Concluding a look at the basics of Antivirus Software

Click here for the first part of this blog

How does your antivirus software detect threats?

This is likely to be through a combination of two different types of analysis:

  • Computer Screen and MicroscopeSignature-based detection – this is when the coding in the file being checked is compared with code that is known to be present in malicious files. Every day your antivirus software automatically connects to the online server (computer) of its manufacturer and downloads to your computer the latest list of known problems, together with their “signatures” – ie some specfic coding of the file that your antivirus software can check against the coding of the files it checks. This way, your antivirus program is usually no more than 24 hours behind in its knowledge of the known threats.
  • Heuristic detection – this is when the antivirus software looks at a number of factors in the suspect file, assign “weights” (or “scores”) to these factors, adds the scores together and then makes an overall judgment as to the likelihood of the file being malicious.

The downsides of anivirus protection

  • False negatives – if an antivirus program fails to detect a problem this is known as a “false negative”. The malware is then left free to do its business.
  • False Positives – your antivirus program may falsely accuse something on your computer of being malware. This is known as a false positive and can be a pain in the neck as it could take time, money, and expertise to analyse the situation and conclude that the antivirus program got a bit over-keen. Alternatively, you might just follow the on-screen prompts of your antivirus software and de-activate an important and valuable part of your system that wasn’t doing any harm.
  • Overhead – antivirus programs can slow down your system. With some complicated and large antivirus programs (disparagingly referred to as “bloatware”) this system degradation can be a noticeable nuisance – especially on older and less powerful systems.
  • Unhelpful messages – some antivirus programs are prone to popping up semi-cryptic messages about what they are doing and what they have found. These can be unsettling, annoying, and difficult to interpret.

Data file updating and program updating

Symbols representing internet connectionAs described above, almost all antivirus programs update their “virus definition files” or “signature definition files” every day. This does not affect the functionality of the program (ie what the program can do) – it just lengthens the list of known problems and how to recognise them. This is not the same thing as “updating the program”. Most antivirus programs now issue a new release towards the end of the year. Updating to a newer version of a program probably adds some bells and whistles but probably won’t change the basic antivirus detection of the program. I would suggest that it is far more important to ensure that the daily signature definition files are updated regularly than worrying about updating the program itself (especially if updating the program involves paying for it again).

So why bother with antivirus protection?

  • It’s not just your own system you are threatening. You could pass on malware to anyone you share files with.
  • The potential costs of not protecting your system are just too high. Over the years there have been several occasions when I have needed to re-format a client’s hard drive – ie wipe everything clean and re-install everything – to get rid of a virus infection. Apart from the disruption and potential loss of data, a half day spent trying to recover from a virus infection followed by resorting to re-formatting and starting again could easily cost £500-£750. Why would you risk that? Well, one response I sometimes hear to that question is “I only use my computer for web browsing and I use webmail so not even my emails are vulnerable”. My answer to that is that it could still take a day or more to re-format and re-install the basics of Windows, Windows Updates, printer drivers, other driver updates, browser updates, etc. And that is assuming that you have recovery DVDs or access to a recovery partition on your hard drive. Again I ask “why would anyone risk that”? And yet some people still do.They tend to change their minds, though, if they suffer a nasty infection that’s hard to remove. Please believe me when I say that it really isn’t worth waiting until that happens before installing an antivirus program.

If you want to do it now, with the minimum of fuss, download Microsoft Security Essentials from here and just follow the prompts. It’s free and it works.

But don’t do this if you already have an antivirus program installed. Don’t ever install more than one antivirus program on one computer. You might think that that would be a good way of improving your protection but what can happen is that the two competing products can get in each other’s way and cause the whole system to freeze.

Single candle on calendarIt’s a year since I started writing this blog every week. Before that I’d just dipped my toe in the water, wondering if I’d got anything useful to say on a regular basis to my computer support clients and potential clients. So, this week I thought I’d have a look back on some of the earlier posts and see what’s changed.

Microsoft Security Essentials

MSE LogoOn 16th October 2010 I wrote a post about Windows free antivirus program – Microsoft Microsoft Essentials. I had just installed it on an XP machine, and then I put it on my Vista Ultimate machine. It hasn’t caused me any problems apart from the tray icon disappearing initially on the XP version. The program just quietly gets on with the job. It’s caught a few nasties and seems to have dealt with them without drama. Admittedly, I don’t use these machines much except when providing remote computer support to clients who use Vista and XP themselves, and as destinations for backups from my main machine. Nevertheless, it appears to have done a near perfect job so far. It’s easy to install and very unobtrusive.

I now trust Microsoft Essentials to the extent that I have installed it on my new main laptop – a Samsung RF511 15.6 inch notebook. (This is my third Samsung and, so far, it’s as good as the first two.)

AVG Antivirus

AVG LogoShortly after blogging about Microsoft Security Essentials I covered AVG Free and even then I was complaining about how they try to mislead you into installing a trial of the paid version rather than installing/upgrading the free version. It’s my impression that this tendency has got worse during the last year and, frankly, I’m now too embarrassed to recommend it to clients unless I think they will be happy to do battle with AVG’s mis-directions. Recently, I’ve even seen AVG popups that suggest that AVG has saved the user from innumerable threats in the recent past. This is un-necessary, intimidating and misleading. I’d been recommending AVG for several years, but I now recommend Microsoft Security Essentials instead.

Zen Internet

Zen Internet Logoon 5th November last year I gave a plug, by way of a blog posting, to Zen Internet. They’d just won PC Pro Magazine’s award for Best Internet Provider for the seventh time. Guess what: they’ve just done it again.

As a consultant providing computer support to small organisations, independent professionals, and home users, I am often the person asked to deal with internet provider call centres on behalf of bemused and frustrated clients. I have some clients who call me to their homes and offices specifically to deal with these call centres because they find the experience too stressful, frustrating, and protracted to do it themselves.

Call centres appear to be geared to handling the maximum number of technical support calls with the minimum expertise. The way they do this is to force their support staff to follow a strict troubleshooting sequence that doesn’t require them to think: just to follow the instructions on their screen. The agent isn’t allowed to deviate from “the script”. so no real dialogue takes place with the client. It doesn’t seem to matter very much what the customer tells the “support agent”, the agent will still insist on making the poor client jump through exactly the same sequence of hoops every time. This approach tramples right over the customer’s primacy in the exchange. It’s appalling, frustrating and dis-empowering.

Compare this approach with that of Zen Internet. Their support people (based in Rochdale) actually listen to you, engage with you, and address your issue as a one-off that needs to be solved as such. It’s true that they don’t offer 24 hour support (it’s 08:00-20:00 weekdays and 09:00-17:00 at weekends), but that’s probably because they’re staffed by human beings – who need to sleep. Despite only being available during reasonable hours, Zen provide a much much better service than the likes of BT, Virgin and AOL. It’s true, though, that Zen are not competing on price. You won’t get broadband from them for a fiver a month. I use the Zen Lite service. It’s their “entry level” service and costs £15.31 plus VAT per month. It only includes 10gb downloads, but that’s fine for me as I don’t download movies or watch BBC iPlayer. As far as I am concerned Zen are worth every penny and I am happy to keep recommending them and plugging them.

So, as I’ve kept blogging on a weekly basis for a year there’s every chance I’ll stay with it. The readership is small but very very select! Actually, the readership is growing slowly and steadily, but I’ve not spent time and effort promoting it beyond the readers who matter most – my own computer clients and potential clients. I try and keep the focus on the needs of my own computer clients, but I am, of course, very happy for anyone at all to subscribe to the newsletter or read the blog online.

Thanks for reading!

PC Magazine defines antimalware as

“An umbrella term for antivirus programs, spyware blockers, intrusion detection systems (IDS’s) and other software that detects and eradicates unwanted input, which in almost all cases comes from the Internet.”PC Magazine

Jack Nicholson in 'The Shining' stares out of screenThere are two types of antimalware programs – real-time scanners (also called on-access scanners) , and on-demand scanners. Real-time scanners run on your system all the time. This term covers all programs that call themselves “antivirus” programs. This is the type of protection that this blog post addresses.

There are scores of different real-time products available. How do you know which one is right for you? This is a very common question and is difficult to answer. Some of the criteria involved could include:

  • ease of installation and use
  • does it slow the computer down or get in the way
  • what range of threats does it guard against
  • how well does it detect threats
  • how well does it remove threats
  • what (if anything) does it cost

It must be a bit of a conundrum for the antivirus program manufacturers that the better their program, the less the customers notice it. What we want as users is to just get on with using our computers and not worry about the potential problems. I can’t imagine anyone getting excited by reading through the list of threats a particular program claims to guard against. It hurts our brains even trying to understand the nature of the threats that we are told a specific program will guard against. What we actually want is peace of mind and no hassles.

Also, I feel sure that the way you use your computer can affect the amount and type of threat you are exposed to. There is no doubt in my mind (but I have no proof for this) that having young people using a computer seems to increase the chance of catching something. I suspect that this is because young people are far more likely than older people to be using the internet in a way that involves sharing of files amongst themselves. It’s no great stretch of the imagination to think that the bad people out there have realised this and target this part of the market accordingly. Maybe it would be an idea for the antivirus manufacturers to market their products towards specific groups of people that represent the different emphases of threats that those people may be exposed to. Anyway, they don’t, so you can’t find an antivirus program claiming to be “Supreme for Silver Surfers” or “Fantastic Fort Knox protection for 15 year olds”.

So how do we make the best decisions as far as antivirus is concerned?

If you want to look into this in huge detail and make a highly informed decision then I recommend www.av-test.org. Each quarter they publish a set of results of testing many products that are available for one specific operating system (Windows XP, Vista, or 7). They then cycle through these operating system each quarter. They score each product according to protection, repair, and usability and display the results in sortable tables (see http://www.av-test.org/certifications.php)

My own experience

My own favorites tend to change a bit over time. For a few years I have been recommending AVG Free. I think that it still does a very good job technically, but their increasingly aggressive marketing often “misleads” users into installing the paid version rather than the free version and they’ve even used scare tactics once or twice in the last year.

I’ve been installing Microsoft’s own “Security Essentials” on my own and clients’ sytems for a while and I have to say that it certainly performs very well in at least one respect in that it is virtually transparent: it just gets on with the job, updating itself quietly in the background and only making its present felt when there’s a potential problem. I don’t recall a single instance (yet) of anything getting past “Security Essentials”.

One product that I’ve not used in-depth myself but which seems to be highly liked by clients is Kaspersky Internet Security. Unlike AVG Free (natch) or Microsoft Security Essentials, it is a paid-for product but it gets increasingly cost-effective if you buy a licence for several machines.

Nothing’s perfect

Whatever product you go for, keeping up with malware threats is just that – keeping up. The bad people are always going to be one step ahead. We just have to hope that our antimalware product is very very quick off the mark in detecting and dealing with new threats The only way to stay completely safe from online threats is to stay away from the internet and that really would be a case of throwing the baby out with the bathwater. So, it stands to reason that it is possible for a threat to get past your protection.

…. and we have to live with that

You may think, then, that it would be a good idea to have another line of protection in the form of a second antimalware program. Good thinking, but don’t. You could break your system. If two real-time antimalware scanners go to check the same file at the same time the whole system could freeze.

So what do we do

Keep your antimalware program up to date, ensure that it is automatically updating its data files, and check that it is set to completely scan your system once a week or so. And, by the way, are you taking backups?

And what of Mac Users?

I’ll be investigating the current thinking on antivirus protection for Macs in the coming weeks.

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha