Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect from other computer threats. In particular, modern antivirus software can protect users from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious LSPs, dialers, fraud tools, adware, and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity (privacy), online banking attacks, social engineering techniques, advanced persistent threat (APT), and botnet DDoS attacks.
Following the 2013 release of the APT 1 report from Mandiant, the industry has seen a shift towards signature-less approaches to the problem capable of detecting and mitigating zero-day attacks. Numerous approaches to address these new forms of threats have appeared, including behavioral detection, artificial intelligence, machine learning, and cloud-based file detonation. According to Gartner, it is expected the rise of new entrants, such Carbon Black, Cylance and Crowdstrike will force EPP incumbents into a new phase of innovation and acquisition. One method from Bromium involves micro-virtualization to protect desktops from malicious code execution initiated by the end user.
Another approach from SentinelOne and Carbon Black focuses on behavioral detection by building a full context around every process execution path in real time, while Cylance leverages an artificial intelligence model based on machine learning. Increasingly, these signature-less approaches have been defined by the media and analyst firms as “next-generation” antivirus and are seeing rapid market adoption as certified antivirus replacement technologies by firms such as Coalfire and DirectDefense. In response, traditional antivirus vendors such as Trend Micro, Symantec and Sophos have responded by incorporating “next-gen” offerings into their portfolios as analyst firms such as Forrester and Gartner have called traditional signature-based antivirus “ineffective” and “outdated”.
One of the few solid theoretical results in the study of computer viruses is Frederick B. Cohen’s 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses. However, using different layers of defense, a good detection rate may be achieved.
There are several methods which antivirus engines can use to identify malware:
Sandbox detection: a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged, the antivirus engine can determine if the program is malicious or not. If not, then, the program is executed in the real environment. Albeit this technique has shown to be quite effective, given its heaviness and slowness, it is rarely used in end-user antivirus solutions.Data mining techniques: one of the latest approaches applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features, that are extracted from the file itself.
Powerful Protection Against Viruses And Spyware