Let’s start with the basics: what exactly is an antivirus software and what does it do?
The definition of antivirus software programs goes something like this: A piece of software designed block out viruses and other malware from entering your device and compromising your personal data or the hardware itself.
A good antivirus is a must have. It minimizes the times you have to enter damage control mode to clean up the mess caused by a successful malware attack.
Before we go into finding our dream antivirus, let’s see what exactly makes an antivirus, an antivirus.
How does antivirus software work? Things you should know about AV before getting one
Virus scanner and script blocking
Reactive scanning is the bread and butter of an antivirus. Basically, it scans any new program or file before it’s opened and checks if it is a known malware or if it behaves like one.
It’s all done in the background, and the scanned file or program only opens once the antivirus has finished the scan.
Then there is the full system scan, where the antivirus goes through every nook and cranny of your device in order to find malware or any other suspicious software or files.
Some AVs also block malicious ActiveX or Java scripts from infecting your PC. Plugins based on these technologies can be used to make your PC part of a botnet, inject code or do drive-by downloads.
What to look for:
Ideally, the scanner should be lightweight and not hog down your device while still having a very high detection and block rate.
Database of known malware
However, scans cannot be effective if the program doesn’t know what it’s looking for. That’s why every antivirus software comes with a database of known malware, and compares each scanned file to the contents of the database.
This database is updated very frequently, quite often on a daily basis. This is one of the reasons why we always advocate for people to keep their software updated, particularly their antivirus.
Updated software goes a long way to protect you on the internet, since it greatly diminishes the possibility of malicious hackers exploiting an unpatched vulnerability of your software.
But antivirus programs also make use of something called “heuristic analysis”. This means that it will consider a file to be malware if it behaves like one, even if it can’t be found in its database.
This is one reason why some AVs falsely classify some safe programs such as Chrome as a
virus. The industry calls this a “false positive” and it is a criteria used to judge the quality of an antivirus.
Any antivirus software worth its salt will automatically update itself, both to clean up any vulnerabilities it might have and to keep its virus database and capabilities up to date. Basically, the quicker and more frequent the updates, the better.
Sometimes, removing malware can be just as important as blocking it in the first place. Usually, the cybersecurity industry sees the two functions as being separate. That’s why many of the free AV’s out there can only detect and block malware, but won’t be able to remove it if your PC is infected.
For that, you will most likely have to purchase the full antivirus solution or download a separate piece of software specializing in malware removal.
Other features you should look for
Firewall: Some AV’s can filter and scan your internet traffic to detect incoming threats before they reach your device.
Other features to look for: DNS Protection, Password Managers, System Optimization, Phishing protection, Antispam, Browser protection.
Test antivirus to be sure it works
Sometimes you’ll go through a long period where you don’t encounter any online threats and seem to forget that you even have an antivirus installed.
“Is it still alive?” you may ask.
Well, there’s a test you can do to see if it still works.
So how do you test your antivirus to see if it’s still active?
Basically, you have to create a “false virus” that triggers your AV’s defense procedures.
What you need to do is create an antivirus test file (a .txt file) . A simple notepad document will do just fine.
Then you will need to use a standardized EICAR code. This is something recognized by all antivirus developers as a means of testing if their software is active.
Your antivirus should trigger immediately and activate its security protocols to eliminate the “fake virus”.
If it doesn’t, then that means your software is inactive/disabled.
Software Developer Transparency:
Checking a few details on the antivirus developer’s website and patch notes can help you get a better idea of how seriously they approach updates and bug hunting.
For example, highly detailed patch notes will give you a better picture of what you can expect from the company in terms of reliability. And this applies for other types of software as well, not just antivirus or other security solutions.
This course is presented in partnership with Heimdal Security – a worldwide leader in enterprise and consumer cyber security solutions.