Antivirus Software Methods

Antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack. Installed antivirus software running on an individual computer is only one method of guarding against viruses. Other methods are also used, including cloud-based antivirus, firewalls and on-line scanners.

(a) Cloud antivirus
Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider’s infrastructure.

One approach to implementing cloud antivirus involves scanning suspicious files using multiple antivirus engines which is called CloudAV. It was designed to send programs or documents to a network cloud where multiple antivirus and behavioral detection programs are used simultaneously in order to improve detection rates.

Parallel scanning of files using potentially incompatible antivirus scanners is achieved by spawning a virtual machine per detection engine and therefore eliminating any possible issues. CloudAV can also perform “retrospective detection,” whereby the cloud detection engine re-scans all files in its file access history when a new threat is identified thus improving new threat detection speed.
CloudAV is a solution for effective virus scanning on devices that lack the computing power to perform the scans themselves.

(b) Network firewall
Network firewalls prevent unknown programs and processes from accessing the system. However, they are not antivirus systems and make no attempt to identify or remove anything. They may protect against infection from outside the protected computer or network, and limit the activity of any malicious software which is present by blocking incoming or outgoing requests on certain TCP/IP ports. A firewall is designed to deal with broader system threats that come from network connections into the system and is not an alternative to a virus protection system.

( c ) Online scanning
Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. Periodic online scanning is a good idea for those that run antivirus applications on their computers because those applications are frequently slow to catch threats. One of the first things that malicious software does in an attack is disable any existing antivirus software and sometimes the only way to know of an attack is by turning to an online resource that isn’t already installed on the infected computer.

You may also Read: