Antivirus software

"[11] (note that a more recent definition of computer virus has been given by the Hungarian security researcher Péter Szőr: "a code that recursively replicates a possibly evolved copy of itself").

[18][19] In 1987, Andreas Lüning and Kai Figge, who founded G Data Software in 1985, released their first antivirus product for the Atari ST platform.

Other kinds of more advanced heuristics were later added, such as suspicious section names, incorrect header size, regular expressions, and partial pattern in-memory matching.

Some members of this mailing list were: Alan Solomon, Eugene Kaspersky (Kaspersky Lab), Friðrik Skúlason (FRISK Software), John McAfee (McAfee), Luis Corrons (Panda Security), Mikko Hyppönen (F-Secure), Péter Szőr, Tjark Auerbach (Avira) and Vesselin Bontchev (FRISK Software).

[35] In the end of the 1980s, in United Kingdom, Jan Hruska and Peter Lammer founded the security firm Sophos and began producing their first antivirus and encryption products.

CARO members includes: Alan Solomon, Costin Raiu, Dmitry Gryaznov, Eugene Kaspersky, Friðrik Skúlason, Igor Muttik, Mikko Hyppönen, Morton Swimmer, Nick FitzGerald, Padgett Peterson, Peter Ferrie, Righard Zwienenberg and Vesselin Bontchev.

On the other hand, in Finland, F-Secure (founded in 1988 by Petri Allas and Risto Siilasmaa – with the name of Data Fellows) released the first version of their antivirus product.

[45] In 2000, Rainer Link and Howard Fuhs started the first open source antivirus engine, called OpenAntivirus Project.

[53][54] Over the years it has become necessary for antivirus software to use several different strategies (e.g. specific email and network protection or low level modules) and detection algorithms, as well as to check an increasing variety of files, rather than just executables, for several reasons: In 2005, F-Secure was the first security firm that developed an Anti-Rootkit technology, called BlackLight.

[62] Following the 2013 release of the APT 1 report from Mandiant, the industry has seen a shift towards signature-less approaches to the problem capable of detecting and mitigating zero-day attacks.

According to Gartner, it is expected the rise of new entrants, such Carbon Black, Cylance and Crowdstrike will force end point protection incumbents into a new phase of innovation and acquisition.

[64] One method from Bromium involves micro-virtualization to protect desktops from malicious code execution initiated by the end user.

Another approach from SentinelOne and Carbon Black focuses on behavioral detection by building a full context around every process execution path in real time,[65][66] while Cylance leverages an artificial intelligence model based on machine learning.

Half of these adults use paid products, and about 50% of third-party software users - the owners of personal computers and Windows operating systems.

[101] Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants.

[113] Recovering from such damage to critical software infrastructure incurs technical support costs and businesses can be forced to close whilst remedial action is undertaken.

[114][115] Examples of serious false-positives: On the basis that Norton/Symantec has done this for every one of the last three releases of Pegasus Mail, we can only condemn this product as too flawed to use, and recommend in the strongest terms that our users cease using it in favour of alternative, less buggy anti-virus packages.

[126] However, using a concept called multiscanning, several companies (including G Data Software[127] and Microsoft[128]) have created applications which can run multiple engines concurrently.

[139] In 2008, Eva Chen, CEO of Trend Micro, stated that the anti-virus industry has over-hyped how effective its products are—and so has been misleading customers—for years.

Jerome Segura, a security analyst with ParetoLogic, explained:[145] It's something that they miss a lot of the time because this type of [ransomware virus] comes from sites that use a polymorphism, which means they basically randomize the file they send you and it gets by well-known antivirus products very easily.

The potential success of this involves bypassing the CPU in order to make it much harder for security researchers to analyse the inner workings of such malware.

Rootkits have full administrative access to the computer and are invisible to users and hidden from the list of running processes in the task manager.

[154] In 2014, security researchers discovered that USB devices contain writeable firmware which can be modified with malicious code (dubbed "BadUSB"), which anti-virus software cannot detect or prevent.

[160] Anti-virus software has highly privileged and trusted access to the underlying operating system, which makes it a much more appealing target for remote attacks.

It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there", according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy.

Other solutions can also be employed by users, including Unified Threat Management (UTM), hardware and network firewalls, Cloud-based antivirus and online scanners.

Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure.

Parallel scanning of files using potentially incompatible antivirus scanners is achieved by spawning a virtual machine per detection engine and therefore eliminating any possible issues.

[164][165] Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files.

[170] A rescue disk that is bootable, such as a CD or USB storage device, can be used to run antivirus software outside of the installed operating system in order to remove infections while they are dormant.