Support Center

Security Solution

 

Antivirus software

Antivirus, anti-virus, or AV software is computer software used to prevent, detect and remove malicious computer viruses. Most software described as antivirus also works against other types of malware, such as malicious Browser Helper Objects(BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers,fraudtools, adware and spyware. Computer security, including protection from social engineering techniques, is commonly offered in products and services of antivirus software companies. This page discusses the software used for the prevention, detection, and removal of malware threats, rather than computer security implemented by software methods.

A variety of strategies are typically employed. Signature-based detection involves searching for known patterns of data withinexecutable code. However, it is possible for a computer to be infected with new malware for which no signature is yet known; and malware is often modified to change its signature without affecting functionality. To counter such so-called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify variants by looking for slight variations of known malicious code in files. Some antivirus software can also predict what a file will do by running it in asandbox and analyzing what it does to see if it performs any actions which could be malicious.

Antivirus software has some drawbacks. It can impair a computer's performance. Inexperienced users can be lulled into a false sense of security when using the computer, considering themselves to be totally protected, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, it must be fine-tuned to minimize misidentifying harmless software as malicious (false positive). Antivirus software itself usually runs at the highly trusted kernel level of the operating system to allow it access to all the potential malicious process and files, creating a potential avenue of attack

 

Identification method

One of the few solid theoretical results in the study of computer viruses is Frederick B. Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses. 

There are several methods which antivirus software can use to identify malware:

• Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. 

• Heuristic-based detection like malicious activity detection, can be used to identify unknown viruses.

• File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.

Signature-based detection

Traditionally, antivirus software heavily relied upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained and signatures created. Because of this, signature-based approaches are not effective against new, unknown viruses.

As new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary. 

Although the signature-based approach can effectively contain virus outbreaks, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary. 

Heuristics

Some more sophisticated antivirus software uses heuristic analysis to identify new malware or variants of known malware.

Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition. For example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct categories, Trojan.Vundo and Trojan.Vundo.B. 

While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code. A detection that uses this method is said to be "heuristic detection."

Rootkit detection

Main article: Rootkit

Anti-virus software can attempt to scan for rootkits; a rootkit is a type of malware that is designed to gain administrative-level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases can tamper with the anti-virus program and render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-installation of the operating system. 

Real-time protection

Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, anti-spyware, and other anti-malware programs. This monitors computer systems for suspicious activity such as computer viruses, spyware, adware, and other malicious objects in 'real-time', in other words while data loaded into the computer's active memory: when inserting a CD, opening an email, or browsing the web, or when a file already on the computer is opened or executed

 

DLP

 

Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside of the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.

Adoption of DLP, variously called data leak prevention, information loss prevention or extrusion prevention, is being driven by insider threats and by more rigorous state privacy laws, many of which have stringent data protection or access components.

DLP software products use business rules to examine file content and tag confidential and critical information so that users cannot disclose it. The software can be useful for identifying and tagging well-defined content (such as Social Security or credit cards numbers) but tends to fall short when an administrator is trying to identify other sensitive data such as intellectual property. To implement enterprise DLP software successfully, personnel from all levels of management need to be actively involved in creating the business rules for tags.

Once DLP software tools have been deployed, an end user who accidentally or maliciously attempts to disclose confidential information that's been tagged will be denied. In addition to being able to monitor and control endpoint activities, DLP tools can also be used to filter data streams on the corporate network and protect data at rest.

 

 

 

Unified threat management

Unified threat management (UTM) is a solution in the network security industry, and since 2004 it has gained currency as a primary network gateway defense solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single appliance: network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on-appliance reporting.

The worldwide UTM market was approximately worth $1.2 billion in 2007, with a forecast of 35-40% compounded annual growth rate through 2011. The primary market of UTM providers is the SMB and enterprise segments, although a few providers are now providing UTM solutions for small offices/remote offices. The term UTM was originally coined by market research firm IDC. The advantages of unified security lie in the fact that rather than administering multiple systems that individually handle antivirus, content filtering, intrusion prevention and spam filtering functions, organizations now have the flexibility to deploy a single UTM appliance that takes over all their functionality into a single rack mountable network appliance.

History

UTM solutions emerged of the need to stem the increasing number of attacks on corporate information systems via hacking/cracking, viruses, worms - mostly an outcome of blended threats and insider threats. Also, newer attack techniques target the user as the weakest link in an enterprise, the repercussions of which are far more serious than imagined.

Data security and unauthorized employee access have become major business concerns for enterprises today. This is because malicious intent and the resultant loss of confidential data can lead to huge financial losses as well as corresponding legal liabilities. It needs to be mentioned that enterprises have only now begun to recognize the fact that user ignorance can lead to security being compromised out of their internal networks. 

The main advantages of UTM solutions are simplicity, streamlined installation and use, and the ability to update all the security functions concurrently. 

The goal of a UTM is to provide a comprehensive set of security features in a single product managed through a single console. Integrated security solutions evolved as a logical way to tackle the increasingly complex blended internet threats impacting organizations.

The UTM market has shown notable growth recently with a 20.1% increase in 2009 following up a 32.2% increase in 2008, according to Frost and Sullivan.

Transition from point to integrated security solutions

Traditional point solutions, which were installed to solve major threat and productivity issues, are difficult to deploy, manage and update, which increases operational complexities and overhead costs. Instead, organizations of today demand an integrated approach to network security and productivity that combines the management of traditionally disparate point technologies.

All these disadvantages can lead to situations where organizations deploy reduced security and inferior policies at remote locations. UTM's can help overcome these problems.

How UTM secures the network

A single UTM appliance simplifies management of a company's security strategy, with just one device taking the place of multiple layers of hardware and software. Also from one single centralized console, all the security solutions can be monitored and configured.

In this context, UTMs represent all-in-one security appliances that carry a variety of security capabilities including firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management, application control and centralized reporting as basic features. The UTM has a customized OS holding all the security features at one place, which can lead to better integration and throughput than a collection of disparate devices.

For enterprises with remote networks or distantly located offices, UTMs are a means to provide centralized security with control over their globally distributed networks.

Key advantages

1. Reduced complexity: Single security solution. Single Vendor. Single AMC

2. Simplicity: Avoidance of multiple software installation and maintenance

3. Easy Management: Plug & Play Architecture, Web-based GUI for easy management

4. Reduced technical training requirements, one product to learn.

5. Regulatory compliance

Key Disadvantages

1. Single point of failure for network traffic, unless HA is used

2. Single point of compromise if the UTM has vulnerabilities

3. Potential impact on latency and bandwidth when the UTM cannot keep up with the traffic

Role of user identity

Identity-based UTM appliances are the security solutions offering comprehensive protection against blended threats. While simple UTMs identify only IP addresses in the network, identity-based UTMs provide discrete identity information of each user in the network along with network log data. They allow creation of identity-based network access policies for individual users, delivering visibility and control on the network activities. The identity-based feature of such UTMs runs across the entire feature set, enabling enterprises to identify patterns of behavior by specific users or groups that can signify misuse, unauthorized intrusions, or malicious attacks from inside or outside the enterprise. 

The strength of UTM technology is that it is designed to offer comprehensive security while being easy to manage. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behavior in the network. As identity-based UTMs do not depend on IP addresses, they provide comprehensive protection even in dynamic IP environments such as DHCP and WI-Fi and especially in a scenario where multiple users share the same computer.[3]

Regulatory compliance

One feature of UTM appliances is that they provide security technology that can handle the increasingly regulatory environment across the world. Regulatory compliances like HIPAA, GLBA, PCI-DSS, FISMA, CIPA, SOX, NERC, FFIEC require access controls and auditing that meet control data leakage. UTMs that provide identity-based security give visibility into user activity while enabling policy creation based on the user identity, meeting the requirements of regulatory compliances.

Identity-based UTMs deliver identity-based reports on individual users in the network. This offers short audit and reporting cycles and facilitate the meeting of regulatory compliance requirements in enterprises.

 

Enterprise Antivirus

With progressively more consumer technology entering the enterprise, the challenge to secure and protect business information across the multitude of devices is upon us. Today's enterprise antivirus solutions are designed to handle sophisticated threats and support more endpoint devices. Here are four options to consider.

Antivirus solutions started with desktops, then servers. Centralized management and repositories followed quickly due to the demands of the developing enterprise. When virtualization came about, software vendors scrambled responding to the explosion of additional clients due to new hypervisor-based technologies. Now, with the growth of the mobile market and today's expanded enterprise, the traditional way of thinking of servers, company-owned desktops and mobile devices has changed. The enterprise is now facing the introduction of consumer devices coming into the enterprise space. In fact, over the last ten years, it is now the consumer market that is driving change in the corporate infrastructure. One only needs to look at the past successes of BlackBerry and Apple to see which types of devices companies were deploying more of. However, using consumer tech in the enterprise space does come with additional challenges, as it often does not have many of the security and management components required by the enterprise.

Both consumer and enterprise mobile devices are only one part of the challenge; with BYOD, managing and enforcing security on personally owned devices comes into question and completes the challenge. All of these concerns are brought to light as the next generation of professionals have the expectation of being able to use all of the mobile, cloud and consumer tools that they have been exposed to. The enterprise could say no, but then the organization runs the risk of losing quality talent to a rival that has little or less stringent policies for BYOD, consumer and cloud offerings, or worse yet, not properly protecting itself from a security or managerial headache. So it becomes a choice of embracing change or risking exposure, ill reputation or extinction. While enterprises are deciding on policies, security vendors have already made the decision that they need to provide the ability to secure both the data center and the consumer-influenced mobile and services space.

Each vendor continues to have key strengths that allow it to be uniquely positioned in the antivirus marketplace. Licensing options are flexible enough to allow customization to fit existing SMB and enterprise spaces. All of the prices listed in this article are base prices and are typically open to volume discounts and and can differ if additional features are included.

Feature-wise, one thing is very clear; antivirus tools are no longer based on the simple, definition-based file scanning. Today's IT threats are more sophisticated than ever before, more endpoint devices are potentially exposed to attacks, and not only does a business need tools to find these threats but also management features are required to allow the enterprise to quickly identify, stop and prevent them.

 

 

Buy Antivirus

Between office computers, home computers, and smartphones, modern folk can stay connected to the Internet 24/7. At any time, day or night, we can check stocks, look up movie details, play games... the possibilities are endless. Remember, though, that the connection runs both ways. Hazards range from widespread spam and random drive-by downloads to targeted "spear phishing" attacks aimed squarely at a specific target. Security software defends your devices and your data from attack. What should you buy?

Cross-Platform Multi-Device Security Suites
If you'd rather spend time using and enjoying your devices than fooling around with protection, one of the modern cross-platform multi-device security suites will do the job. Quite a few have come out in the last six months; which you choose will depend on several factors.

First, naturally you want a product that will protect all of the device types you own. All of the contenders will protect PCs, Macs, and Android devices.

Online management of your devices and licenses is another point of distinction.

PC Security Suites
A standard security suite will protect your PCs, typically up to three of them. Every suite needs to offer antivirus and firewall protection. Most add spam filtering, parental control, and some form of privacy protection. Prices don't vary all that widely among product with different feature sets, so be sure to select a suite that includes every feature you need.

Integration is the main reason to choose a suite rather than a collection of individual tools. You can check and manage all security issues in one place. And, of course, a well-integrated suite should have less impact on performance than a collection of separate processes.

Mega-Suites with Backup
Some of the larger security vendors offer a higher tier of suite protection, with backup to protect important files and tune-up features that can keep your PC running efficiently.

Avoid a mega-suite that only offers local backup, without an online option. The set-and-forget nature of online backup means you actually will back up your files, while tedious local backup routines are often abandoned. Tune-up features like cleanup of unwanted file and Registry items should spell out what they're going to do, or spell out what they did with the option to reverse any problems.

Compare Antivirus

With all the NSA, Edward Snowden, and Heartbleed stories in the news, security is arguably the tech story of the year. But while these big glitzy stories are grabbing most of the attention, the most important thing you, the consumer, can do, is to perform the decidedly unglamorous but vital task of securing your own machines. And that means antivirus. All the big players have got 2014 edition products out, and some are even starting to ship 2015 editions! Many of the latest versions have morphed their appearance to match the Windows 8 style, tile-based and touch-friendly. Others remain unchanged, perhaps hoping to attract users by keeping the same familiar face.

Whether they look the same or not, most of the same products retain their positions at the top of the heap. Here are the best from the current crop of antivirus products.

 

Independent Lab Tests

We spend hours or days with every product performing hands-on testing, but the independent antivirus labs have whole squads of researchers for even more in-depth testing.We follow a half-dozen labs that perform ongoing tests and that make their results public: AV-Test, AV-Comparatives, Dennis Technology Labs, ICSA Labs, Virus Bulletin, and West Coast Labs.

 

We take independent testing quite seriously, and we recently worked up a new system to evaluate each product in light of its lab results. We've identified five important categories: detection, cleaning, protection, false positives, and performance. When there's enough data from the labs, we use it to calculate a star rating in each category, and an overall rating.

 

Home Antivirus

 Antivirus software is designed to detect, prevent, and remove malicious software, aka malware. The classification of malware includes viruses, worms, trojans, and scareware, as well as (depending on the scanner) some forms of potentially unwanted programs (such as adware and spyware).

At its core, antivirus software provides signature-based detection of malware (malicious software). A virus signature (aka pattern) is based on a unique segment of code within the malware, typically checksummed/hashed and distributed in the form of antivirus signature (aka pattern) updates.

Since its start in the late 1980s, antivirus software has evolved along with the threats that it protects against. As a result, today’s static signature (pattern-matching) detection is often bolstered with more dynamic behavioral-based and intrusion prevention technologies.

Antivirus software is often the subject of contentious debate. The most common themes are disagreement over free versus paid antivirus, the assumption that signature detection is ineffective, and the conspiracy theory that accuses antivirus vendors of writing the malware the scanners are designed to detect. Following is a brief discussion of each of these arguments.

Free Versus Fee
Antivirus software is sold or distributed in many forms, from standalone antivirus scanners to complete Internet security suites that bundle antivirus with a firewall, privacy controls, and other adjunct security protection. Some vendors, such as Microsoft, AVG, Avast, and AntiVir offer free antivirus software for home use (sometimes extending it for small home office – aka SOHO – use as well).

Periodically, debates will ensue as to whether free antivirus is as capable as paid antivirus. A long term analysis of AV-Test.org antivirus software testing suggests that paid products tend to demonstrate higher levels of prevention and removal than do free antivirus software. On the flip side, free antivirus software tends to be less feature-rich, thereby consuming fewer system resources which suggests it may run better on older computers or computers with limited system capacity.

Whether you opt for free or fee-based antivirus is a personal decision that should be based on your financial capabilities and the needs of your computer. What you should always avoid, however, are pop-ups and advertisements that promise a free antivirus scan. These ads are scareware - bogus products that make erroneous claims that your computer is infected in order to trick you into buying a fake antivirus scanner.

Signatures Can’t Keep Up
Despite its ability to effectively field the majority of malware, a significant percentage of malware can go undetected by traditional antivirus software. To counter this, a layered security approach provides the best coverage, particularly when the layered protection is provided by different vendors. If all security is provided by a single vendor, the attack surface area becomes much larger. As a result, any vulnerability in that vendor’s software – or a missed detection – can have far more adverse impact than would occur in a more diverse environment.

Regardless, while antivirus software is not a catch-all for every bit of malware out there and additional layers of security are needed, antivirus software should be at the core of any protection system you decide upon, as it will be the workhorse that deters the majority of threats with which you would otherwise have to contend.

Antivirus Vendors Write Viruses
The conspiracy theory that antivirus vendors write viruses is an old, silly, and completely unfounded notion. The accusation is akin to claiming that doctors create disease or that police rob banks in exchange for job security.

There are literally millions of malware, with upwards of tens of thousands of new threats discovered daily. If antivirus vendors wrote the malware, there would be far less of it as no one in the antivirus industry is a glutton for punishment. Criminals and attackers write and distribute malware. Antivirus vendor employees work long and arduous hours to ensure your computer is kept safe from the onslaught. End of story.