Anti virus

format_list_bulleted Contenido keyboard_arrow_down
ImprimirCitar
Antivirus is software that aims to detect and eliminate computer viruses.

The antivirus are programs whose objective is to detect and eliminate computer viruses. Over time, antiviruses have evolved towards more advanced programs that, in addition to searching for and detecting computer viruses, manage to block them, disinfect files and prevent an infection of these. They are currently capable of recognizing other types of malware, such as spyware, worms, Trojan horses, rootkits and pseudoviruses.

History

One of the first documented antiviruses was the one made on purpose by Omri and Rakvi (Hebrew University of Jerusalem) to combat the Jerusalem virus in 1987. They later added detection for other computer threats and founded the company BRM. The software was sold to Symantec (now called NortonLifeLock); in the following years Check Point invested a large amount of money to develop more virus software options.

Operation

Antiviruses use different types of mechanisms to detect viruses. As Frederick Cohen demonstrated, no method is totally effective in identifying a virus. The types of mechanisms most used by antiviruses to detect viruses are:

  • Based on Signature of viruses: The antivirus has a database in which it stores virus signatures. In the past these signatures were hashes that tried to adjust all the files of the analyzed computer. This measure is easy to circumvent by changing any code instruction and the resulting hash would not coincide with any database signature. It did not take long to sophisticate that technique and began to try to search for a sequence of concrete bytes in each sample of malware you should know that part of the code is with which your binary has been identified to modify it and not be detectable. It is common to use Yara rules to declare specific patterns to detect a malware concrete. To fight these signatures in the malware encoders were used to modify the entire binary code. Examples of encoders are the basic XOR or Metasploit’s “Shikata ga nai” that added a layer of polymorphism, generating a different bit string every time the encoding occurs. The packers also emerged that encapsulated the code into the binary and encrypted it, so that the firms were not able to be useful. The weakness of these systems is that the code must add the necessary instructions for the unpackaged code and that can generate signatures that identify a binary as potentially malicious.
  • Based on Heuristic detection: It consists of scanning files looking for code patterns that resemble those used in viruses. An exact match with a stored virus signature is no longer required if not more general similarities are sought using algorithms.
  • Based on Conduct detection: consists of scanning the system after detecting a failure or malfunction. This mechanism can usually be detected software already identified or not, but it is a measure used after infection.
  • Based on the Detection by sandbox (or sandbox): consists of running the software in virtual machines and determine whether software execute malicious instructions or not. Although this mechanism is safe, it takes enough time to run the tests before running the software in the real machine.
  • Based on the Detection by artificial intelligence: consists of the use of artificial intelligence technologies to detect malicious behavior. Examples of anti-virus that these technologies are MIT AI2 (developed by MIT and IBM Watson for Cyber Security (developed by IBM).
  • Based on Commitment indicators (IDC): Once the IDCs have been identified they can be used for early detection of attack attempts using anti-virus systems.

Antiviruses traditionally run on the scanned system and use the network to update its software and data. What antiviruses in the cloud do is delegate most of the antivirus processing to the cloud. A decision must be established as to which processes are important enough to include them in the local client without saturating and which should remain on a server in the cloud. The main advantages are: faster access to software updates and data (not relying on manual updates or scheduled automatic updates), the The antivirus client on the computer to be analyzed is much smaller and requires little processing, leaving resources for our use, ease of use and installation. The main disadvantages are: dependence on the connection, possible privacy problems when sending data to the cloud and possible source of secondary infection when uploading data to the cloud.

Planning

Planning consists of having a contingency plan prepared in case a virus emergency occurs, as well as having the personnel adequately trained to minimize actions that may present any type of risk. Each antivirus can plan the defense in a way, that is, an antivirus can do a full, fast or vulnerability scan as the user chooses.

Software Considerations

The software is another of the key elements in the planning part. The following checklist should be considered for your safety:

  1. Have the softwareindispensable for the operation of the activity, never less but no more. Have control of the staff in the installation software is a measure that goes implicit. Also, have control of the software ensures the quality of the origin of this (no pirate software should be allowed or without guarantees). In any case an inventory software provides a correct method of ensuring relocation in case of disaster.
  2. Have the software adequate security. Each activity, work form, and internet connection methods require a different measure of approach to the problem. In general, domestic solutions, where there is only one exposed team, are not the same as business solutions.
  3. Quick installation methods. To allow rapid relocation in case of contingency.
  4. Secure licenses. Determined 'software They impose installation methods at once, which hinder the rapid relocation of the network. These programs don't always have alternatives, but you have to look for quick installation methods with the manufacturer.
  5. Find safer alternatives. It exists.oftware which is famous for the amount of security holes it introduces. It is essential to know if you can find an alternative that provides equal functionality, but allowing extra security.

Network Considerations

Having a clear vision of the operation of the network makes it possible to place filtering and detection verification points where the incident is more clearly identifiable. Without losing sight of other points of action, it is convenient:

  1. To maximize the number of network resources in read-only mode. This prevents infected computers from spreading them.
  2. Centralize the data. So that virus detectors in mode batch They can work at night.
  3. Perform filters firewallnetwork. Eliminate programs that share data, such as P2Ps; Keep this policy rigorously, and with the consent of management.
  4. Reduce users' permissions to a minimum, so that they only allow daily work.
  5. Control and monitor Internet access. To be able to detect in recovery phases how the virus has been introduced, and thus determine the steps to follow.

User training

This is the first network protection barrier.

Antivirus

It is advisable to have an active antivirus license. Said license will be used for the generation of recovery and emergency discs. However, continuous use of antivirus on a network is not recommended.

The reason lies in the amount of resources these programs take from the system, reducing the value of the hardware investments made. Although if the resources are sufficient, this extra security can be very useful.

However, email filters with virus detectors are essential, as this will ensure a significant reduction in choices made by untrained users that can put the network at risk.

Firewalls

Filter content and access points. Eliminate programs that are not related to the activity. Having user access to the network monitored also makes it possible to reduce the installation of 'software' that is not necessary or that may create a risk to business continuity. Its meaning is fire barrier and does not allow another unauthorized person to have access from another computer to yours.

Software Replacement

Most of the times the points of entry into the network are mail, web pages, and the entry of files from disks, or from computers outside the company.

Many of these computers use programs that can be replaced by more secure alternatives.

It is convenient to keep track of how banks distribute the software, and assess its usefulness.

Centralization and backup

The centralization of resources and guaranteeing data backup is another of the guidelines essential in the recommended security policy.

Inventories of 'software', centralization of software, and the ability to generate quick installations provide additional methods of security.

It is important to know where the information is located in the company. In this way we can make backup copies properly.

Control or separation of mobile computing, since it is more exposed to virus contingencies.

Use of more secure operating systems

To serve files, it is not convenient to have the same operating systems that are used within the workstations, since the entire network in this case is exposed to the same challenges. One way to prevent problems is to have operating systems with different architectures, which make it possible to guarantee business continuity.

Security Issues

There are ideas installed by antivirus companies part of popular culture that do not help maintain the security of information systems.

  • My system is not important for a cracker.. This topic is based on the idea that not introducing safe passwords in a company does not pose risks because "Who will want to obtain information from me?" However, since the methods of contagion are carried out through automatic programs, from one machine to another, these do not distinguish good from bad, interesting from non-interest. Therefore, opening systems and leaving them without keys is facilitating life for viruses.
  • I'm protected because I don't open files I don't know. This is false, because there are multiple forms of contagion, and programs carry out actions without the supervision of the user putting systems at risk.
  • I'm protected.. I am only protected while the antivirus knows what it is facing and how to fight it. In general, anti-virus programs are not able to detect all the possible forms of existing contagion, nor any new ones that may appear according to computers increase communication capabilities.
  • As I have a firewall I'm not contagion.. This only provides limited response capacity. The ways to get infected in a network are multiple. Some come directly from access to my system (of what protects a firewall) and other connections he made (of which he does not protect me). Using users with high privileges to make connections does not help either.

Contenido relacionado

Microsoft Access

Microsoft Access is a database management system included in the professional editions of the Microsoft Office suite. It is the successor to Embedded...

Mosaic

The Mosaic or NCSA Mosaic browser was the first graphical web browser available for viewing web pages on operating systems such as Mac, Windows or...

Bardot

Barrapunto was a news website related to free software, technology and digital...
Más resultados...
Tamaño del texto:
undoredo
format_boldformat_italicformat_underlinedstrikethrough_ssuperscriptsubscriptlink
save