The Basics: Antivirus Software

Hardly a week goes by without a new virus, Trojan horse, worm, spyware, or other form of malware rearing its ugly head in the news. Protecting your computer from malicious intruders requires a healthy dose of vigilance--and more than a little help from antivirus specialists.

Antivirus applications do much more than detect viruses. Most antivirus applications can detect and neutralize multiple types of malware, including viruses, Trojan horses, worms, spyware, and even phishing attacks. (We will use the term virus to refer to all malware.) Antivirus applications are available from a number of different vendors; each application has its own methods of detecting and attacking viruses.

The main component of an antivirus program is the scanning engine, which sifts through files on your computer, searching for evidence of a virus. In the past, antivirus engines used one of two common methods of detecting a virus. Some used a heuristic engine that detected virus structures and activities; others used a database of known viruses as a comparison. Each method had its advantages and disadvantages. Antivirus engines that used the heuristic method were believed to be capable of responding to any type of virus attack, even viruses that were new and as yet unknown to the security community; they were also likely to sound an alarm even when no virus was actually present. Antivirus engines that used a database of viruses were less likely to produce false positives, but they were unable to identify new viruses until the antivirus developer provided an update for the database.

As antivirus software matured, developers realized that both methods of detection had their place. Most modern antivirus software uses a combination of the two methods. Updating antivirus software is now automated; most antivirus software can phone home to check the virus database for updates, and automatically download and install them as they become available.

A growing trend in the antivirus market is online virus detection. You set your browser to the antivirus company's specified web page, and it will remotely scan your computer for viruses. There's no need to install an antivirus program, or have it actively running on your computer. Some ISPs (Internet Service Providers) include an online scanning service as part of their service.

Also new is the inclusion of antivirus protection in network routers, which are commonly employed by home users and small businesses to connect multiple computers to a single ISP account. The antivirus protection is usually supplied as a subscription service. In many cases, when you buy the router, you receive a few months to a year of free antivirus service; after that, you must pay a subscription fee to the provider to continue the antivirus coverage.

Mobile phone-based viruses are also new. Many antivirus software developers are addressing this threat with new products that run on cell phones. Many developers are also responding to the explosion of wireless networking with products that detect unauthorized Wi-Fi intrusions.

How To Shop

Most current antivirus software uses a combination of a database of known viruses and a heuristic engine. What differentiates them is ease of use, and the accuracy and frequency of program updates. The other consideration is any specific features you may need. An individual using a single computer has different needs than a family that shares one or more computers. Families with young children may need parental control features, something that isn't a concern for individuals, or families with older children.

Antivirus software generally works in one of two ways: as an application that is always running in the background, to ensure that no virus gains access, or as an application or online service that runs in batch mode. Many batch mode systems let you select a predetermined time to run the application, usually at system bootup or shutdown. Batch processing may be a good choice for older computer systems that lack sufficient memory or processor power to continuously run antivirus software. It also helps avoid conflicts with other applications and application installers. Some antivirus programs offer you the choice of running them in the background or in batch mode.

Antivirus software should be able to detect and, at a minimum, quarantine infected or suspicious files, to keep a virus from spreading. Even better is software that can eliminate a virus completely.

Some antivirus software offers additional features, such as the ability to detect and remove spyware. With the proliferation of spyware, this is an important feature, although dedicated anti-spyware programs are also available.

Another common feature is spam filtering. Many newer email clients have built-in spam filters, so this feature is not critical.

If you have multiple computers in your home or small business, consider investing in a router with a built-in antivirus subscription service. This system is often cheaper than buying antivirus software for each computer.