Discover more from Lukewarm Security Info
What are they: Antivirus
This week we take a look into what antivirus software is and how it works.
Antivirus is a type of computer software that is designed to find and block viruses like ransomware or other malicious programs. While different antivirus software implements different methods to protect a users device, there’s typically always a scanning and blocking method for protecting a device.
How does antivirus protect my device?
Scanning is typically in the form of a Full-System Scan or similar, where each file is hashed (like how passwords are hashed) and their hash output (fingerprint) is compared to a list of known bad hashes.
In less-technical terms, each file has a unique fingerprint. This fingerprint does not change unless the file contents change. It’s the equivalent of the antivirus software having a database of fingerprints of all the criminals, and then grabbing the fingerprint of every file. If the file’s fingerprint is in the database, then it’s flagged as a bad file (and sometimes deleted).
Whenever a new file is downloaded, (sometimes) when a website is visited, or an external storage device is connected (like a USB), the antivirus scans the file/s to make sure that none of them have a bad fingerprint (hash value).
Even if the file’s fingerprint isn’t in the database, sometimes the file will still be flagged if it comes from a known bad website (server) or the filename is similar to known virus filenames.
What devices can get antivirus software?
All major operating systems (Windows, Mac, Linux, iOS etc.) have access to some form of antivirus software.
For some operating systems like iOS, however, the extent at which they can function is limited because of the inbuilt security features of these operating systems - basically, everything is run in it’s own isolated container.
This is good because it means that malicious applications can’t access your files (like photos) without access being explicitly given to them. But this also means that antivirus software can’t access everything it needs to to do deep scans of the device.
Deep Scans are essentially scans of all of the files found on the device.
Do I need antivirus software?
Antivirus software is an essential security tool needed on your device. While there are inbuilt security components (like Windows Defender), these are not sufficient to properly protect your device.
Since antivirus is available on all devices, you should be getting antivirus on all of your devices - not just to protect the device that it’s on, but also to protect other devices.
Viruses are usually designed to target one specific operating system. With this, it’s somewhat common for someone on a Mac computer to download a Windows virus. The Windows virus might not infect their computer, but when they take their Mac to their friends house, it might infect their friend’s Windows computer. The Antivirus software would detect the Windows virus and delete it even if it isn’t infecting the Mac computer, inevitably protecting their friend’s Windows computer.
Antivirus is a type of software that scans for and blocks viruses on a device. They’re available on almost all operating systems and it’s highly recommended that everyone installs antivirus on ALL of their devices.
Bitdefender is currently the highest performing (as of November 2022) antivirus software (detection score). Kaspersky is also rated highly but is not recommended due to it’s ties with Russia, likely resulting in a lack of detection of Russian viruses. Check out https:// www.av-test.org/en/ for up-to-date antivirus software ratings.