Content deleted Content added
m →1990–2000 period (emergence of the antivirus industry): spacing/spelling fix |
GreenC bot (talk | contribs) Move 3 urls. Wayback Medic 2.5 per WP:URLREQ#zdnet.com |
||
| (39 intermediate revisions by 29 users not shown) | |||
Line 1:
{{Short description|Computer software to defend against malicious computer viruses}}
{{Redirect|Antivirus|the medication|Antiviral drug}}
{{pp-move}}
{{Use mdy dates|date=January 2017}}
{{Use American English|date=March 2023}}
[[File:ClamTk 5.27.png|thumb|300px|[[ClamTk]], an open-source antivirus based on the [[ClamAV]] antivirus [[software engine|engine]], was originally developed by Tomasz Kojm in 2001.]]▼
{{Information security}}▼
▲[[File:ClamTk 5.27.png|thumb|300px|[[ClamTk]], an open-source antivirus based on the [[ClamAV]] antivirus engine, was originally developed by Tomasz Kojm in 2001.]]
'''Antivirus software''' (abbreviated to '''AV software'''), also known as '''anti-malware''', is a [[computer program]] used to prevent, detect, and remove [[malware]].
Line 30:
There are competing claims for the innovator of the first antivirus product. Possibly, the first publicly documented removal of an "in the wild" [[computer virus]] (i.e. the "Vienna virus") was performed by [[Bernd Fix]] in 1987.<ref>[https://web.archive.org/web/20090713091733/http://www.viruslist.com/en/viruses/encyclopedia?chapter=153311150 Kaspersky Lab Virus list]. viruslist.com</ref><ref>{{cite web | url = http://www.research.ibm.com/antivirus/timeline.htm | publisher = [[IBM]] | title = Virus timeline | first = Joe | last = Wells | date = August 30, 1996 | access-date = June 6, 2008| archive-url= https://web.archive.org/web/20080604011721/http://www.research.ibm.com/antivirus/timeline.htm| archive-date= June 4, 2008 | url-status= live}}</ref>
In 1987, Andreas Lüning and Kai Figge, who founded [[G Data Software]] in 1985, released their first antivirus product for the [[Atari ST]] platform.<ref name="Gdata">{{cite web|url = https://www.gdatasoftware.com/about-g-data/company-profile|title = G Data presents first Antivirus solution in 1987|access-date = December 13, 2017|last = G Data Software AG|year = 2017|url-status = live|archive-url = https://web.archive.org/web/20170315111115/https://www.gdatasoftware.com/about-g-data/company-profile|archive-date = March 15, 2017|df = mdy-all}}</ref> In 1987, the ''Ultimate Virus Killer (UVK)'' was also released.<ref name="UniqueNameOfRef">{{cite web|url = http://st-news.com/uvk-book/|title = The ultimate Virus Killer Book and Software|access-date = July 6, 2016|last = Karsmakers|first = Richard|date = January 2010|url-status = live|archive-url = https://web.archive.org/web/20160729032353/http://st-news.com/uvk-book/|archive-date = July 29, 2016|df = mdy-all}}</ref> This was the de facto industry standard virus killer for the [[Atari ST]] and [[Atari Falcon]], the last version of which (version 9.0) was released in April 2004.{{Citation needed|date=July 2016}} In 1987, in the United States, [[John McAfee]] founded the [[McAfee]] company (was part of [[Intel|Intel Security]]<ref>{{cite web|title=McAfee Becomes Intel Security|url=http://s927.t.en25.com/e/es.aspx?s=927&e=269752&elq=1610bb9546d14d169335d6b8d1b37f7c|publisher=McAfee Inc|access-date=January 15, 2014|archive-date=January 15, 2014|archive-url=https://archive.today/20140115034548/http://s927.t.en25.com/e/es.aspx?s=927&e=269752&elq=1610bb9546d14d169335d6b8d1b37f7c|url-status=dead}}</ref>) and, at the end of that year, he released the first version of [[McAfee VirusScan|VirusScan]].<ref>{{cite book| last = Cavendish| first = Marshall| title = Inventors and Inventions, Volume 4| url = https://books.google.com/books?id=YcPvV893aXgC| year = 2007| publisher = Paul Bernabeo| isbn = 978-0761477679| page = 1033}}</ref> Also in 1987 (in [[Czechoslovakia]]), Peter Paško, [[Rudolf Hrubý]], and Miroslav Trnka created the first version of [[ESET NOD32|NOD]] antivirus.<ref>{{cite web
|url = https://www.eset.com/int/about/
|title = About ESET Company
Line 123:
In 2005, [[F-Secure]] was the first security firm that developed an Anti-Rootkit technology, called ''BlackLight''.
Because most users are usually connected to the Internet on a continual basis, [[Jon Oberheide]] first proposed a [[Cloud computing|Cloud-based]] antivirus design in 2008.<ref>{{cite web|url=https://www.usenix.org/legacy/event/sec08/tech/full_papers/oberheide/oberheide_html/index.html|title=CloudAV: N-Version Antivirus in the Network Cloud|publisher=usenix.org|url-status=live|archive-url=https://web.archive.org/web/20140826115701/https://www.usenix.org/legacy/event/sec08/tech/full_papers/oberheide/oberheide_html/index.html|archive-date=August 26, 2014}}</ref>
In February 2008 McAfee Labs added the industry-first cloud-based anti-malware functionality to VirusScan under the name Artemis. It was tested by [[AV-Comparatives]] in February 2008<ref>[http://www.av-comparatives.org/wp-content/uploads/2008/01/sp_fdt_mcafee_200802_en.pdf McAfee Artemis Preview Report] {{webarchive|url=https://web.archive.org/web/20160403110306/http://www.av-comparatives.org/wp-content/uploads/2008/01/sp_fdt_mcafee_200802_en.pdf |date=April 3, 2016}}. av-comparatives.org</ref> and officially unveiled in August 2008 in [[McAfee VirusScan]].<ref>[http://library.corporate-ir.net/library/10/104/104920/items/313409/MFEFQ308Oct30Final.pdf McAfee Third Quarter 2008] {{webarchive|url=https://web.archive.org/web/20160403020632/http://library.corporate-ir.net/library/10/104/104920/items/313409/MFEFQ308Oct30Final.pdf |date=April 3, 2016}}. corporate-ir.net</ref>
Line 131:
In 2011, [[AVG (software)|AVG]] introduced a similar cloud service, called Protective Cloud Technology.<ref>{{cite web|url=http://www.avgsecurity.co.za/technology-overview |title=TECHNOLOGY OVERVIEW |website=AVG Security |access-date=February 16, 2015 |url-status=dead |archive-url=https://web.archive.org/web/20150602055929/http://www.avgsecurity.co.za/technology-overview |archive-date=June 2, 2015}}</ref>
=== 2014–present:
Following the 2013 release of the APT 1 report from [[Mandiant]], the industry has seen a shift towards signature-less approaches to the problem capable of detecting and mitigating [[Zero-day (computing)|zero-day attacks]].<ref>{{cite magazine|url=https://www.wired.com/story/mysterious-return-of-years-old-chinese-malware-apt1/|title=The Mysterious Return of Years-Old Chinese Malware|magazine=Wired|date=18 October 2018|access-date=16 June 2019|via=www.wired.com|last1=Barrett|first1=Brian}}</ref> Numerous approaches to address these new forms of threats have appeared, including behavioral detection, artificial intelligence, machine learning, and cloud-based file detonation. According to Gartner, it is expected the rise of new entrants, such [[VMware Carbon Black
As of [[Windows 8]], Windows includes its own free antivirus protection under the [[Windows Defender]] brand. Despite bad detection scores in its early days, AV-Test now certifies Defender as one of its top products.<ref>{{Cite web |author1=Paul Wagenseil |date=2016-05-25 |title=Is Windows Defender Good Enough? Not Yet |url=https://www.tomsguide.com/us/avoid-windows-defender,news-22729.html |access-date=2023-12-18 |website=Tom's Guide |language=en}}</ref><ref>{{Cite web |title=Test antivirus software for Windows 11 - October 2023 |url=https://www.av-test.org/en/antivirus/home-windows/ |access-date=2023-12-18 |website=www.av-test.org |language=en-US}}</ref> While it isn't publicly known how the inclusion of antivirus software in Windows affected antivirus sales, Google search traffic for antivirus has declined significantly since 2010.<ref>{{Cite web |title=Google Trends |url=https://trends.google.com/trends/explore?date=all&q=antivirus&hl=en |access-date=2023-12-18 |website=Google Trends |language=en-US}}</ref>
Since 2016, there has been a notable amount of consolidation in the industry. [[Avast]] purchased [[AVG AntiVirus|AVG]] in 2016 for $1.3 billion.<ref>{{Cite web |title=Avast Announces Agreement to Acquire AVG for $1.3B |url=https://press.avast.com/avast-announces-agreement-to-acquire-avg-for-13b |access-date=2023-12-18 |website=Avast Announces Agreement to Acquire AVG for $1.3B |language=en}}</ref> [[Avira]] was acquired by [[Norton AntiVirus|Norton]] owner [[Gen Digital]] (then NortonLifeLock) in 2020 for $360 million.<ref>{{Cite web |last=Lunden |first=Ingrid |date=2020-12-07 |title=NortonLifeLock acquires Avira in $360M all-cash deal, 8 months after Avira was acquired for $180M |url=https://techcrunch.com/2020/12/07/nortonlifelock-acquires-avira-in-360m-all-cash-deal-8-months-after-avira-was-acquired-for-180m/ |access-date=2023-12-18 |website=TechCrunch |language=en-US}}</ref> In 2021, the Avira division of Gen Digital acquired BullGuard.<ref>{{Cite web |author1=Daniel Todd |date=2022-02-07 |title=BullGuard to drop name in favour of Norton branding |url=https://www.itpro.com/business/business-strategy/367111/bullguard-to-drop-name-in-favour-of-norton-branding |access-date=2023-12-18 |website=channelpro |language=en}}</ref> The BullGuard brand was discontinued in 2022 and its customers were migrated to Norton. In 2022, Gen Digital acquired Avast, effectively consolidating four major antivirus brands under one owner.<ref>{{Cite web |title=NortonLifeLock Completes Merger with Avast |url=https://press.avast.com/nortonlifelock-completes-merger-with-avast |access-date=2023-12-18 |website=NortonLifeLock Completes Merger with Avast |language=en}}</ref>
== Identification methods ==
There are several methods which antivirus engines can use to identify malware:
* '''Sandbox detection''': a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a [[virtual machine|virtual environment]], logging what actions the program performs. Depending on the actions logged which can include memory usage and network accesses,<ref>{{Cite journal |last1=Lv |first1=Mingqi |last2=Zeng |first2=Huan |last3=Chen |first3=Tieming |last4=Zhu |first4=Tiantian |date=2023-10-01 |title=CTIMD: Cyber Threat Intelligence Enhanced Malware Detection Using API Call Sequences with Parameters |url=https://www.sciencedirect.com/science/article/pii/S0167404823004285 |journal=Computers & Security |volume=136 |pages=103518 |doi=10.1016/j.cose.2023.103518 |issn=0167-4048}}</ref> the antivirus engine can determine if the program is malicious or not.<ref>[https://enterprise.comodo.com/security-solutions/endpoint-protection/sandboxing.php Sandboxing Protects Endpoints | Stay Ahead Of Zero Day Threats] {{webarchive|url=https://web.archive.org/web/20150402115401/https://enterprise.comodo.com/security-solutions/endpoint-protection/sandboxing.php |date=April 2, 2015}}. Enterprise.comodo.com (June 20, 2014). Retrieved on 2017-01-03.</ref> If not, then, the program is executed in the real environment.
* '''[[Data mining]] techniques''': one of the latest approaches applied in malware detection. [[Data mining]] and [[machine learning]] algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features, that are extracted from the file itself.<ref>Kiem, Hoang; Thuy, Nguyen Yhanh and Quang, Truong Minh Nhat (December 2004) "A Machine Learning Approach to Anti-virus System", ''Joint Workshop of Vietnamese Society of AI, SIGKBS-JSAI, ICS-IPSJ and IEICE-SIGAI on Active Mining; Session 3: Artificial Intelligence'', Vol. 67, pp. 61–65</ref><ref>{{cite book|title=Data Mining Methods for Malware Detection|url=https://books.google.com/books?id=lZto6RraGOwC&pg=PR15|year=2008|isbn=978-0-549-88885-7|pages=15–|url-status=live|archive-url=https://web.archive.org/web/20170320111622/https://books.google.com/books?id=lZto6RraGOwC&pg=PR15|archive-date=March 20, 2017}}</ref><ref>{{cite book|author1=Dua, Sumeet|author2=Du, Xian|title=Data Mining and Machine Learning in Cybersecurity|url=https://books.google.com/books?id=1-FY-U30lUYC&pg=PP1|date=April 19, 2016|publisher=CRC Press|isbn=978-1-4398-3943-0|pages=1–|url-status=live|archive-url=https://web.archive.org/web/20170320093100/https://books.google.com/books?id=1-FY-U30lUYC&pg=PP1|archive-date=March 20, 2017}}</ref><ref>{{cite book|doi=10.1109/ACT.2010.33|chapter=Analysis of Machine learning Techniques Used in Behavior-Based Malware Detection|title=2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies|page=201|year=2010|last1=Firdausi|first1=Ivan|last2=Lim|first2=Charles|last3=Erwin|first3=Alva|last4=Nugroho|first4=Anto Satriyo|isbn=978-1-4244-8746-2|s2cid=18522498}}</ref><ref>{{cite book|doi=10.1145/1593105.1593239|chapter=A survey of data mining techniques for malware detection using file features|title=Proceedings of the 46th Annual Southeast Regional Conference on XX – ACM-SE 46|page=509|year=2008|last1=Siddiqui|first1=Muazzam|last2=Wang|first2=Morgan C.|last3=Lee|first3=Joohan|isbn=9781605581057|s2cid=729418}}</ref><ref>{{cite book|doi=10.1109/CCST.2003.1297626|chapter=Intelligent automatic malicious code signatures extraction|title=IEEE 37th Annual 2003 International Carnahan Conference on ''Security'' Technology, 2003. Proceedings|page=600|year=2003|last1=Deng|first1=P.S.|last2=Jau-Hwang Wang|last3=Wen-Gong Shieh|last4=Chih-Pin Yen|last5=Cheng-Tan Tung|isbn=978-0-7803-7882-7|s2cid=56533298}}</ref><ref>{{cite book|doi=10.1109/PDP.2010.30|chapter=Malware Detection by Data Mining Techniques Based on Positionally Dependent Features|title=2010 18th Euromicro Conference on Parallel, Distributed and Network-based Processing|page=617|year=2010|last1=Komashinskiy|first1=Dmitriy|last2=Kotenko|first2=Igor|isbn=978-1-4244-5672-7|s2cid=314909}}</ref><ref>{{cite book|doi=10.1109/SECPRI.2001.924286|chapter=Data mining methods for detection of new malicious executables|title=Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001|page=38|year=2001|last1=Schultz|first1=M.G.|last2=Eskin|first2=E.|last3=Zadok|first3=F.|last4=Stolfo|first4=S.J.|isbn=978-0-7695-1046-0|citeseerx=10.1.1.408.5676|s2cid=21791}}</ref><ref>{{cite book|doi=10.1145/1281192.1281308|chapter=IMDS|title=Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining – KDD '07|page=1043|year=2007|last1=Ye|first1=Yanfang|last2=Wang|first2=Dingding|last3=Li|first3=Tao|last4=Ye|first4=Dongyi|isbn=9781595936097|s2cid=8142630}}</ref><ref>{{cite journal|url=http://dl.acm.org/citation.cfm?id=1248547.1248646|title=Learning to Detect and Classify Malicious Executables in the Wild|journal=J. Mach. Learn. Res.|first1=J. Zico|last1=Kolter|first2=Marcus A.|last2=Maloof|date=December 1, 2006|volume=7|pages=2721–2744}}</ref><ref>{{cite book|doi=10.1145/1599272.1599278|chapter=Malware detection using statistical analysis of byte-level file content|title=Proceedings of the ACM SIGKDD Workshop on Cyber ''Security'' and Intelligence Informatics – CSI-KDD '09|page=23|year=2009|last1=Tabish|first1=S. Momina|last2=Shafiq|first2=M. Zubair|last3=Farooq|first3=Muddassar|isbn=9781605586694|citeseerx=10.1.1.466.5074|s2cid=10661197}}</ref><ref>{{cite journal|doi=10.1007/s11416-008-0082-4|title=An intelligent PE-malware detection system based on association mining|journal=Journal in Computer Virology|volume=4|issue=4|page=323|year=2008|last1=Ye|first1=Yanfang|last2=Wang|first2=Dingding|last3=Li|first3=Tao|last4=Ye|first4=Dongyi|last5=Jiang|first5=Qingshan|citeseerx=10.1.1.172.4316|s2cid=207288887}}</ref><ref>{{cite book|doi=10.1145/1774088.1774303|chapter=Malware detection based on mining API calls|title=Proceedings of the 2010 ACM Symposium on Applied Computing – SAC '10|page=1020|year=2010|last1=Sami|first1=Ashkan|last2=Yadegari|first2=Babak|last3=Peiravian|first3=Naser|last4=Hashemi|first4=Sattar|last5=Hamze|first5=Ali|isbn=9781605586397|s2cid=9330550}}</ref><ref>{{cite journal|doi=10.1007/s10844-010-0148-x|title="Andromaly": A behavioral malware detection framework for android devices|journal=Journal of Intelligent Information Systems|volume=38|page=161|year=2011|last1=Shabtai|first1=Asaf|last2=Kanonov|first2=Uri|last3=Elovici|first3=Yuval|last4=Glezer|first4=Chanan|last5=Weiss|first5=Yael|s2cid=6993130}}</ref>{{Excessive citations inline|reason=Only a few papers are needed for this|date=October 2021}}
Line 149 ⟶ 153:
=== Heuristics ===
Many viruses start as a single infection and through either [[
For example, the [[Vundo]] [[trojan horse (computing)|trojan]] has several family members, depending on the antivirus vendor's classification. [[NortonLifeLock|Symantec]] classifies members of the Vundo family into two distinct categories, ''Trojan.Vundo'' and ''Trojan.Vundo.B''.<ref>{{cite web|url = http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99|title = Trojan.Vundo|access-date = April 14, 2009|last = Symantec Corporation|date=February 2009| archive-url= https://web.archive.org/web/20090409002645/http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99| archive-date= April 9, 2009 | url-status=
While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using [[wildcard character]]s where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code.<ref>{{cite web|url=http://www.extremetech.com/article2/0,2845,1154648,00.asp |title=Antivirus Research and Detection Techniques |access-date=February 24, 2009 |publisher=ExtremeTech |archive-url=https://web.archive.org/web/20090227002351/http://www.extremetech.com/article2/0%2C2845%2C1154648%2C00.asp |archive-date=February 27, 2009 |url-status=live}}</ref> A detection that uses this method is said to be "heuristic detection".
Line 164 ⟶ 168:
== Issues of concern ==
=== Unexpected renewal costs ===
Some commercial antivirus software [[end-user license agreement]]s include a clause that the [[Subscription business model|subscription]] will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval. For example, [[McAfee]] requires users to unsubscribe at least 60 days before the expiration of the present subscription<ref>{{cite web|url = http://michaelkelly.blogs.com/buyingdangerously/2006/10/bad_mcafee_on_a.html|title = Buying Dangerously|access-date = November 29, 2009|last = Kelly|first = Michael|date = October 2006|url-status = live|archive-url = https://web.archive.org/web/20100715083435/http://michaelkelly.blogs.com/buyingdangerously/2006/10/bad_mcafee_on_a.html|archive-date = July 15, 2010|df = mdy-all}}</ref> while [[
=== Rogue security applications ===
Line 196 ⟶ 200:
===Effectiveness===
Studies in December 2007 showed that the effectiveness of antivirus software had decreased in the previous year, particularly against unknown or [[zero day attack]]s. The computer magazine ''[[c't]]'' found that detection rates for these threats had dropped from 40 to 50% in 2006 to 20–30% in 2007. At that time, the only exception was the [[NOD32]] antivirus, which managed a detection rate of 68%.<ref>{{cite web|work=[[The Register|Channel Register]]|url=http://www.channelregister.co.uk/2007/12/21/dwindling_antivirus_protection/|author=Goodin, Dan|title=Anti-virus protection gets worse|date=December 21, 2007|access-date=February 24, 2011|url-status=live|archive-url=https://web.archive.org/web/20110511081703/http://www.channelregister.co.uk/2007/12/21/dwindling_antivirus_protection/|archive-date=May 11, 2011}}</ref> According to the ''ZeuS tracker'' website the average detection rate for all variants of the well-known [[Zeus (
The problem is magnified by the changing intent of virus authors. Some years ago it was obvious when a virus infection was present. At the time, viruses were written by amateurs and exhibited destructive behavior or [[pop-up ad|pop-up]]s. Modern viruses are often written by professionals, financed by [[Organized crime|criminal organization]]s.<ref>{{cite web|url=http://www.computerweekly.com/Articles/2007/07/13/225537/hacking-poses-threats-to-business.htm|title=Hacking poses threats to business|access-date=November 15, 2009|author=Illett, Dan|work=[[Computer Weekly]]|date=July 13, 2007|url-status=live|archive-url=https://web.archive.org/web/20100112104421/http://www.computerweekly.com/Articles/2007/07/13/225537/hacking-poses-threats-to-business.htm|archive-date=January 12, 2010}}</ref>
In 2008, [[Eva Chen]], [[CEO]] of [[Trend Micro]], stated that the anti-virus industry has over-hyped how effective its products are—and so has been misleading customers—for years.<ref>{{cite web|url=
Independent testing on all the major virus scanners consistently shows that none provides 100% virus detection. The best ones provided as high as 99.9% detection for simulated real-world situations, while the lowest provided 91.1% in tests conducted in August 2013. Many virus scanners produce false positive results as well, identifying benign files as malware.<ref>{{cite web|url = http://www.av-comparatives.org/wp-content/uploads/2013/12/avc_prot_2013b_en.pdf|title = Whole Product Dynamic "Real World" Production Test |access-date = January 2, 2014|last = AV Comparatives |date=December 2013| archive-url= https://web.archive.org/web/20140102214834/http://www.av-comparatives.org/wp-content/uploads/2013/12/avc_prot_2013b_en.pdf| archive-date= January 2, 2014 | url-status= live}}</ref>
Although methods may differ, some notable independent quality testing agencies include [[AV-Comparatives]], [[ICSA Labs]], [[SE Labs]], West Coast Labs, ''[[Virus Bulletin]]'', [[AV-TEST]] and other members of the [[Anti-Malware Testing Standards Organization]].<ref>{{cite web|url=http://www.computerworld.com/s/article/9178037/Guidelines_released_for_antivirus_software_tests|title=Guidelines released for antivirus software tests|first=Jeremy|last=Kirk|url-status=live|archive-url=https://web.archive.org/web/20110422121009/http://www.computerworld.com/s/article/9178037/Guidelines_released_for_antivirus_software_tests|archive-date=April 22, 2011|date=2010-06-14}}</ref><ref name="Harley 2011">{{cite book |last= Harley |first= David |author-link= David Harley |title= AVIEN Malware Defense Guide for the Enterprise |url= https://books.google.com/books?id=LBzXf0A-jQwC |year= 2011 |publisher= [[Elsevier]] |isbn= 9780080558660 |page= 487 |url-status= live |archive-url= https://web.archive.org/web/20140103121250/http://books.google.com/books?id=LBzXf0A-jQwC |archive-date= January 3, 2014}}</ref>
===New viruses===
Anti-virus programs are not always effective against new viruses, even those that use non-signature-based methods that should detect new viruses. The reason for this is that the virus designers test their new viruses on the major anti-virus applications to make sure that they are not detected before releasing them into the wild.<ref>{{cite web|url =
Some new viruses, particularly [[
{{cquote|It's something that they miss a lot of the time because this type of [ransomware virus] comes from sites that use a polymorphism, which means they basically randomize the file they send you and it gets by well-known antivirus products very easily. I've seen people firsthand getting infected, having all the pop-ups and yet they have antivirus software running and it's not detecting anything. It actually can be pretty hard to get rid of, as well, and you're never really sure if it's really gone. When we see something like that usually we advise to reinstall the operating system or reinstall backups.<ref name="CBC16Apr10" />}}
Line 229 ⟶ 233:
Furthermore, inexperienced users can be lulled into a false sense of security when using the computer, considering their computers to be invulnerable, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, it must be fine-tuned to minimize misidentifying harmless software as malicious ([[false positive]]).<ref>{{cite web | title=Softpedia Exclusive Interview: Avira 10 | url=http://news.softpedia.com/news/Avira-s-New-Anti-Malware-Fleet-139829.shtml | work=Ionut Ilascu | publisher=Softpedia | date=April 14, 2010 | access-date=September 11, 2011 | url-status=live | archive-url=https://web.archive.org/web/20110826154924/http://news.softpedia.com/news/Avira-s-New-Anti-Malware-Fleet-139829.shtml | archive-date=August 26, 2011}}</ref>
Antivirus software itself usually runs at the highly trusted [[kernel (operating system)|kernel]] level of the [[operating system]] to allow it access to all the potential malicious process and files, creating a potential avenue of [[attack (computing)|attack]].<ref>{{cite web | title=Norton AntiVirus ignores malicious WMI instructions | url=
respectively, have been exploiting anti-virus software to spy on users.<ref>{{cite news| title=NSA and GCHQ attacked antivirus software so that they could spy on people, leaks indicate | url=http://www.belfasttelegraph.co.uk/technology/nsa-and-gchq-attacked-antivirus-software-so-that-they-could-spy-on-people-leaks-indicate-31327280.html | date=June 24, 2015 | access-date=October 30, 2016}}</ref> Anti-virus software has highly privileged and trusted access to the underlying operating system, which makes it a much more appealing target for remote attacks.<ref name="Kaspersky-targeted">{{cite web | url=https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/ | title=Popular security software came under relentless NSA and GCHQ attacks | work=Andrew Fishman, Morgan Marquis-Boire | date=June 22, 2015 | access-date=October 30, 2016 | url-status=live | archive-url=https://web.archive.org/web/20161031151320/https://theintercept.com/2015/06/22/nsa-gchq-targeted-kaspersky/ | archive-date=October 31, 2016}}</ref> Additionally anti-virus software is "years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there", according to Joxean Koret, a researcher with Coseinc, a Singapore-based [[information security]] consultancy.<ref name="Kaspersky-targeted"/>
== Alternative solutions ==
Line 238 ⟶ 242:
=== Hardware and network firewall ===
Network firewalls prevent unknown programs and processes from accessing the system. However, they are not antivirus systems and make no attempt to identify or remove anything. They may protect against infection from outside the protected computer or [[
=== Cloud antivirus ===
Line 269 ⟶ 273:
* [[Internet security]]
* [[Linux malware]]
* [[Quarantine (
* [[Sandbox (computer security)]]
* [[Timeline of computer viruses and worms]]
Line 297 ⟶ 301:
the Open Directory Project (dmoz.org) and link there using {{Dmoz}}. -->
▲{{Information security}}
{{malware}}
{{Antivirus software}}
| |||