10 Things Your AntiVirus Must Do. Benefits of Using an AntiMalware.

Here are the Top 10 Things that an Ideal Antivirus Must be able to do to a Windows Computer from all kinds of Malware and Hackers.

An AntiMalware (or commonly known as an AntiVirus) is a computer security software that protects the computer, prevent malware, and removes, in real-time from malware and threats. However, not all Antivirus are the same. Here is the list of 10 things that an ideal Antivirus must be able to do.

  1. Complete Real-time Protection from All Kinds of Malware
  2. Great Malware Detection with Few False Positives
  3. Multi-Layer Protection
  4. Multiple Scan Options
  5. Multiple Web Shields
  6. Automatic Virus Signature/Definition Updates
  7. Additional Security Tools
  8. Compatibility with Other (Security) Software
  9. Low System Impact
  10. Self-Protection

1. Complete Real-time Protection from All Kinds of Malware

The term Antivirus is a misnomer, the correct term is Antimalware. The term Malware is used to describe a Malicious Software. There are many types of malware, and a Virus is only one of its types. Here are some of the types of a Malware. An ideal Antimalware (or an Antivirus) should be able to protect your computer from all kinds of Malware.

  1. Adware
  2. Backdoor
  3. Bootkit
  4. CrackTool
  5. DDoSTool
  6. HackTool
  7. HijackTool
  8. MiningTool
  9. PornTool
  10. PUP/PUA
  11. RAT
  12. Ransomware
  13. Riskware
  14. Rogueware
  15. Rootkit
  16. SpamTool
  17. Spyware
  18. Trojan Horse
  19. Virus
  20. Worm

2. Great Malware Detection with Few False Positives

The Detection Ratio is the most important factor in considering an Antivirus/Antimalware. Detection Ratio of an Antimalware is defined as the total number of malware detected by the antimalware to the total number of Malware. More is better.

A False Positive is defined as a legitimate file marked as a malware by an Antimalware. In the case of False Positives, less is better. This is the thing that separates the good from the great. A security software can flag any suspicious or unknown file, but in this process, it could also block some legitimate files. What makes an Antivirus great is not only the detection ratio but also the accuracy of those detections.

3. Multi-Layer Protection

There are multiple technologies used by Antivirus products to keep you protected from malware.

Following are the 10 Malware Detection Techniques used by AntiMalware/AntiVirus.

  1. Malware Signatures: The Malware or Virus Definitions/Signatures is the database of the malware detected by an Antivirus. It is downloaded on the user computer. During scanning, an Antivirus matches the files on a user’s computer with this database of malware, if a match is found, the file is labelled a Malware.
  2. Behavioural Analysis: The Behavioural Analysis method checks the behaviour of the programs. The Antivirus blocks any program showing characteristics of a malicious program. The HIPS (Host Intrusion Prevention System) and the IDS (Intrusion Detection System) technologies work in this type of analysis.
  3. Heuristic Analysis: The Behavioural Analysis method is used to detect new variants of malware based on their code. The Malware Signatures/Virus Definitions work with Virtualization (Sandboxing) in this type of analysis.
  4. Host Intrusion Prevention System (HIPS): HIPS, an acronym for Host Intrusion Prevention System, is a technology used by security software, which involves monitoring each activity performed by a software on the host machine. It notifies the user about these activities, and presents him with options like Allow, Block, etc. for those activities.
  5. Web Filtering: The Web Filtering technology is used to block threats coming from the Internet by blocking access to malicious websites, blocking files download directly and indirectly from malicious websites, and by detecting and blocking the phishing webpages.
  6. Antivirus Sandboxing (or Virtualization): Sandboxing involves running the software in a virtual environment to analyse their behaviour. The Virtualization and the Behavioural Analysis technologies are used in this type of detection technique.
  7. Cloud Protection, Cloud Analysis, and File Rating: The Cloud Analysis is essential for detecting new types of malware. When an Antivirus finds a file that displays a behaviour similar to that of a malicious application then it is sent to the Antimalware vendor labs where it is tested. If the program is found to be malicious, a signature is created for it, which is used to block it from all of the other computers where it is detected.
  8. Web Browser Extensions/Add-ons/BHOs: In case of most of the users, most of the time spent on the computer is the time spent on a web browser. A Web browser is used to browse the Web or the Internet, the most common place of getting malware on the computers. So, it makes sense to make a product that is made only for the web browsers. Different web browsers have different names like Extensions, Add-ons, Plug-ins, Browser Helper Objects (BHO), etc.
  9. Domain Name System (DNS): The DNS or Domain Name System is another way to protect your computer. By default, the Internet Service Providers (ISP) provide their own DNS server. Some of these ISPs inject ads from their sponsored ad networks. Some of the websites included these ad network can drop malware on your computers. Therefore, it becomes necessary to use a third-party DNS service. A few Antivirus companies provide their own security-focussed DNS services.
  10. Firewall (available in Security Suites): Technically, a Firewall is not marketed as a component of an Antivirus. The Computer Security Software companies include Firewall in a separate product called Internet Security. The Antivirus is also sold as another product called Total Security, which includes the Firewall and some computer optimization tools.

More options mean better protection.

4. Multiple Scan Options

Your Antivirus should have a full set of Scan options:

Following are the 7 types of Scan options found in Antivirus/Antimalware are:

  1. Full Scan: A Full Scan scans all sections of your computer. This takes the most amount of time. The total time taken to complete the scan is dependent on the amount of files on the system, and the efficiency of the Antivirus scanner.
  2. Smart Scan: A Smart Scan scans important Windows locations. It is also called a Quick Scan, the objective of this type of scan is to quickly scan the most sensitive location of a computer for malware.
  3. Custom Scan: A Custom Scan lets the user select custom locations like partitions or drives, directories, and other locations like Registry for scan.
  4. Boot-time Scan: This type of scan is used to detect the presence of viruses that infect the bootloader of the computer such as a Rootkit. This scan is performed before the loading of Windows; this makes it possible for the Antivirus to detect those malware that hide themselves from computer security software in Windows environment.
  5. Context Menu Scan: The Context Menu Scan gives you a scan option in the right-click context menu of Windows File Explorer. This makes it easier to scan some specific files and folders.
  6. External Device Scan/Removable Media Protection: The External Device Scan or the Removable Media Protection is one of the most important types of scan. It notifies the computer user whenever a removable storage device such as USB Flash Device, External Hard Disk Drive, Memory Card, etc. is connected. The notification or alert box gives the user various options to scan the device for malware. This scanning on external devices can be automated as well. It also prevents the execution of malware that use AutoRun and AutoPlay features of Windows.
  7. Cloud Scan: A Cloud Scan is necessary feature in any Antivirus. What differentiates the best Antivirus from the ordinary ones is its ability to detect and remedy new threats. A Could Scan scans the system and sends any files that show malware-like behaviour for analysis to the Antivirus labs. This helps the Antivirus in discovering new malware and previously undiscovered variants of old malware. This scan type is also helpful in cases when a malware disables the antivirus updates. In such a scenario, the Antivirus may not have the latest virus definitions/signatures but it will still have the ability to detect the new malware.

5. Multiple Web Shields

An Antivirus must be able to give you an all-around protection from the Internet-borne threats. Some of the most important types of Web Shields are:

  • Email Protection: The Email Protection shield protects against Spam, and other possible malware that you can get from your Inbox, and attached files.
  • Web Protection/Download Protection: The Web Protection or the Download Protection shield scans all of the files downloaded in real-time. These downloaded files are not only those that the user downloads in web browser or download manager, these should include those files that are not visible to the user, but are downloaded in the background. The program should be able to detect the source of download locations.
  • Anti-Phishing: The Anti-Phishing shield uses Web Filtering technologies for blocking phishing pages and malicious websites. It can also be used to setup the Parental Controls.
  • IM Protection: The IM Protection shield protects you from the malware that spread through the Instant Messaging clients, and the file sharing that takes place in them.

6. Automatic Virus Signature/Definition Updates

While selecting an Antivirus, consider how early can an Antivirus vendor create and deliver the definitions for the newly found threats to its users. Visit the Settings of your Antivirus, and go through its Update options; make sure that to configure it in a way that you receive your updates as early as possible.

Signatures/Definitions have taken a backseat with more advanced technologies like Behavioural Analysis, Heuristic Analysis, HIPS, Sandboxing, Cloud Analysis, etc. taking over. But still, they act as the backbone of an Antivirus for the combating the most common types of malware.

7. Additional Security Tools

An Antivirus should include additional security tools as well that can be helpful in recovering an infected computer, and performing other computer security related tasks.

One of the most important security tools is the bootable antivirus rescue disk creator. It lets the user create Bootable USB/CD Antivirus Rescue Disks, which can be used to scan the computer for malware from outside of the Windows, or when the Windows is unbootable due to malware infections.

This can be helpful in the detection and removal of those types of malware that have placed themselves deep into your system, and that boot before your Antivirus and hide themselves from the Antimalware that you have installed on your computer. A bootable disk bypasses the normal Windows boot process, and boots through the bootable disk itself. The contents required to run the live environment are loaded into the system memory. This way, the malware are not able to boot, and hence become detectable.

8. Compatibility with Other (Security) Software

An Antivirus is not the only computer security product that users install on their system. It should be compatible with other products such as the Firewall products from other companies.

Before installing any Antimalware, check if it is compatible with other real-time security software installed on your computer. For example, if you have installed a firewall from one vendor, and now you are going to install an Antivirus from another vendor, then make sure that these two are compatible with each other. The Antivirus and the Firewall are two different products; they are made to run together to provide the complete protection to a PC. But sometimes, the features included in these two types of software overlap with each other. For example, both of the security products, the Antivirus and the Firewall, may have HIPS included in them. Now, the HIPS component included in both of them will try to run at the same time. This could cause your system to crash, or a system slowdown at the least.

9. Low System Impact

An Antivirus should not impact the system performance too much. We know that Antivirus is a type of program that has to be run continuously, scan files all the time whether to surf a webpage, open email attachments, download a file, execute a program, connect a removable storage device, etc. Such a real-time program uses system resources. But, this impact of this real-time protection on the performance of the computer should be as little as possible. What’s the point of a protected PC that can’t be used to do anything! You don’t want only the Antivirus to run on your computer. It should be light enough to let the user do his actual work.

10. Self-Protection

First, it should be able to protect itself from malware. An antivirus should be able to protect itself from malware, let alone the whole computer. Some computer security programs have a password-protection feature, which prevents any malware from shutting down the antivirus program itself, or other specific components, or services related to them such as the automatic updates. If you Antivirus has such an option then make use of it.

Take care of these things before purchasing an Antivirus.

Leave a comment