Anti-virus software is designed to prevent software viruses from entering your system, as well as searching for and removing malware such as adware, spyware, Trojans, worms, etc.
It is vital that an organization has anti-virus software installed on their system; one visit to the internet from an unprotected system and the entire system could be brought to its knees almost instantly.
We are not talking about one or two instances here; we are talking about constant bombardment, with well over 60,000 new instances of malware being created daily. This is why anti-virus software providers update their tools daily to keep up with new threats.
There are lots of different companies that offer anti-virus solutions for enterprise users and each will vary. The basic protection levels are the same across the board though. Each one will:
- Scan directories and files for malicious patterns or malware
- Schedule automatic scans
- Allow you to initiate scans on specific directories or files, or on external hardware attached to the computer, like a flash drive or a CD/DVD
- Remove any malware or malicious code that is found
- Show you how healthy your system is and notify you of bad files or possibility of malware
3 of the main and most important features are:
The software will scan all files that are executed from the back-end and is also known as on-access scanning. It provides real-time protection to safeguard the system from malicious attacks
Full System Scanning
If you already have background scanning in place, a full system scan is not usually needed. However, they should be performed when the anti-virus software is first installed or has been updated.
This will ensure that there are no viruses hiding on your system. A full system scan should also be done when repairs are made to infected hardware on the system
In order for anti-virus software to identify the malware it finds, it relies on virus definitions and this s the main reason updates are done – to update those definitions. A malware definition contains a signature for a new virus or any other malware classified as wild.
If the software finds anything on your system similar to or the same as what is in the definition it will terminate the file by putting it into quarantine. It will then be processed according to what type of virus or malware it is.
How to Detect Viruses
Anti-virus software uses several methods to detect viruses:
Signature-Based Detection: a common method whereby all .exe files are checked and validated against known viruses and malware. These are then quarantined
Heuristic-Based Detection: commonly used together with the signature-based detection method and is deployed in just about every anti-virus program.
This allows the software to find new or altered malware versions even when the latest definitions are not available. They are run in a virtual environment, stopping the code from infecting the system.
Behavioral-Based Detection: mostly used in intrusion detection mechanisms and concentrates on detecting malware characteristics during execution. It will find the malware only while it is performing malicious actions
Sandbox Detection: like the behavioral detection, this will execute an application in a virtual environment to track what it does. In this way, it can be determined if it is malicious or not
Every organization must be fully protected by anti-virus software that is designed for enterprise use.
Free ones are useless on a multi-computer system as they only provide the minimum amount of protection