Freeware Anti Virus Cleaners and Removers
- Adaware Antivirus (Free)
- Avast Antivirus (Free)
- Avg Antivirus (Free)
- Avira AntiVir (Free)
- BitDefender Antivirus (Free)
- Comodo Av (Free)
- Kaspersky Antivirus (Free)
- ZoneAlarm Antivirus (Free)
What is a Antivirus software?
Antivirus software mainly prevent and remove computer viruses, including worms and trojan horses. Such programs may also detect and remove adware, spyware, and other forms of malware.
A variety of strategies are typically employed. Signatures involve searching for known malicious patterns in executable code. However, signatures can only be updated as viruses are created; users can be infected in the time it takes to create and distribute a signature. To counter such zero-day viruses, heuristics may be used to essentially guess if the file is truly malicious. Generic signatures look for known malicious code and use wild cards to identify variants of a single virus. An antivirus may also emulate a program in a sandbox, monitoring for malicious behavior. Success depends on striking a balance between false positive and false negatives. False positives can be as destructive as false negatives. In one case a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.
Anti-virus software can have drawbacks. If it is of the type that scans continuously, antivirus software may cause a significant decline in computer performance, it may present computer users with a decision the user may not understand. Antivirus software generally works at the highly trusted kernel level of the operating system, creating a potential avenue of attack.
The effectiveness of antivirus software is a contentious issue. One study found that the detection success of major antivirus software dropped over a one-year period.
There are several methods which antivirus software can use to identify malware.
Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.
Malicious activity detection is another way to identify malware. In this approach, antivirus software monitors the system for suspicious program behavior. If suspicious behaviour is detected, the suspect program may be further investigated, using signature based detection or another method listed in this section. This type of detection can be used to identify unknown viruses.
Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses. This can be accomplished in one of two ways: file analysis and file emulation.
File analysis is the process of searching a suspect file for virus-like instructions. For example, if a program has instructions to reformat the C drive, the antivirus software might further investigate the file. One downside of this feature is the large amount of computer resources needed to analyse every file, resulting in slow operation.
File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
Studies in December 2007 have shown that the effectiveness of Antivirus software is much reduced from what it was a few years ago, particularly against unknown or zero day attacks. The German computer magazine c’t found that detection rates for these threats had dropped from 40-50% in 2006 to 20-30% in 2007. At that time, the only exception was the NOD32 antivirus, which managed a detection rate of 68 percent.
The problem is magnified by the changing intent of virus authors. Some years ago it was obvious when a virus infection was present. The viruses of the day, written by amateurs, exhibited destructive behaviour or pop-ups. Modern viruses are often written by professionals, financed by criminal organisations. It is not in their interests to make their viruses or crimeware evident, because their purpose is to create botnets or steal information for as long as possible without the user realising. If an infected user has a less-than-effective antivirus product that says the computer is clean, then the virus may go undetected. Nowadays, viruses generally do not attempt to overwhelm the Internet by flooding. Instead, viruses take a more controlled approach, as damaging the vector of infection does not result in financial gain.
Traditional antivirus software solutions run virus scanners on schedule, on demand and some run scans in real time. If a virus or malware is located the suspect file is usually placed into a quarantine to terminate its chances of disrupting the system. Traditional antivirus solutions scan and compare against a publicised and regularly updated dictionary of malware otherwise known as a blacklist. Some antivirus solutions have additional options that employ an heuristic engine which further examines the file to see if it is behaving in a similar manner to previous examples of malware. A new technology utilised by a few antivirus solutions is whitelisting, this technology first checks if the file is trusted and only questioning those that are not.With the addition of wisdom of crowds, antivirus solutions backup other antivirus techniques by harnessing the intelligence and advice of a community of trusted users to protect each other. By providing these multiple layers of malware protection and combining them with other security software it is possible to have more effective protection from the latest zero day attack and the latest crimeware than previously was the case with just one layer of protection.