Antivirus Software: Their Quality and Their Problems | Antivirus

If we look at different antivirus solutions from the point of view of the criteria presented in the "Choosing an Antivirus Solution" section, we will see that they are very uneven. Unfortunately, virus protection with an adequate level of security is not always what is provided or guaranteed. Foolproof antivirus solutions against all existing threats do not exist. The standoff between antivirus companies and cybercriminals continues to intensify every year. This situation can moreover be described as a crisis within the antivirus industry that fails to provide a sufficiently reliable level of security to users.

Malware detection

This is the most important aspect of the quality of protection. An antivirus solution should be able to detect as much existing malware as possible - that's what it was designed to do. It must be able to detect new versions of known viruses, worms, or Trojans, including those located in compressed files (executable files modified by utilities to archive them), and to analyze the contents of archives and installation packages.

So what are the problems that antivirus software could encounter apart from the usual competition between products? It sounds pretty straightforward: there are computer viruses, so we need antiviruses to fight them. Antiviruses have long been a popular commodity that is not much different from other products on the market, and they are sold because of their attractive design, the publicity they receive, and many other non-technical reasons. Antiviruses have therefore become a commodity like any other, a consumer product, just like cleaning products, toothbrushes, and cars.

However, antivirus software is more than just a convenience, and user choice is affected by other aspects than product design, price, or aggressive advertising. The basic criterion is the technical performance of the product and many antivirus software could differ significantly if we evaluate them according to this criterion. The first questions to ask are therefore the threats against which a specific product will be able to protect you and whether the protection provided is of adequate quality.

An antivirus should be able to protect the user against all types of malware and the better it does its job, the more comfortable it will be for the user and system administrators. If someone were to ignore this concept, reality would quickly catch up with practical issues such as theft of their bank accounts, making unsolicited calls to unknown numbers, or a dramatic increase in outgoing traffic for no particular reason.

Since Antivirus X software detects 50% of all active viruses on the Internet at any given time, Product Y detects 90%, and Product Z detects 99.9%, it is easy to calculate the probability that your computer remains intact after N attacks. If your computer is attacked 10 times, there is a good chance that it will be infected in case X (99.9%), more than in case Y (65%), and even more than in case Z ( Only 1%) where it will certainly remain protected.

Unfortunately, all the antiviruses available on the market fall far short of providing a level of protection approaching 100%. Moreover, most products struggle to provide a 90% level of security! This is a major problem facing antivirus software these days.

Problem - 1. The number and variety of malware continue to grow every year. Many antivirus companies cannot keep up with this pace and are losing their “showdown” against viruses. The users of their products are therefore not completely protected against all the computer threats that exist today. Unfortunately, not all products made by anti-virus companies can be considered anti-virus.

Regular updates

Antivirus must be updated regularly: cybercriminals are more active each year and new malware is appearing more and more often and in greater numbers. Antivirus solutions cannot always stop new viruses and Trojans using proactive methods. This is why an antivirus must be able to react quickly to new malware.

5 or 10 years ago it was possible to say that wards didn't need to protect against all new viruses and Trojans because most of them were created by rebellious teenagers to boost their esteem. themselves or simply to satisfy their curiosity and they did not infect users' computers. Protection against the few viruses that managed to infect computers was therefore sufficient. However, this is no longer the case today. According to Kaspersky Lab, 75% of malware today is created by underground cybercriminals to infect large numbers of computers and hundreds of new viruses and Trojans appear every day.

This means that the probability of getting infected with "criminal" malware while browsing the web is much higher than zero, and it is very likely that hundreds of thousands of infected users are browsing the web. If the new malware is a worm, the number of victims could number in the millions. The internet is a very fast-paced environment, and antivirus companies have to constantly create updates to eradicate new viruses and Trojans. This is where the second problem lies.

Problem - 2. These days malware spreads very quickly, forcing antivirus vendors to release protection updates as frequently as possible to protect users from all computer threats. Unfortunately, some antivirus vendors fail to deliver effective protection quickly enough, and updates to it are reaching users far too late.

Remove malicious code

Suppose, however, that a virus still managed to pass all the barriers and infiltrate a user's computer, and the antivirus failed to detect it. Again, assume that the user or systems administrator has not downloaded the latest anti-virus database update. The updates will eventually arrive on the computer and the virus will then be detected. Nevertheless, it needs to be removed from the system carefully before the user can claim victory. The keyword here is “precisely remove” and this is where our antivirus software faced a new problem.

Problem - 3. Delete the detected malicious code from the infected system. Viruses and Trojans often take special measures to disguise their presence within the system or to integrate themselves so deep into the system that it will be extremely complicated to remove it. Unfortunately, sometimes anti-virus software may be unable to remove malicious code precisely to get the system back to normal.

Performance vs. protection

All software uses computer resources, and antivirus software is no exception. To protect your computer, your antivirus software must perform certain activities such as opening files, reading data from those files, unzipping archives for analysis, etc. The more exhaustive the scan, the more the antivirus will use CPU resources. It is possible to use the metaphor of the iron curtain: the heavier it is, the better it will protect and the more difficult it will be to open and close it. So we face a new problem: how to strike a balance between security and computer performance.

Problem - 4. Use CPU resources appropriately. There is no ideal solution. Experience shows us that the fastest antivirus software does not provide effective protection and does not block malware. However, the opposite solution is also not correct: a slow antivirus does not necessarily provide adequate protection.

Use multiple antivirus software

To scan files in real-time and protect a computer, anti-virus software must penetrate relatively deep into the core of the system. Technically speaking, an antivirus installs event interceptors deep within the protected system and passes the intercepted data to the antivirus engine to scan for files, network packets, and other critical data.

Unfortunately, two antivirus solutions aren't always better than one. If two antivirus software is running on the same computer, they will try to install two interceptors in the same area of ​​the system kernel. This will therefore create conflicts between the antivirus solutions. One of the two antivirus software will either fail to intercept system events or will try to install a parallel interceptor which will crash the entire system. This is the last problem with virus protection.

Problem - 5. Two antivirus software cannot run simultaneously on the same computer. In most cases, it's technically impossible to install two antivirus programs on the same machine to give it dual protection - the two just can't work together.