Which antivirus to choose, which one works better and faster? These and many other questions arise before
Signature analysis
The very first function that appeared inantivirus and is still the main one, it is scanning files for threats. Let's take a look at what a threat is and how an antivirus scanner can detect it.
A virus is malware that canexist separately or be attached to another program. Any program, first of all, is a code, i.e. sequence of characters. A signature is a kind of squeeze out of the program code, which is entered into the anti-virus database. A virus is considered found as soon as the scanner detects a signature in any file.
It turns out that the more signatures there are in the databaseantivirus data, the better it is? All antiviruses (except for a certain type of antivirus) use their own signature database, and the more current viruses there are, the better.
But, if antiviruses store everything in the databasesignatures, it will grow to an unprecedented scale, and scanning for viruses will slow down the computer so that it will simply become impossible to work on it. Therefore, antivirus developers select signatures based on their relevance to the current operating system.
</ img>
Heuristic analysis
The next stage in the development of antiviruses washeuristic, i.e. smart, analysis. In the course of studying the code of various viruses, it turned out that hundreds of different viruses were created to perform a similar task, and they do it using the same commands in programming languages.
Experience-based heuristic analysisold viruses, tries to detect new viruses that are missing from the database. This is such an efficient analysis that you no longer need to store thousands of old signatures, because these old viruses are detected by the heuristic analyzer.
You can even say more by signature basesthe least threats are detected, the heuristic analysis takes the bulk of the load. True, if the lion's share of the viruses detected by the smart algorithm had not been known earlier, the result would have been much more modest, but still.
New types of antiviruses are even starting to appear,which do not have a signature database at all, and they work only on the basis of heuristic analysis. But, probably, this is the technology of the future, but for now, popular antiviruses use signatures and heuristic analysis at the same time, and such a "combo" improves the quality of scanning.
As you might guess, the heuristic algorithmthe analysis for different antiviruses works very similarly. Everyone has it, but the better the algorithm, the higher the quality of the antivirus in general. In the cons of heuristic analysis, you can write down false positives, and I think you have heard about them more than once.
This is when the antivirus reports what is in the programa virus was found, but in fact the virus is not there, it just "seemed". This happens because program commands can be used not only to cause harm, but also as part of the program's functionality, for example, to delete system files.
Usually, all patches, "cracks" and "drugs" forlicensed programs, antiviruses are considered viruses, tk. they interfere with the contents of executable files, which is how a virus is introduced into the bodies of other programs.
Search for potentially dangerous programs
Antivirus developers decided to evolvefurther, and apart from viruses, a separate type of program was identified - potentially dangerous (PUP). These are programs that perform the functions assigned to them, as well as something "marked in small print." That is, it is not a virus, but the actions of the program may "surprise" you.
For example, a program might installextensions and toolbars in browsers and office programs without the user's permission. What are the sensational Mail.ru and Yandex bars. Also, other programs can be downloaded and installed, such as a new browser, and advertisements can be displayed.
Potentially dangerous program can changehome page in all your browsers and thoroughly settle in all sections of Windows startup. All this would be half a trouble if it were not for the fact that PUP is difficult to remove from the operating system.
Regular uninstallation via "Install and uninstallprograms ”removes the program, but traces of its work remain. After cleaning some part of the unwanted program, the remaining code will revert everything back. The most interesting thing is that sometimes it is not at all clear how to return the corrupted parameters of the operating system. In some cases, rolling back to a working system restore point helps, and in others, only reinstalling the OS helps.
Therefore, antiviruses offered the option to detectpotentially dangerous software. The disadvantage in this method is the same as in the heuristic analysis - false positives. The response may not be false, but you really need the program. In such cases, the program is easily added to the exceptions.
Different antiviruses use a similar algorithm for detecting potentially unwanted programs. Some antivirus will have it more sensitive, while others will have it less sensitive.
Antivirus functionality
Antiviruses vary greatly in type:scanners and resident programs. Scanners can scan your hard drive for threats, and they do it well. But scanners only work at user request and on schedule.
The scanner can find an already infected program, butcannot prevent infection, because just can't. These antiviruses are useful for disinfecting an infected computer, for example, by booting from a USB flash drive.
The second type is memory resident antivirusprograms. Resident antivirus resides in the computer's RAM and monitors running programs, processes and new / changed files on disks. As soon as the virus appears, for example, with the help of some vulnerabilities in Intel processors, the antivirus will detect and neutralize it, preventing the infection of the OS and further multiplication of the virus. All the usual popular antiviruses are resident.
</ img>
Resident antiviruses also differ infunctional, and the main significant difference is the ability to catch threats from the Internet on the fly, i.e. on sites in the browser. As a rule, free antiviruses have limited web protection capabilities, but otherwise very good, here is a list of reliable free antiviruses handpicked by professionals. Paid antiviruses provide complete protection.
Which antivirus is the most correct
Alas, there is no definite answer to this question.If you look at the ratings of antiviruses from independent testing laboratories in terms of such indicators as the effectiveness of antivirus protection, performance, updatability, user-friendliness of the interface, etc., it turns out that all popular antiviruses go hand in hand.
Preferences come firstuser, what functionality he needs. Gone are the days when Kaspersky slowed down the system so much that Windows just hung up and Avira mercilessly glitched. Antiviruses have entered a new stage, combed their hair and are ready to keep order in the operating system.
The capacities, even of budgetary ones, of desktop systems have also grown, incl. the difference in the performance of antiviruses can only be noticed in specially conducted tests.
Someone wants to have an antivirus with advancedfirewall settings, and someone needs a fast built-in VPN. Another antivirus will offer a convenient built-in password manager, or simply pause protection in two clicks. Antiviruses today compete more in additional functionality than in basic.