About
Antivirus or anti-virus software is software used to prevent, detect and remove malware (of all descriptions), such as: computer viruses, adware, backdoors, malicious BHOs, dialers, fraudtools, hijackers, keyloggers, malicious LSPs, rootkits, spyware, trojan horses and worms. Computer security, including protection from social engineering
techniques, is commonly offered in products and services of antivirus
software companies. This page discusses the software used for the
prevention and removal of malware threats, rather than computer security implemented by software methods.
A variety of strategies are typically employed. Signature-based detection involves searching for known patterns of data within executable code. However, it is possible for a computer to be infected with new malware for which no signature is yet known. To counter such so-called zero-day threats, heuristics
can be used. One type of heuristic approach, generic signatures, can
identify new viruses or variants of existing viruses by looking for
known malicious code, or slight variations of such code, in files. Some
antivirus software can also predict what a file will do by running it in
a sandbox and analyzing what it does to see if it performs any malicious actions.
No matter how useful antivirus software can be, it can sometimes have drawbacks. Antivirus software can impair a computer's performance.
Inexperienced users may also have problems understanding the prompts
and decisions that antivirus software presents them with. An incorrect
decision may lead to a security breach. If the antivirus software
employs heuristic detection, success depends on achieving the right
balance between false positives and false negatives. False positives can be as destructive as false negatives. Finally, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack.
History
Most of the computer viruses written in the early and mid 1980s were
limited to self-reproduction and had no specific damage routine built
into the code.That changed when more and more programmers became acquainted with
virus programming and created viruses that manipulated or even destroyed
data on infected computers.
There are competing claims for the innovator of the first antivirus
product. Possibly the first publicly documented removal of a computer
virus in the wild was performed by Bernd Fix in 1987. There were also two antivirus applications for the Atari ST platform developed in 1987. The first one was G Data and second was UVK 2000.
Fred Cohen, who published one of the first academic papers on computer viruses in 1984 began to develop strategies for antivirus software in 1988[9]
that were picked up and continued by later antivirus software
developers. In 1987, he published a demonstration that there is no
algorithm that can perfectly detect all possible viruses.
In 1987 the first two heuristic antivirus utilities were released: Flushot Plus by Ross Greenberg and Anti4us by Erwin Lanting.
Also in 1988 a mailing list named VIRUS-L was started on the BITNET/EARN
network where new viruses and the possibilities of detecting and
eliminating viruses were discussed. Some members of this mailing list
like John McAfee or Eugene Kaspersky later founded software companies that developed and sold commercial antivirus software.
Before internet connectivity was widespread, viruses were typically spread by infected floppy disks.
Antivirus software came into use, but was updated relatively
infrequently. During this time, virus checkers essentially had to check
executable files and the boot sectors of floppy disks and hard disks.
However, as internet usage became common, viruses began to spread
online.
Over the years it has become necessary for antivirus software to
check an increasing variety of files, rather than just executables, for
several reasons:
- Powerful macros used in word processor applications, such as Microsoft Word,
presented a risk. Virus writers could use the macros to write viruses
embedded within documents. This meant that computers could now also be
at risk from infection by opening documents with hidden attached macros.
- The possibility of embedding executable objects inside otherwise
non-executable file formats can make opening those files a risk.
- Later email programs, in particular Microsoft's Outlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. A user's computer could be infected by just opening or previewing a message.
As always-on broadband connections became the norm, and more and more
viruses were released, it became essential to update virus checkers
more and more frequently. Even then, a new zero-day virus could become widespread before antivirus companies released an update to protect against it.
From Wikipedia
