Your browser is obsolete!

The page may not load correctly.

The workshop


Other issues in this category (38)
  • add to favourites
    Add to Bookmarks

An anti-virus is a complex organism

Read: 2278 Comments: 1 Rating: 44

Monday, July 18, 2016

It’s a seemingly simple question: What does an anti-virus use to catch viruses? Most people, including IT professionals, would say it’s the anti-virus engine, and they’d be wrong!

It’s a total myth that all of an anti-virus’s capabilities are incorporated into its engine.

As a consequence of this misconception:

  • People are overly interested in all kinds of anti-virus tests;
  • They also believe that it’s enough to buy an antivirus-only license to protect their computer.

However, a modern anti-virus solution is much more complex and far more interesting.

First and foremost, it is important to understand that the anti-virus engine and virus database play a passive role in a computer’s defence system. Indeed, the engine is an anti-virus's brain, its principal organ. However, the brain will only process the information it receives. A human brain receives information from the eyes, ears, skin, etc.— the sensory organs. The brain analyses information and generates an impulse for action.

An anti-virus exposes malware using (among other things) the definitions in its virus databases—in aggregate, they contain all sorts of information about malware, including information that helps the anti-virus detect programs similar to those it already knows.

Therefore, the various components responsible for intercepting malicious or suspicious activities are the crucial protection components. Without the anti-virus’s “eyes”, “ears” and other senses, even the most powerful “brain” (the engine) can't send timely instructions to the body (the anti-virus application) to neutralise a threat.

Let's take a look at a couple of these components, which have been introduced into Dr.Web 11 for Windows:

  • Dr.Web HyperVisor runs on a lower level along with the drivers which enables it to maintain control over all the programs and processes. This component also makes sure that no malware gains control over the Dr.Web-protected system.
  • Dr.Web ShellGuard analyses running processes in the protected system and can expose malicious code even if it doesn't manifest itself beyond a process that has been affected and compromised by malware. It thwarts any attempts made to exploit both known and unknown vulnerabilities.

No matter how good an anti-virus engine is, without the help of similar technologies, it won't be of much use. For example, during testing an anti-virus demonstrated an excellent knowledge of all the samples lying quietly as a collection on a disk. But no one knows whether it will detect those samples if they are running!

That's why, for over twenty years, the anti-virus companies that have created their own technologies rather than buy them from others have remained the undisputed leaders in the detection and neutralisation of the most current, active threats.

#anti-virus, #technologies

The Anti-virus Times recommends

When selecting an anti-virus, pay attention to how long the company has been operating in the market and whether it uses its own anti-virus technologies. Creating and perfecting technologies of this kind takes many years. Trust the products that have withstood the test of time!


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.