by traditional antivirus techniques
  • Filters unwanted email with professional-strength antispam
  • Helps keep your kids safe online with parental controls (Microsoft Windows only)
Read also  Impact of E-Commerce on Amazon

Networking

  • Helps secure and monitor your home network
  • Automatically secures your PC when connecting to public wireless networks

Identity Protection

  • Block hackers from accessing your computer
  • Blocks phishing websites and authenticates trusted sites
  • Secures, stores, and manages login and personal information
  • Prevents hackers from eavesdropping and stealing information as you type
  • Identifies unsafe Web sites in your search results

Backup and Restore

  • Automatically saves important files locally or to secured online storage
  • Restores lost files and folders

PC Tuning

  • Optimizes the hard drive to free up disk space
  • Optimizes PC performance with disk cleanup
  • Provides clear insight into recent PC activities to help prevent slowdowns
  • Optimizes application performance with one-click

Support

  • Free email, chat, or phone support
  • Automatically finds and fixes common PC problems

The following is a table of what exactly the three antivirus programs from Norton offer.

 

Norton Internet Security

Norton 360

Norton Antivirus

Blocks viruses, spyware, Trojan horses, worms, bots, and rootkits

Yes

Yes

Yes

Defends against hackers with a quiet two-way firewall

Yes

Yes

No

Pulse updates every 5-15 minutes for up-to-the minute protection

Yes

Yes

Yes

Intelligence-driven technology for faster, fewer, shorter scans

Yes

Yes

Yes

Norton Bootable Recovery Tool repairs, restores and boots severely infected, unbootable PCs

Yes

Yes

Yes

Leverages cloud-based online intelligence for real-time detection of threats

Yes

Yes

Yes

Download Insight proactively warns of potential dangers in newly downloaded files and applications before you install or run them

Yes

Yes

Yes

Guards against Web attacks that exploit software vulnerabilities

Yes

Yes

Yes

Stops threats unrecognized by traditional antivirus techniques

Yes

Yes

Yes

Filters unwanted email with professional-strength antispam

Yes

No

No

Helps keep your kids safe online with parental controls (Microsoft Windows only)

Yes

Yes

No

Helps secure and monitor your home network

Yes

Yes

No

Automatically secures your PC when connecting to public wireless networks

Yes

Yes

No

Block hackers from accessing your computer

Yes

Yes

No

Blocks phishing websites and authenticates trusted sites

Yes

Yes

No

Secures, stores, and manages login and personal information

Yes

Yes

No

Prevents hackers from eavesdropping and stealing information as you type

Yes

Yes

No

Identifies unsafe Web sites in your search results

Yes

Yes

No

Automatically saves important files locally or to secured online storage

No

Yes

No

Restores lost files and folders

No

Yes

No

Optimizes the hard drive to free up disk space

No

Yes

No

Optimizes PC performance with disk cleanup

No

Yes

No

Provides clear insight into recent PC activities to help prevent slowdowns

Yes

Yes

Yes

Optimizes application performance with one-click

Yes

Yes

Yes

Free email, chat, or phone support

Yes

Yes

Yes

Automatically finds and fixes common PC problems

Yes

Yes

Yes

Bitdefender

Bitdefender’s product line for antivirus software is;

Bitdefender Antivirus

Bitdefender Internet Security

Bitdefender Total Security

Here is a list of what Bitdefender offers for there product line. (Bitdefender)

Protection

  • Antivirus
  • Protects against viruses and other malware with industry-leading technology
  • Multi-layered proactive protection against new and unknown threats
  • Antispyware
  • Blocks concealed programs that track your online activities
  • Antiphishing
  • Blocks web pages that attempt to steal your credit card data
  • Antispam
  • Stops unwanted e-mails from reaching your Inbox
  • Firewall
  • Automatically secures your Internet connection wherever you are
  • Helps prevent outsiders form accessing your Wi-Fi network

Performance

  • Special Operating Modes
  • Game Mode reduces system load & postpones scans
  • Laptop Mode prolongs battery life
  • Tune-up
  • Removes unnecessary files & registry entries, for optimized performance

Privacy

  • IM Encryption
  • Keeps your conversations private on Yahoo! And MSN Messenger
  • File Vault
  • Locks up confidential files in an encrypted vault
  • File Shredder
  • Ensures that no traces of deleted sensitive files remain on your PC

Control

  • Parental Control
  • Blocks access to inappropriate websites and e-mail
  • Limits kids’ access to the Internet, games, etc… to specific times
  • Home Network
  • Manages the security of your entire network from a single location
  • Data Backup
  • Automatically backs up files and folders

The following is a table of what exactly the three antivirus programs from Bitdefender offer.

 

Bitdefender Antivirus

Bitdefender Internet Security

Bitdefender Total Security

Antivirus

Yes

Yes

Yes

Antispyware

Yes

Yes

Yes

Antiphishing

Yes

Yes

Yes

Antispam

No

Yes

Yes

Firewall

No

Yes

Yes

Special Operating Modes

Yes

Yes

Yes

Tune-up

No

Yes

Yes

IM Encryption

No

Yes

Yes

File Vault

No

Yes

Yes

File Shredder

No

No

Yes

Parental Controls

No

Yes

Yes

Home Network

Yes

Yes

Yes

Data Backup

No

No

Yes

Kaspersky

Kaspersky’s product line for antivirus software is;

Kaspersky Antivirus

Kaspersky Internet Security

Here is a list of what Kaspersky offers for there product line. (Kaspersky)

Protection from…

  • Viruses and spyware
  • Infected websites
  • Hacker attacks
  • Spam and phishing
  • Identity theft

Features Comparison

  • Virus and vulnerability scanner
  • Proactive protection against programs based on their behaviour
  • Restriction of access to private data by suspicious programs
  • Application control
  • Safe run mode (sandbox) to test questionable programs

Network Protection

  • Two-way personal firewall
  • Secure wireless connections in public areas

Email Protection

  • Real-time scanning of email
  • Anti-spam, Anti-phishing

Web Protection

  • Virtual keyboard to safely enter sensitive data
  • Removal of Internet activity (history, cookies, etc)
  • Parental Control
 

Kaspersky Antivirus

Kaspersky Internet Security

Viruses and spyware

Yes

Yes

Infected Websites

Yes

Yes

Hacker attacks

No

Yes

Spam and phishing

No

Yes

Identity theft

No

Yes

Virus and vulnerability scanner

Yes

Yes

Proactive protection against programs based on their behavior

Yes

Yes

Restriction of access to private data by suspicious programs

No

Yes

Application control

No

Yes

Safe run mode (sandbox) to test questionable programs

No

Yes

Two-way personal firewall

No

Yes

Secure wireless connections in public areas

No

Yes

Real-time scanning of email

Yes

Yes

Anti-spam, Anti-phishing

No

Yes

Virtual keyboard to safely enter sensitive data

Yes

Yes

Removal of Internet activity (history, cookies, etc)

Yes

Yes

Parental Control

Yes

Yes

Read also  Information In The Digital Economy The Digital Information Technology Essay

As you can see from the previous lists, there is a difference in what the manufacturers of these programs offer. They all offer virus and spyware on their basic applications. If you want more features/protection you are going to have to spend the extra money to obtain those features/protection.

All of these versions of Antivirus software offer real-time protection and do regular scans. Kind of a behind the scenes scan. Which is a good feature to have, knowing that most users just want it there to do its own thing, kind of like knowing it is protecting you but don’t want to have to deal with it.

Norton and Kaspersky offer protection for one year. At the end of that year you have to spend more money before you can obtain more updates from them. The good thing about Bitdefender is that when you purchase a subscription from them you get it for 2 years. So for the price of one year from Norton or Kaspersky, you get 2 years from Bitdefender. That’s a good deal right? 2 for the price of 1? If you factor in how the program actually works you may begin to think that it’s not that good of a deal. Bitdefender is a good Antivirus program, but it’s not really the type of program you want to use if your not very computer savvy.

Bitdefender has a lot of features that can potentially shut down your computer from having any network traffic at all. Also there is a known issue with Bitdefender and Microsoft’s Service Pack 2 for Vista. If you try and install SP2 while Bitdefender is installed on your machine, your computer will loop from installing and update and restarting over and over again. Also the install, of Bitdefender, takes about 30 to 40 minutes from start to completion. Who wants to sit around and watch a program install for that amount of time.

As stated before Norton offers protection for only one year. Norton makes up for only having one year of protection by the how user friendly it is. The new versions of Norton (2010 versions) install in less than a minute. Hard to believe? It’s true, it does install in under 1 minute.

The features available on these new versions are extremely user friendly. Even if you are a first time computer user, you will be able to use these programs. Previous version of Norton were, as some would call, “A recourse hog”, meaning that while Norton was running it made your computer run very slow. That’s not the case anymore. These new version uses less than 8mb of memory. Seriously that’s true, you don’t even know that Norton is running a scan in the background.

Why Viruses Can Sometimes Elude Antivirus Programs

A stealth virus is one that conceals the changes it makes. This is done by taking control of system functions that interpret files or system sectors. When other applications request data from portions of the system modified by the virus, the infection reports back the accurate, unchanged data, instead of the malicious code. In order for this to occur, the virus must be actively present in the memory.

It is important to know that many viruses not only hide, but encrypt the original data they have infected. Some victims may use traditional DOS commands such as FDISK/MBR or SYS to fix the problem, an instance that could make things much worse. If the virus is overwritten with FDISK/MBR, the hard drive will have no way to recognize what’s in the partition table and cannot access the encrypted data without aid of the virus. For this reason, anti-virus software is recommended to eradicate a stealth virus rather than self maintenance.

Virus coders mainly use the stealth approach to elude virus scanners. Those that have not been designed to do so, because the malicious code is fairly new or the user’s anti-virus software isn’t up to date, are often described as stealth viruses as well. The stealth technique is a contributing factor to why most anti-virus programs function best when the system is booted from a clean CD or floppy disk. By doing this, the infection is not able to seize control of the system and the changes it makes can be exposed and immediately dealt with.

In general, a stealth virus will hide itself in system memory every time a program scanner is run. It employs various techniques to hide any changes so that when the scanner looks for altered sections, the virus redirects it to any area that contains the clean, uninfected data. A more advanced anti-virus program can detect a stealth virus by searching for evidence of changes within system sectors along with areas that are more susceptible to attack, regardless of how it is booted.

Some cannot even be detected by state of-the-art anti-virus software. These “stealth” viruses often attack the antivirus software itself. Others, called “mutation engine” viruses, elude the immune systems and create mutated forms of themselves, multiplying hundreds, even thousands of times. Each new mutated form is different. Even if it’s detected, only that particular form can be eradicated. All others must be individually located and killed.

Even those you’d least expect to be vulnerable-computer software companies themselves–are not immune. Lotus Development Corp., for one, was red-faced at a recent conference, when a virus infected and crashed the computer network it was using. In this particular case, the virus functioned like a series of letter bombs. Each time a user opened his or her mail the server crashed.

In some extreme cases, the only solution is to “burn” (in other words, reformat) the infected disks and start over. Reformatting the disks wipes out the virus (unless, of course, it attaches itself to the format program).

The problems don’t necessarily stop there. For instance, what if the virus was backed up accidently on a backup disk? Unfortunately, you then recover both the virus and the good programs and data. On its appointed date it then comes alive and creates the same problems as before. Since this scenario doesn’t even cross most bankers’ minds unless they’ve been “burned” in the past, it is all too common.

Norton Antivirus

Norton Internet Security –

Norton 360

8 | Page

Order Now

Order Now

Type of Paper
Subject
Deadline
Number of Pages
(275 words)