How
Secure and Reliable are the Most Used Antivirus against New Malware?
Abstract
Hundreds
of new malware and computer virus sample appear daily. Therefore, it is
imperative for computer users to update their antivirus software regularly. On
the other hand, the antivirus products should not only provide the periodic updates but also detect the imminent threats in
advance through the employment of heuristic and generic techniques. Undeniably,
the latest antivirus scanners provide hourly and daily cloud updates.
Notwithstanding, there are vulnerability timeframes when most of the programs cannot
effectively protect the user. The researcher must conduct an extensive test to
determine the different capabilities of antiviruses such as Kaspersky, Avast,
ESET Bitdefender and Panda and to evaluate the proactive protection or
detection rates within a set timeframe.
Background
A computer virus
refers to a type of malware that randomly replicates itself and infects other
connected systems. It is malicious software mainly designed by black-hat
hackers to damage or otherwise take advantage of a personal computer (PC). Other forms of malware
are spyware and adware that lack the
reproductive ability. Today, the business world is transitioning to complete
dependence on information technology for effectiveness in service delivery. In
particular, the advent of the World Wide Web has led to global
interconnectivity, hence an increase in the spread viruses. Even worse, the absence
of powerful software to guarantee 24-hour
protection accelerates the rate of system damage and loss of valuable data.
Still, dozens of multinational antivirus software manufacturers work hard to
arrest the rising cases of phishing and to restore their client’s confidence.
Although the producers have simplified the use of antivirus software, it is
hard to understate their effect.
More than ever,
the modern computers can detect harmful programs online because most users
access information via the internet. The latest development sharply contrasts the early
1990s when viral attacks were abundant and a new phenomenon. In the
United States, software producers commercialized malware at the dawn of the millennium. Consequently, thousands of
volumes of malicious online programs have disappeared. The latest research indicates
that most of the modern computer infections emanate from untrustworthy
websites, thus calling for the installation of the best anti-malware programs.
On the other
hand, the Antivirus software refers to a computer program that detects,
protects, and removes malware such as
Trojan horses, viruses, and worms. There are multiple brands of antivirus
software, each with unique capabilities and areas of strength. While some
software can scan the system upon request, others automatically run as long as
the user reboots the PC. However, the majority of PC users complain that
antivirus like Avast and Kaspersky slow down the system, especially when
configured poorly. Still, the PC owners should disable the antivirus protection
to improve performance because this will increase the risk of attack.
Technology experts recommend that the system protection should be active at all
time even if the system’s performance rate is slow.
Computer experts
rate Bitdefender as one of the most powerful antivirus software of all times.
Annually, this antivirus firm protects hundreds of millions of business and
home users globally. In fact, the computer user can set his system for
automatic weekly updates and periodic scans. Bitdefender 2015 restores the
system whenever it detects a malicious activity. In addition, it controls the
system registry status, thus can notify the users of any suspicious program. Contrastingly,
Kaspersky ESET 2016 provides an easy and complete protection from internet
threats. Similarly, the Avast 2016 responds fast in the defense against a
variety of malware ad malicious software.
Ideally, the latest version uses a multifaceted security technology that work
harmoniously to identify, detect, and block the attacks as soon as they are
launched. Lastly, Panda 2015 is a recommendable option for Windows 2010. It has
enhanced detection and malware removal capabilities.
How Antivirus Software Works
Software
manufacturers design antivirus programs specifically for the protection of
computer systems. They have two functionality levels. First, they provide
real-time system protection from unauthorized access. Secondly, antivirus scans
the stored files on disks and external computer drives. Moreover, the programs
detect viruses and malware through footprint
and program traits. The footprint technique is common for Bitdefender and Panda
users since it is effective in virus identification. It is a data pattern that
includes file. The aim of this technique is to compare the virus footprint with
a database of virus matches available online or in the cloud. When the program
detects new malware, they are added to
the available catalog for future
reference. The disadvantage of footprint method is that it fails to detect new
viruses, especially during an ongoing update of the virus database and
footprints.
Secondly, the
viruses are detectable through their characteristics. This technique is also
referred to as heuristic scanning because it speculates and monitors the
actions of a suspicious program. Essentially, programs such as Kaspersky
closely monitor the type of computer function calls incorporated in the
executable code. If the call is potentially suspicious, the antivirus flags the
program as a system risk and request for user intervention. Similar to the footprint
technique, this second method is disadvantageous in that the system is
vulnerable to attacks during program update.
Identification Methods
Antivirus engine identifies malware through
several methods:
a.
Sandbox Detection: Sandbox detection is
a behavioral-based technique that virtually executes programs and logs the
program actions rather than detecting the behavioral fingerprint in real time. The
antivirus determines if a software program is malicious or not depending on the
logged actions. If not, the antispyware grants its execution in real time.
b.
Data Mining: the technique was recently
invented. Particularly, data mining is effective in malware and spyware
detection. Together with machine learning algorithms, they classify the file
behavior as benign or malicious. In addition, this virus detection method
outlines a list of file features as extracted from data scan.
Signature-Based Detection
The
signature-based detection technique is appropriate for this experiment because
traditional; antivirus software such as Kaspersky, Panda, and Avast rely on
signatures to reveal viruses and spyware.
Substantially, the arrival of a malware to the antivirus firm account prompts
its analysis through dynamic systems.
Once the malware
researchers determine the file to be a malware, they extract a proper file
signature and add it to the antivirus software’s signature databases.
Undeniably, the signature-based technique easily prevents malware outbreaks
from spreading further and damaging the system.
However, the
modern malware authors stay one step ahead by writing hardly detectable viruses
(metamorphic, polymorphic, and oligotrophic
malware) which modify or encrypt
themselves a disguise to avoid matching virus signatures stored in the
databases and directories.
Heuristics
Notably, the
majority of PC viruses start as a single infection. If undetected at early
stages they mutate or are refined by other sophisticated attackers.
Resultantly, the viruses grow into hundreds with each having a slight variation
(Nachenberg 2015). Therefore, it is possible for a specially designed antivirus
to generically detect system threats and eliminate them using a single viral
definition.
The Vindo
Trojan, for instance, has dozens of family members, depending on the
Kaspersky’s, Avast’s or Panda’s classification. Specifically, Bitdefender
classifies Vundo family members into Trojan.vundo and Trojan.vundo.b. While the identification of a specific virus is
advantageous, the detection of a virus family through heuristic or inexact
signature match is quicker.
Already, virus
researchers concede that all malware of a
family has shared traits, hence can form
a generic signature. Often, such signatures bear a non-contagious code that can
be unearthed using wildcard characters especially in places where the
differences lie. Wildcards such as these allow the scanner to detect malware even if they have additional elusive
codes. Kaspersky and Bitdefender use
heuristic detection for system and internet scans.
Rootkit Detection
The
latest antivirus software can scan rootkits. Rootkits are types of malware designed to gain administrative control
on the PC without detection. They can change the functionality of the operating
system. In other cases, rootkits can tamper with the antivirus software, thus
rendering it ineffective. It is also difficult to remove rootkits, even
requiring a complete operating system re-installation.
Detection of
rootkits is one of the main challenges that Kaspersky and Panda face. The
reason is that rootkits bear total administrative access to the personal
computer. Therefore, they are invisible to system users since they are
automatically hidden from the task manager’s list of running processes.
If a computer
virus infects a file, both Avast and Bitdefender attempt to eliminate the virus
code attached to the file during disinfection. Still, Avast cannot always
restore a file to its original state. In this case, it is only possible to
restore damaged files from shadow copies or existing backups.
Real-Time Protection
According to Kouznetsov
(2014), real-time protection is the automatic protection that most antiviruses
provide. It is also referred to as background guard, on-access scanning, or auto protection. A real-time protection monitors computer system from adware,
spyware, and viruses during internet access, while inserting compact disk, or
when opening the email.
Benefits of Antivirus Protection
An
up-to-date antivirus program guarantees the safety of the computer system from
malicious online attacks, loss of data, and unauthorized access. The software
is the safest measure to stop or eliminate risk and system effects. There are
multiple security levels for personal computers which are dependent on the
package’s cost and particular programs provided by anti-malware vendors. Firstly,
the antivirus thwarts any malware related to computer damage. The latest
versions of Bitdefender, Avast, Kaspersky, and Panda are effective in the
prevention of operating system damage. In addition, they prevent the PC
functionalities from virus intrusion, either online or in the cloud storage.
Besides, the antivirus software maintains the system security through regular
automated updates of the anti-malware
package. Further, it creates a firewall to block malicious hackers from
accessing sensitive data such as bank account records and corporate secrets. Thirdly,
Kaspersky and Panda secure critical data, presentations, photos, files, and
personal data from virus infections and attacks. If a PC lacks an antivirus or
antispyware program, it is easier for hackers to retrieve information without
the owner’s knowledge. However, the installation of powerful programs such as
Kaspersky eliminates the user’s need for costly technical assistance and support.
Experiment
In
this experiment, the researcher includes only new and most prevalent malware.
If heuristic or generic detection technique could not detect the samples, they
were consciously executed to determine if behavior-blocking software features
would halt them. In most cases, I deduced that the behavior blockers could not
protect against all the viruses and unauthorized access but warned of system
changes and the dropped malware components. Therefore, it is hard to count
cases like these as a block. Given that the behavior blockers are effective
during the malware execution, the risk of compromise always lingers, albeit
when a Kaspersky, Bitdefender, or Avast claims have blocked or eliminated a
threat. In light of this, it is preferable that
the virus is detected prior to its execution, for instance by on-access
Avast scanner using heuristics. In fact, behavior blockers are complementary to
other security product features like multi-layer protection rather than
replacements.
Technically,
the test employs the use of cloud services. However, in the required time for
the procedure, chances are that the cloud services or vendor’s signatures would
blacklist nearly all the samples, implying that the outcome is non-reflective
of the real proactive protection. In prior experiments, it was clear that the
use of cloud services in scanning for malware
can take days or weeks. However, the antivirus technology advances at a rapid
pace, thus the use of the latest version of Kaspersky, ESET, Avast, and Panda
enables the detection of elusive malware.
Notably, the Kaspersky2016 antivirus version is highly dependent on the cloud
services. Nevertheless, it is worth noting that the company policies disable
cloud connections in most corporate environments and other product features
have to provide for the detection of latest malware.
Essentially, cloud features are economically convenient for antivirus software
vendors since they allow for the processing and collection of significant
amounts of metadata. Nonetheless, they are reliant on blacklisting of
identifiable malware. For example, if a
file is anonymous, the cloud can hardly determine if it is malicious or good.
False Alarm Test
The false alarm
test is taken into account to improve the evaluation of proactive detection
capabilities. A false positive (or false alarm) occurs when an antivirus
mistakenly flags an innocent file as containing a malware or is a virus. At
times, false alarms are as troublesome as real infections. When conducting an
antivirus testing, it is imperative to measure both reliability and detection
capabilities. One of the reliability aspects is the recognition of clean files
and non-production of false alarms. No antivirus is immune from false
positives, but some produce less in comparison to others. One of the goals of
this experiment is to determine the number of false alarms that each antivirus
produces after file scan. Given the tediousness of the test, the researcher
cannot completely collect the legitimate files in the in their current form,
thus the false positive test is inconclusive. What can be reasonably done,
however, is to form and utilize a clean files set which is collected.
At the time of
testing, the researcher encountered all listed false positives. Indeed,
unencrypted data blocks cause false alarms in antivirus related files.
Additionally, if the anti-malware program indicates that one software
containing several false alarms, it is countable as a single alarm. Moreover,
Keygens and cracks shared or distributed primarily by antivirus developers are
uncountable as false positives.
In most
instances, false alarms fall into level 1 or level 2. Notwithstanding, I am
convinced that all anti-malware products must not bear any type of false alarm
in spite of the number of users affected. Truly, most vendors play up the
malware risk and neglect the danger of false alarms. An antivirus that uses third party signature has more or less false
positives than a licensed engine.
Table 1.1 Panda had 3 false alarms
Table 1.2: Bitdefender had 9 alarms
Table 1.3: Kaspersky Lab 2016 had 9 false alarms
Table 1.4: Avast 2016 had 14 false alarms
Table 1.5: ESET 2016 had 1 false alarm
|
1false alarm
|
ESET
|
|
A few false alarm
|
Bitdefender, Kaspersky 2016, Panda
|
|
More than 10 false alarms
|
Avast
|
Table 1.6: Summary
Experiment Results
The graph1.0 indicates
the proactive protection capabilities of numerous antivirus products. Not only
does the graph consider the false alarm rates but also the rates of protection
against the latest malware.
Key:
Yellow---user dependent
Green-----Protected or blocked
Red------compromised or not blocked
The blue line shows MSE (Microsoft Security
Essentials)
Graph 1.2: Experiment Results
The experiment
results in graph 2.1 indicate the proactive (behavioral/heuristic)
protection capabilities of numerous antiviruses against the latest malware. The researcher rounded the percentages
to the nearest 1. In addition, the table 1.7 below depicts how the antimalware perform when combined with cloud
connection and updated signatures against prevalent malware and spyware files.
A careful analysis of this table gives a PC user a chance the ideal product for
use according to the work environment. For instance, the laptop owners worried
about flash drive infection during offline connection should pay a keen
attention to the outcomes in this table.
|
|
Blocked Malware
|
User Dependent[1]
|
Compromised
|
PRP (Proactive Rate of Protection)
|
FP (False Alarms)
|
Cluster
|
|
Bitdefender
|
1448
|
-
|
15
|
99
|
few
|
1
|
|
Kaspersky 2016
|
1343
|
-
|
120
|
93
|
few
|
1
|
|
ESET
|
1253
|
-
|
210
|
86
|
many
|
1
|
|
Avast
|
985
|
-
|
478
|
67
|
Very many
|
2
|
|
Panda
|
1422
|
-
|
211
|
92
|
few
|
1
|
Table 1.7: Proactive Protection Outcome
Bitdefender
From the results
in table 1.7, it is clear that Bitdefender tops the list in 2016 due to its
ability to keep the PC safe from malware and spyware harm. Particularly,
Bitdefender detects internet security breach and eliminates the malicious
penetration before warning the user. It is especially recommendable for use in
social media, email service and offline connections with USB drives since it
guarantees full security. Most technology experts admit that Bitdefender is the
best cyber safety available because it keeps PC owner safe from computer
security, malware, and virus concerns.
Given that this product has passed lab tests annually, it has exceeded
expectations of the most pessimistic researchers. In addition, the user of this
security product can seamlessly execute it in
the background without compromising the PC’s speed and performance. Besides its
excellent phishing protection, its virtualized browser is isolated from the
operating system to block security threats. Bitdefender can also filter spam
accurately as shown in the experiment. Furthermore, it comes with a wider range
of anti-malware protection tools as compared to Avast and other antiviruses.
On a negative
note, the Bitdefender’s manufacturer has limited the user’s password
management. Besides, not only is it difficult to install the product on
malware-infested systems but also the firewall default settings omits some
protection privileges. Lastly, the installation of this antispyware program
implies a longer shutdown and boot time.
Kaspersky
Kaspersky
ranks second in the table due to its excellent results in the experiment. Some
of its areas of strength include a sustained computer performance and
protection. Therefore, the client will
confidently access the internet and utilize computer tools without the fear of
data loss or malicious attack. Notably, the product has one of the most
effective software removal tools, particularly for windows PC. Additionally, it
bears a system watcher tool that detects risky behavior, thus allowing the user
to roll back potentially malicious activities. Further, Kaspersky’s automatic
exploit prevention controls, restricts, and analyzes the behavior and actions
of PC applications to prevent exploitation of vulnerabilities. Besides stopping
more than 90% of undiscovered attacks, this software can work in the background
and offer real-time system protection.
However, the
experiment reveals that the installation of Kaspersky slows the speed of virus
scan. Secondly, it is ineffective for use in the social media because of the
relatively low rates of detection when compared with Bitdefender and Eset.
Panda
Panda allows the
users to freely share threat information for real-time protection. The product strives for superior system
protection with minimal impact on the PC. For example, the latest version has
multiple useful tools to guarantee the data safety both offline and online. In
fact, Panda should have topped the list were it not for its provision of email
and installation protection only. Others such as Bitdefender and Kaspersky have
numerous tools and provide an extensive range of security services.
There are
numerous merits of Panda antivirus. First, its collective intelligence
capability allows optimum protection while the PC is minimally impacted. Second,
it is the browser that exploits the protection rather than the product’s
designer. Third, not only does Panda guarantee real time protection but also
automated data leverage. Lastly, it automatically detects and scans USB devices
even if the system is offline.
Avast software
is freely available to internet subscribers. Avast Pro 2016 rivals Bitdefender
and Kaspersky because it has numerous useful security tools. Regardless of the
type of operating system used by PC owner, Avast runs seamlessly in the background without a detectable compromise on other programs or
system’s performance. It is one of the most used security utility with more
than 210 million active clients globally. The free Apple Mac version has email
and file system protection. Besides, it can protect against infected online
platforms through drag-and-drop file scanning technique. Avast has a registry
startup protection and streams real-time virus database information and updates
for online users. Its auto-sandbox feature allows PC owners to confidently run
untrusted programs without fearing malicious intrusion or system harm. Additionally,
the WebRep feature (available only in the 2016 versions).
Most of Avast’s disadvantages are linkable to
their advertisement strategy. For instance, IT experts agree that the
manufacturer is too pushy especially when encouraging their clients to upgrade
to new versions. Furthermore, the designer provides automatic updates at times
when the user requires full bandwidth. Lastly, the free security utility pops
up annoying advertisements trying to sell Avast products to clients.
ESET
ESET is one of
the most expensive antivirus protection software, but it compensates this by
offering a wider array of system protection utilities and tools. It is the
first antivirus to employ ThreatSense technology in eliminating Trojans,
viruses, rootkits and worms. Clearly, ESET is light and fast performing
software where the browser exploits protection. Essentially, it has a
cloud-enhanced whitelisting system for faster protection. Besides, the program
comes with a social media scanner to fulfill the need of the modern internet
users. Still, its interface is non-user friendly as compared to Avast. Besides,
it registers high false positives (FP) with each scan. Lastly, it lacks
in-depth scanning technology.
Drawbacks of Antivirus
The first
drawback of antiviruses is that they impact the system’s performance. In
addition, hackers and antivirus designers lure the amateur computer users into
a false sense of security when using their PCs. Consequently, they consider
themselves invulnerable, hence can develop problems in understanding decisions
and prompts that the product presents them with. If they make wrong choices the
malicious hackers will breach their security. In light of this, it is
recommendable that the antiviruses that mainly use heuristic detection should
be fine-tuned to minimize misidentification of harmless programs as malicious.
In summary, it
is clear that different antivirus
programs are used to protect the PCs from malicious and viral attacks. Each
product has strengths and weaknesses depending on the level of performance and
the number of false alarms, and system tools. Albeit, all the antivirus
programs analyzed in the experiment have a unique ability to prevent
unauthorized system intrusion. Still, some programs such as Bitdefender and
Kaspersky are powerful and offer high quality of protection. Some of the ways
that antiviruses use to detect malware
include signature-based detection, data mining, and rootkit detection. However,
the majority of the anti-malware programs
employ heuristics to reveal hidden codes attached to genuine system software. Essentially,
a combination of heuristics and signature-based detection methods leads to the
detection of false alarms from distinct anti-viruses. In this way, the
researcher can rank the listed products as per their effectiveness. I suggest
that the future antivirus firms should adopt Avast’s strategy by eliminating
the monthly subscription costs. In addition, their products should target the
social media sites since an increasing number of young internet users access
Facebook, Twitter, and Instagram daily. Consequently, such sites have become a
target for hackers. Lastly, the manufacturers should minimize pop-up adverts to
simplify the user interface.
Some of the
alternative methods of protecting computers against malware include the installation of network and hardware firewall,
Unified Threat Management, online scanners, and cloud-based
antivirus. Active network firewalls inhibit unknown processes and programs from
accessing the computer system. However, they fall short of removing them. Cloud-based antivirus employs lightweight agent program on a system while providing
useful feedback to the user. It is possible for a client to use various
scanners at the same time for optimum effectiveness. On the other hand, other
software vendors such as Avast Inc maintain free online platforms for users to
scan their PCs completely. Periodically, all internet users should use online
scanning tools because the offline antiviruses may fail to detect the latest malware.
References
Kouznetsov, V. (2015). U.S. Patent No. 6,973,577.
Washington, DC: U.S. Patent and Trademark Office.
Nachenberg, C. S. (2015). U.S. Patent No. 6,357,008.
Washington, DC: U.S. Patent and Trademark Office.
[1] I gave half credit for user dependent caser. For instance if an
antivirus blocks 85% of malware without the assistance of windows defender,
plus a 15 % user-dependence, I give it 93% (85%+ {15%x0.5}).
No comments:
Post a Comment