How anti viruses work

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

1. Signature-based dectection (Dictionary approach)

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk.

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

2. Heuristic-based detection (Suspicious behaviour approach)

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.

Norton Internet Security 2011

Ever since the programmers at Norton went back to the drawing board, Symantec has been on a roll with their Antivirus and Internet Security Suites. Two years since they revamped and reprogrammed the application’s security structure, Norton as unassumingly progressed in terms of quality and performance.

When it comes to product installation, there is no other security suite that matches the speed of the Norton Antivirus and Internet Security Suite. The whole installation takes approximately a minute, and moreover, it doesn’t require a restart unlike most other security suites. What’s surprising is the level of detail that goes into each new release year after year. Each new iteration of Norton feels a lot easier to use than its predecessor. If you take a closer look, however, almost all features remain the same, and only the layout has been reshuffled and changed to a certain extent. That’s what a redesigned interface can do to a user’s perception. Moreover, eliminating what is not of importance, such as the CPU and Norton usage meter seen in version 2010 allows you to focus on more important aspects of the security suite. While most aspects of the interface remain the same, the 2011 version features a world map at the bottom that displays a live feed of the cyber-threat activity that Norton has blocked in the last 24 hours. Even though it’s not of great importance, it fills up an otherwise static and wasted space.Users get a detailed view of files that are downloaded, infected as well as installed. Process alerts such as memory/CPU consumption are also reported.

User accessibility is another aspect that has been implemented very well. For instance, the Online Family protection and Online Backup that were hidden away in sub-menus of the application settings have now been placed at the bottom of the menu screen. The Online Family safety comes as a separate package that allows you to monitor as well as take control of the browsing activity of other users within the system. A new addition to the security suite is the Norton Safe Web. Its basic purpose is to check for fraudulent and risky websites before you access them.

All aspects of the security suite are so well laid out that you would just need to glance through the interface to know which settings are active or disabled. Furthermore, the application still makes uses of the flip function that basically turns the interface 180 degrees to give a more detailed view of the overall RAM and CPU usage. Here, the user also gets to view the total number of threats detected, downloads/program installation, and number of quick scans run. Alerts can be viewed once the ‘Performance’ link is clicked. Norton Insight Network is a cloud-based service that keeps track of legitimate files as well as files that are known to disrupt the system.

The application features an all new System Insight 2.0, Download Insight 2.0 and an improved SONAR 3 engine. Apart from its application monitoring ability, System Insight 2.0 now alerts users as and when it detects a program overusing system resources. This is a nice addition as it gives the user immediate knowledge of which file is crunching on the available system resources.

System Insight also lets you view system activities such as application installation/downloads, disk optimization, threat detection and quick scans. Tabs are also placed at the top of the graph, where you can get hold of details for the current month and for the last two months. The Optimize option improves the boot time of your computer by rearranging file fragments into adjacent and contiguous clusters. If you take a closer look at the application settings, NIS 2011 now comes with features that gives administrators control over security settings.The new interface lets you enable or disable features in a snap.

Administrators can now either allow users to change settings, or disable ‘non-admin’ users from accessing application settings. In addition, application settings can also be password-protected to prevent unauthorized users from changing the security settings. In terms of memory consumption, the program left a very small footprint when idle; less than 15 MB.

NIS 2011 might seem like just a redesigned product, but it does come with updated features such as System Insight, Download Insight and a newly improved SONAR 3 engine that enhances the speed, efficiency and security of the system. With certification from AV-Comparatives, ICSA and West Coast Labs, you simply cannot go wrong with Norton Internet Security 2011.

At Rs. 1,220, it may seem a little steep but you can’t beat the protection.

Free Antivirus Download

Here are the most popular free Antivirus available to download.

Download the top Free Anti-virus from here :

  1. AVG Anti-Virus Free Edition
  2. Avira AntiVir Personal – Free Antivirus
  3. Avast Home Edition – Free Antivirus
  4. Norton AntiVirus 2010 – Free Tial Version – 30 days
  5. Kaspersky Internet Security 2010 – Free trial version – 30 days
  6. ThreatFire AntiVirus Free Edition
  7. ESET NOD32 Antivirus – Free trial version – 30 days
  8. Microsoft Security Essentials – Free Antivirus , Antispyware