INTRODUCTION
We live at the turn of two millennia, when humanity has entered the era of a new scientific and technological revolution.
By the end of the twentieth century, people had mastered many of the secrets of the transformation of matter and energy and were able to use this knowledge to improve their lives. But besides matter and energy, another component plays a huge role in human life - information. This is a wide variety of information, messages, news, knowledge, skills.
In the middle of our century, special devices appeared - computers, focused on storing and converting information, and the computer revolution took place.
Today, the widespread use of personal computers, unfortunately, has turned out to be associated with the emergence of self-replicating virus programs that interfere with the normal operation of the computer, destroy the file structure of disks and damage the information stored on the computer.
Despite the laws adopted in many countries to combat computer crimes and the development of special software protection against viruses, the number of new software viruses is constantly growing. This requires the user of a personal computer to have knowledge about the nature of viruses, methods of infection by viruses and protection against them. This was the impetus for choosing the topic of my work.
This is exactly what I talk about in my essay. I show the main types of viruses, consider the patterns of their functioning, the reasons for their appearance and ways of penetrating into a computer, and also offer protection and prevention measures.
The purpose of the work is to familiarize the user with the basics of computer virology, teach how to detect viruses and fight them. Method of work - analysis of printed publications on this topic. I was faced with a difficult task - to talk about something that has been studied very little, and how it turned out is up to you to judge.
1. COMPUTER VIRUSES AND THEIR PROPERTIES AND CLASSIFICATION
1.1. Properties of computer viruses
Now applied personal computers, in which the user has free access to all machine resources. This is what opened up the possibility of a danger that became known as a computer virus.
What is a computer virus? A formal definition of this concept has not yet been invented, and there are serious doubts that it can be given at all. Numerous attempts to provide a “modern” definition of the virus have failed. To get a sense of the complexity of the problem, try, for example, to define the concept of “editor”. You will either come up with something very general, or you will start listing all the known types of editors. Both can hardly be considered acceptable. Therefore, we will limit ourselves to considering some properties of computer viruses that allow us to talk about them as a certain class of programs.
First of all, a virus is a program. Such a simple statement in itself can dispel many legends about the extraordinary capabilities of computer viruses. A virus can flip the image on your monitor, but it cannot flip the monitor itself. Legends about killer viruses “destroying operators by displaying a deadly color scheme on the screen in the 25th frame” should also not be taken seriously. Unfortunately, some reputable publications from time to time publish “the latest news from the computer front,” which, upon closer examination, turn out to be the result of a not entirely clear understanding of the subject.
A virus is a program that has the ability to reproduce itself. This ability is the only means inherent in all types of viruses. But not only viruses are capable of self-replication. Any operating system and many other programs are capable of creating their own copies. Copies of the virus not only do not have to completely coincide with the original, but may not coincide with it at all!
A virus cannot exist in “complete isolation”: today it is impossible to imagine a virus that does not use the code of other programs, information about file structure or even just the names of other programs. The reason is clear: the virus must somehow ensure that control is transferred to itself.
1.2. Classification of viruses
Currently, more than 5,000 software viruses are known, they can be classified according to the following criteria:
¨ habitat
¨ method of contamination of the habitat
¨ influence
¨ features of the algorithm
Depending on their habitat, viruses can be divided into network, file, boot, and file-boot viruses. Network viruses spread across various computer networks. File viruses are embedded mainly in executable modules, i.e., in files with COM and EXE extensions. File viruses can be embedded in other types of files, but, as a rule, written in such files, they never receive control and, therefore, lose the ability to reproduce. Boot viruses are embedded in the boot sector of the disk (Boot sector) or in the sector containing the boot program system disk(Master Boot Re-
cord). File-boot Viruses infect both files and boot sectors of disks.
Based on the method of infection, viruses are divided into resident and non-resident. Resident virus when the computer becomes infected (infected), it leaves random access memory its resident part, which then intercepts the operating system’s access to infection objects (files, boot sectors of disks, etc.) and injects itself into them. Resident viruses reside in memory and are active until the computer is turned off or rebooted. Non-resident viruses do not infect the computer’s memory and are active for a limited time.
Based on the degree of impact, viruses can be divided into the following types:
¨ non-hazardous, which do not interfere with the operation of the computer, but reduce the amount of free RAM and disk memory, the actions of such viruses are manifested in some graphic or sound effects
¨ dangerous viruses that can lead to various problems with your computer
¨ very dangerous, the impact of which can lead to loss of programs, destruction of data, and erasure of information in system areas of the disk.
2. MAIN TYPES OF VIRUSES AND THEIR FUNCTIONING SCHEME
Among the variety of viruses, the following main groups can be distinguished:
¨ boot
¨ file
¨ file-boot
Now let's take a closer look at each of these groups.
2.1. Boot viruses
Let's look at the operation of a very simple boot virus that infects floppy disks. We will deliberately bypass all the numerous subtleties that would inevitably be encountered during a strict analysis of the algorithm of its functioning.
What happens when you turn on your computer? First of all, control is transferred program bootstrap , which is stored in a read-only memory (ROM) i.e. PNZ ROM.
This program tests the hardware and, if the tests are successful, tries to find the floppy disk in drive A:
Every floppy disk is marked with the so-called. sectors and tracks. Sectors are combined into clusters, but this is not significant for us.
Among the sectors there are several service ones, used by the operating system for its own needs (these sectors cannot contain your data). Among the service sectors, we are currently interested in one - the so-called. boot sector(boot-sector).
The boot sector stores floppy disk information- number of surfaces, number of tracks, number of sectors, etc. But now we are not interested in this information, but in small bootstrap program(PNZ), which must load the operating system itself and transfer control to it.
So the normal bootstrap scheme is as follows:
PNZ (ROM) - PNZ (disk) - SYSTEM
Now let's look at the virus. Boot viruses have two parts - the so-called. head etc. tail. The tail, generally speaking, can be empty.
Suppose you have a clean floppy disk and an infected computer, by which we mean a computer with an active resident virus. As soon as this virus detects that a suitable victim has appeared in the drive - in our case, a floppy disk that is not write-protected and has not yet been infected, it begins to infect. When infecting a floppy disk, the virus performs the following actions:
Selects a certain area of the disk and marks it as inaccessible to the operating system, this can be done in different ways, in the simplest and traditional case, sectors occupied by the virus are marked as bad (bad)
Copies its tail and the original (healthy) boot sector to the selected area of the disk
Classification.
Antivirus products can be classified according to several criteria, such as: the antivirus protection technologies used, product functionality, and target platforms.
According to the anti-virus protection technologies used:
- Classic antivirus products (products that use only the signature detection method)
- Proactive antivirus protection products (products that use only proactive antivirus protection technologies);
- Combined products (products using both classic, signature-based protection methods and proactive ones)
By product functionality:
- Antivirus products (products that provide only antivirus protection)
- Combination products (products that provide more than just protection against malware, but also spam filtering, encryption and data backup and other functions)
By target platform:
- Antivirus products for Windows operating systems
- Anti-virus products for *NIX operating systems (this family includes BSD, Linux, etc.)
- Antivirus products for the MacOS family of operating systems
- Antivirus products for mobile platforms ( Windows Mobile, Symbian, iOS, BlackBerry, Android, Windows Phone 7, etc.)
Antivirus products for corporate users can also be classified by protection objects:
- Antivirus products to protect workstations
- Antivirus products to protect file and terminal servers
- Antivirus products to protect email and Internet gateways
- Antivirus products to protect virtualization servers
- etc.
Characteristics of antivirus programs.
Anti-virus programs are divided into: detector programs, doctor programs, auditor programs, filter programs, vaccine programs.
Detector programs search for and detect viruses in RAM and external media, and when detected, issue a corresponding message. There are universal and specialized detectors.
Universal detectors in their work use checking the immutability of files by counting and comparing with a checksum standard. The disadvantage of universal detectors is associated with the inability to determine the causes of file corruption.
Specialized detectors search for known viruses by their signature (a repeated section of code). The disadvantage of such detectors is that they are unable to detect all known viruses.
A detector that can detect multiple viruses is called a polydetector.
The disadvantage of such antivirus programs is that they can only find viruses that are known to the developers of such programs.
Doctor programs (phages) not only find files infected with viruses, but also “treat” them, i.e. remove the body of the virus program from the file, returning the files to the initial state. At the beginning of their work, phages search for viruses in RAM, destroying them, and only then proceed to “cleaning” files. Among the phages, polyphages are distinguished, i.e. Doctor programs designed to search and destroy a large number of viruses.
Considering that new viruses are constantly appearing, detector programs and doctor programs quickly become outdated, and regular updates of their versions are required.
Audit programs are among the most reliable means of protection against viruses. Auditors remember the initial state of programs, directories and system areas of the disk when the computer is not infected with a virus, and then periodically or at the user’s request compare the current state with the original one. Detected changes are displayed on the video monitor screen. As a rule, comparison of states is carried out immediately after loading the operating system. When comparing, the file length, cyclic control code (file checksum), date and time of modification, and other parameters are checked.
Auditor programs have fairly developed algorithms, detect stealth viruses and can even distinguish changes in the version of the program being checked from changes made by the virus.
Filter programs (watchmen) are small resident programs designed to detect suspicious actions during computer operation, characteristic of viruses. Such actions may be:
Attempts to correct files with COM and EXE extensions;
Changing file attributes;
Direct writing to disk at absolute address;
When any program tries to perform the specified actions, the “watchman” sends a message to the user and offers to prohibit or allow the corresponding action. Filter programs are very useful because they are able to detect a virus at the earliest stage of its existence before replication. However, they do not “clean” files and disks. To destroy viruses, you need to use other programs, such as phages. The disadvantages of watchdog programs include their “intrusiveness” (for example, they constantly issue a warning about any attempt to copy an executable file), as well as possible conflicts with other software.
Vaccines (immunizers) are resident programs that prevent files from becoming infected. Vaccines are used if there are no doctor programs that “treat” this virus. Vaccination is possible only against known viruses. The vaccine modifies the program or disk in such a way that it does not affect its operation, and the virus will perceive it as infected and therefore will not take root. Currently, vaccine programs have limited use.
A significant disadvantage of such programs is their limited ability to prevent infection from a large number of different viruses.
Examples of antivirus programs
When choosing an antivirus program, it is necessary to take into account not only the percentage of virus detection, but also the ability to detect new viruses, the number of viruses in the antivirus database, the frequency of its updates, and the presence of additional functions.
Currently, a serious antivirus should be able to recognize at least 25,000 viruses. This does not mean that they are all “free”. In fact, most of them have either ceased to exist or are in laboratories and are not distributed. In reality, you can find 200-300 viruses, and only a few dozen of them pose a danger.
There are many antivirus programs. Let's look at the most famous of them.
Norton AntiVirus 4.0 and 5.0 (manufacturer: Symantec).
One of the most famous and popular antiviruses. The percentage of virus recognition is very high (close to 100%). The program uses a mechanism that allows you to recognize new unknown viruses.
Norton AntiVirus's interface includes a LiveUpdate feature that allows you to update both the program and a set of virus signatures via the Web with the click of a single button. The Anti-Virus Wizard provides detailed information about the detected virus, and also gives you the choice to remove the virus either automatically or more carefully, through a step-by-step procedure that allows you to see each step performed during the removal process.
Anti-virus databases are updated very often (sometimes updates appear several times a week). There is a resident monitor.
The disadvantage of this program is the complexity of setup (although basic settings changes are practically not required).
Dr Solomon's AntiVirus (manufacturer: Dr Solomon's Software).
Considered one of the most best antiviruses(Eugene Kaspersky once said that this is the only competitor to his AVP). Detects almost 100% of known and new viruses. A large number of functions, scanner, monitor, heuristics and everything you need to successfully resist viruses.
McAfee VirusScan (manufacturer: "McAfee Associates")
This is one of the most famous antivirus packages. It removes viruses very well, but VirusScan is worse than other packages in detecting new varieties of file viruses. It installs quickly and easily using default settings, but can be customized to suit your needs. You can scan all files or just software files, or extend the scanning procedure to compressed files or not. It has many functions for working with the Internet.
.Dr.Web (manufacturer: Dialogue Science)
Popular domestic antivirus. It recognizes viruses well, but its database contains much fewer of them than other anti-virus programs.
Antiviral Toolkit Pro (manufacturer: Kaspersky Lab).
This antivirus is recognized throughout the world as one of the most reliable. Despite its ease of use, it has all the necessary arsenal to fight viruses. Heuristic mechanism, redundant scanning, scanning of archives and packed files - this is not a complete list of its capabilities.
Kaspersky Lab closely monitors the emergence of new viruses and releases updates in a timely manner antivirus databases. There is a resident monitor to monitor executable files.
Evgeny Kaspersky in 1992 used the following classification of antiviruses depending on their operating principle (determining functionality):
Ø Scanners (outdated version - “polyphages”, “detectors”) - determine the presence of a virus using a signature database that stores signatures (or their checksums) of viruses. Their effectiveness is determined by the relevance of the virus database and the presence of a heuristic analyzer.
Ø Auditors (class close to IDS) - remember state file system, which makes it possible to analyze changes in the future.
Ø Watchmen (resident monitors or filters ) - monitor potentially dangerous operations, issuing the user an appropriate request to allow/prohibit the operation.
Ø Vaccines (immunizers ) - change the grafted file in such a way that the virus against which the graft is being given already considers the file infected. In modern conditions, when the number of possible viruses is measured in hundreds of thousands, this approach is not applicable.
Modern antiviruses combine all of the above functions.
Antiviruses can also be divided into:
Products for home users:
Actually antiviruses;
Combined products (for example, antispam, firewall, anti-rootkit, etc. are added to the classic antivirus);
Corporate Products:
Server antiviruses;
Antiviruses on workstations (“endpoint”).
Sharing antivirus programs gives good results, as they complement each other well:
Data coming from external sources is verified detector program. If you forgot to check this data and an infected program was launched, it can be caught by a guard program. True, in both cases, viruses known to these antivirus programs are reliably detected. This accounts for no more than 80-90% of cases.
- watchman can even detect unknown viruses if they behave very arrogantly (trying to format HDD or make changes to system files). But some viruses can bypass such control.
If the virus was not detected by a detector or guard, then the results of its activity will be detected program - auditor.
As a rule, watchdog programs should run on the computer constantly, detectors should be used to check data coming from external sources (files and floppy disks), and auditors should be launched once a day to identify and analyze changes on disks. All this must be combined with regular data backups and the use of preventative measures to reduce the likelihood of contracting a virus.
Any antivirus program “slows down” the computer’s operation, but is a reliable remedy against the harmful effects of viruses.
False antiviruses (false antiviruses).
In 2009, various antivirus manufacturers began to report the widespread use of a new type of antivirus - false antiviruses or rogueware. In fact, these programs are either not antiviruses at all (that is, they are not able to fight malware) or are even viruses (they steal credit card data, etc.).
Fake antiviruses are used to extort money from users through deception. One of the ways to infect a PC with a false antivirus is as follows. The user ends up on an “infected” site, which gives him a warning message like: “A virus has been detected on your computer.” After which the user is prompted to download free program(false antivirus) to remove the virus. After installation, the false antivirus scans the PC and supposedly detects a lot of viruses on the computer. To remove malware, a fake antivirus offers to buy a paid version of the program. The shocked user pays (amounts from $50 to $80) and the fake antivirus cleans the PC of non-existent viruses.
Antiviruses on SIM, flash cards and USB devices
Mobile phones produced today have a wide range of interfaces and data transfer capabilities. Consumers should carefully review protection methods before connecting any small devices.
Protection methods such as hardware, possibly antiviruses on USB devices or on SIM, are more suitable for consumers mobile phones. A technical assessment and review of how to install an antivirus program on a cellular mobile phone should be considered a scanning process that may affect others legal applications on this phone.
Antivirus programs on SIM with antivirus built into a small memory area provide anti-malware/virus protection while protecting the phone user's PIN and information. Antiviruses on flash cards give the user the ability to exchange information and use these products with various hardware devices, as well as send this data to other devices using various communication channels.
Antiviruses, mobile devices and innovative solutions
In the future, it is possible that mobile phones will be infected with a virus. More and more developers in this area are offering antivirus programs to fight viruses and protect mobile phones. IN mobile devices There are the following types of virus control:
– processor limitations;
– memory limitation;
– identifying and updating the signatures of these mobile devices.
Conclusion: Antivirus program (antivirus) - initially a program for detecting and treating malicious objects or infected files, as well as for prevention - preventing infection of a file or operating system malicious code. Depending on the principle of operation of anti-virus programs, there is the following classification of anti-viruses: scanners (outdated version - “polyphages”, “detectors”); auditors (class close to IDS); watchmen (resident monitors or filters); vaccines (immunizers).
CONCLUSION
Achievements in computer technologies in recent years have not only contributed to the development of the economy, trade and communications; ensured effective information exchange, but also provided unique tools to persons committing computer crimes. The more intensive the computerization process is, the more real the growth of computer crime becomes, and modern society not only feels the economic consequences of computer crimes, but also becomes increasingly dependent on computerization. All of these aspects oblige us to pay more and more attention to the protection of information, further development legislative framework in area information security. The entire range of measures should be reduced to the protection of state information resources; to the regulation of relations arising during the formation and use of information resources; creation and use information technologies; protection of information and rights of subjects participating in information processes; as well as defining the basic concepts used in legislation.
Associate Professor of the Department of Organization of Security and Convoying in the Penitentiary System
Candidate of Technical Sciences
Lieutenant Colonel of the Internal Service V.G. Zarubsky
The most popular and effective antivirus programs are antivirus scanners and CRC scanners (auditors). There are also antivirus blockers and immunizers.
Scanners. The operating principle of anti-virus scanners is based on checking files, sectors and system memory and searching for known and new (unknown to the scanner) viruses. To search for known viruses, so-called “masks” are used. The mask of a virus is some constant sequence of code specific to this particular virus. If the virus does not contain a permanent mask or the length of this mask is not long enough, then other methods are used. An example of such a method is an algorithmic language that describes everything possible options code that may occur when infected with a virus of this type. This approach is used by some antiviruses to detect polymorphic viruses.
Many scanners also use “heuristic scanning” algorithms, i.e. analyzing the sequence of commands in the object being scanned, collecting some statistics and making a decision for each object being scanned. Because the heuristic scanning is a largely probabilistic method of searching for viruses, then many laws of probability theory apply to it. For example, the higher the percentage of detected viruses, the higher the number of false positives.
Scanners can also be divided into two categories – “universal” and “specialized”. Universal scanners designed to search for and neutralize all types of viruses, regardless of the operating system in which the scanner is designed to work. Specialized scanners are designed to neutralize a limited number of viruses or only one class of viruses, for example macro viruses.
Scanners are also divided into “resident” (monitors), which scan on the fly, and “non-resident”, which scan the system only upon request. As a rule, “resident” scanners provide more reliable system protection, since they immediately respond to the appearance of a virus, while a “non-resident” scanner is able to identify the virus only during its next launch.
The advantages of scanners of all types include their versatility, the disadvantages are the size of the anti-virus databases that scanners have to store and update, and the relatively low speed of searching for viruses.
CRC scanners. The operating principle of CRC scanners is based on calculating CRC sums (checksums) for files/system sectors present on the disk. These CRC amounts are then stored in the antivirus database, as well as some other information: file lengths, dates of their last modification, etc. When subsequently launched, CRC scanners compare the data contained in the database with the actual calculated values . If the file information recorded in the database does not match the real values, then CRC scanners signal that the file has been modified or infected with a virus.
CRC scanners using anti-stealth algorithms respond to almost 100% of viruses immediately after changes appear on the computer. A characteristic drawback of these antiviruses is the inability to detect a virus from the moment it appears until changes are made to the computer. CRC scanners cannot detect a virus in new files (in email, on floppy disks, in recoverable files, or when unpacking files from an archive) because their databases do not contain information about these files.
Blockers. Anti-virus blockers are resident programs that intercept “virus-dangerous” situations and notify the user about it. “Virus-dangerous” ones include calls to open for writing to executable files, writing to the boot sector of the disk, etc., which are typical for viruses at the moment of reproduction.
The advantages of blockers include their ability to detect and block a virus at the earliest stage of its reproduction, which, by the way, can be very useful in cases where a long-known virus is constantly activated.
Immunizers. Immunizers are divided into two types: immunizers that report infection, and immunizers that block infection by any type of virus.
Today, more than ever, antivirus software is not only the most popular in the security system of any operating system, but also one of its main components. And if previously the user had a very limited, modest choice, now you can find a lot of such programs. But if you look at the list of “Top 10 antiviruses”, you will notice that not all of them are equal in terms of functionality. Let's look at the most popular packages. At the same time, the analysis will include both paid and shareware (antivirus for 30 days), and freely distributed applications. But first things first.
Top 10 antiviruses for Windows: testing criteria
Before you start compiling a rating, you should probably familiarize yourself with the basic criteria that are used in most cases when testing such software.
Naturally, it is simply impossible to consider all known packages. However, among all those designed to ensure the protection of a computer system in the broadest sense, the most popular can be identified. At the same time, we will take into account both the official ratings of independent laboratories and reviews of users who use this or that software product in practice. Besides, mobile programs will not be affected, we will focus on stationary systems.
As for conducting basic tests, as a rule, they include several main aspects:
- availability of paid and free versions and limitations related to functionality;
- standard scanning speed;
- quick identification of potential threats and the ability to remove or quarantine them using built-in algorithms;
- frequency of updating anti-virus databases;
- self-defense and reliability;
- availability of additional features.
As can be seen from the above list, checking the operation of antivirus software allows you to determine the strengths and weak sides one or another product. Next, I will consider the most popular software packages included in the Top 10 antiviruses, and also give their main characteristics, of course, taking into account the opinions of people who use them in their daily work.
Kaspersky Lab software products
First, let's look at the software modules developed by Kaspersky Lab, which are extremely popular in the post-Soviet space.
It’s impossible to single out just one program here, because among them you can find the standard Kaspersky Antivirus scanner, and modules like Internet Security, and portable utilities like Virus Removal Tool, and even boot disks for damaged Rescue Disc systems.
It is immediately worth noting two main disadvantages: firstly, judging by the reviews, almost all programs, with rare exceptions, are paid or shareware, and secondly, system requirements unreasonably high, which makes it impossible to use them in relatively weak configurations. Naturally, this scares off many ordinary users, although activation keys for Kaspersky Antivirus or Internet Security can easily be found on the World Wide Web.
On the other hand, the activation situation can be corrected in another way. For example, Kaspersky keys can be generated using special applications like Key Manager. True, this approach is, to put it mildly, illegal, however, as a way out, it is used by many users.
The speed of operation on modern machines is average (for some reason, more and more heavyweight versions are being created for new configurations), but constantly updated databases, the unique technology for identifying and removing known viruses and potentially dangerous programs are at their best. It is not surprising that Kapersky Laboratory is today a leader among security software developers.
And two more words about the recovery disk. It is unique in its own way because it boots the scanner from graphical interface even before the start of Windows itself, allowing you to remove threats even from RAM.
The same applies to the portable utility Virus Removal Tool, which can track any threat on an infected terminal. It can only be compared with a similar utility from Dr. Web.
Protection from Dr. Web
Before us is another of the strongest representatives in the field of security - the famous “Doctor Web”, who stood at the origins of the creation of all anti-virus software since time immemorial.
Among the huge number of programs you can also find standard scanners, security tools for Internet surfing, portable utilities, and recovery disks. You can't list everything.
The main factor in favor of this developer’s software can be called high speed work, instant threat identification with the ability to either complete removal, or isolation, as well as a moderate load on the system as a whole. In general, from the point of view of most users, this is a kind of lightweight version of Kaspersky. There is still something interesting here. In particular, this is Dr. Web Katana. It is believed that this is a new generation software product. It is focused on the use of “sand” technologies, i.e. placing a threat in the “cloud” or “sandbox” (whatever you want to call it) for analysis before it penetrates the system. However, if you look at it, there are no special innovations here, because this technique was used back in free antivirus Panda. In addition, according to many users, Dr. Web Katana is a kind of Security Space with the same technologies. However, generally speaking, any software from this developer is quite stable and powerful. It is not surprising that many users prefer such packages.
ESET programs
Speaking about the Top 10 antiviruses, it is impossible not to mention another bright representative of this field - the ESET company, which became famous for such a well-known product as NOD32. A little later, the module was born ESET Smart Security.
If we consider these programs, we can note interesting point. To activate the full functionality of any package, you can do two things. On the one hand, this is the acquisition of an official license. On the other hand, you can install trial antivirus free, but activate it every 30 days. The situation with activation is also interesting.
As absolutely all users note, for ESET Smart Security (or for a standard antivirus) on the official website you could find freely distributed keys in the form of a login and password. Until recently, only this data could be used. Now the process has become somewhat more complicated: first you need to login and password on a special website, convert it into a license number, and only then enter it into the registration field in the program itself. However, if you do not pay attention to such trifles, you can note that this antivirus is one of the best. Pros noted by users:
- virus signature databases are updated several times a day,
- identification of threats at the highest level,
- there are no conflicts with system components (firewall),
- the package has the strongest self-defense,
- there are no false alarms, etc.
Separately, it is worth noting that the load on the system is minimal, and the use of the Anti-Theft module even allows you to protect data from theft or misuse for personal gain.
AVG Antivirus
AVG Antivirus is a paid software designed to provide comprehensive security computer systems(there is also a free truncated version). And although today this package is no longer among the top five, it nevertheless demonstrates fairly high speed and stability.
In principle, it is ideal for home use, because, in addition to speed, it has a convenient Russified interface and more or less stable behavior. True, as some users note, sometimes it is able to miss threats. And this does not apply to viruses as such, but rather to spyware or advertising "junk" called Malware and Adware. The program’s own module, although widely advertised, still, according to users, looks somewhat unfinished. And an additional firewall can often cause conflicts with the “native” Windows firewall if both modules are active.
Avira package
Avira is another member of the antivirus family. It is not fundamentally different from most similar packages. However, if you read user reviews about it, you can find quite interesting posts.
Many people do not recommend using the free version under any circumstances, since some modules are simply missing in it. To ensure reliable protection, you will have to purchase a paid product. But such an antivirus is suitable for versions 8 and 10, in which the system itself uses a lot of resources, and the package uses them at the lowest level. In principle, Avira is best suited for, say, budget laptops and weak computers. A network installation, however, is out of the question.
Cloud service Panda Cloud
Free at one time became almost a revolution in the field of antivirus technologies. The use of a so-called “sandbox” to submit suspicious content for analysis before it penetrates the system has made this application especially popular among users of all levels.
And it is precisely with the “sandbox” that this antivirus is associated today. Yes, indeed, this technology, unlike other programs, allows you to prevent threats from entering the system. For example, any virus first saves its body on the hard drive or in RAM, and only then begins its activity. Here the matter does not come to conservation. First, the suspicious file is sent to cloud service, where it is checked, and only then can it be saved in the system. True, according to eyewitnesses, unfortunately, this can take quite a lot of time and unnecessarily loads the system. On the other hand, it’s worth asking yourself what is more important: security or increased verification time? However, for modern computer configurations with Internet connection speeds of 100 Mbit/s and higher, it can be used without problems. By the way, its own protection is provided precisely through the “cloud”, which sometimes causes criticism.
Avast Pro Antivirus Scanner
Now a few words about another prominent representative. He is quite popular among many users, however, despite the presence of the same “sandbox”, anti-spyware, network scanner, firewall and virtual account, unfortunately, Avast Pro Antivirus in terms of key indicators of performance, functionality and reliability is clearly inferior to such giants as Kaspersky Lab software products or applications using Bitdefender technologies, although it demonstrates high scanning speed and low resource consumption.
What attracts users to these products is mainly that free version The package is as functional as possible and does not differ much from paid software. In addition, this antivirus works on everyone Windows versions, including the “ten”, and behaves perfectly even on outdated machines.
360 Security Packages
Before us is probably one of the fastest antiviruses of our time - 360 Security, developed by Chinese specialists. In general, all products labeled “360” are distinguished by enviable speed of operation (the same Internet browser 360 Safety Browser).
Despite its main purpose, the program has additional modules to eliminate operating system vulnerabilities and optimize it. But neither the speed of operation nor the free distribution can be compared with false alarms. In the list of programs that have this criterion highest scores, this software occupies one of the first places. According to many experts, conflicts arise at the system level due to additional optimizers, the action of which intersects with the execution of tasks of the OS itself.
Software products based on Bitdefender technologies
Another “old man” among the most famous defenders of operating systems is Bitdefender. Unfortunately, in 2015 it lost the palm to Kaspersky Lab products, nevertheless, in antivirus fashion, so to speak, it is one of the trendsetters.
If you look a little more closely, you will notice that many modern programs (the same 360 Security package) in different variations are made precisely on the basis of these technologies. Despite the rich functional base, it also has its shortcomings. Firstly, you will not find the Russian antivirus (Russified) Bitdefender, since it does not exist in nature at all. Secondly, despite the use of the latest technological developments in terms of system protection, unfortunately, it shows too high a number of false positives (by the way, according to experts, this is typical for the entire group of programs created on the basis of Bitdefender). The presence of additional optimizer components and their own firewalls generally does not affect the behavior of such antiviruses for the better. But you can’t deny the speed of this application. In addition, P2P is used for verification, but there is no verification at all Email in real time, which many people don’t like.
Antivirus from Microsoft
Another application that is notable for its enviable performance with or without reason is Microsoft's own product called Security Essentials.
This package is included in the Top 10 antiviruses, apparently, only because it is designed exclusively for Windows systems, which means it does not cause absolutely any conflicts at the system level. Besides, who, if not the specialists from Microsoft, knows all the security holes and vulnerabilities of their own operating systems. By the way, an interesting fact is that the initial builds of Windows 7 and Windows 8 had MSE as standard, but then for some reason this kit was abandoned. However, for Windows it can become the simplest solution in terms of security, although you can’t count on any special functionality.
McAfee app
As for this application, it looks quite interesting. However, it has gained the greatest popularity in the field of application on mobile devices with all kinds of blocking, however, on desktop computers this antivirus behaves no worse.
The program has low-level support for P2P networks when sharing Instant Messenger files, and also offers 2-level protection, in which the main role is given to the WormStopper and ScriptStopper modules. But in general, according to consumers, the functionality is at an average level, and the program itself is focused more on identifying spyware, computer worms and Trojans and preventing executable scripts or malicious codes from entering the system.
Combined antiviruses and optimizers
Naturally, only those included in the Top 10 antiviruses were considered here. If we talk about other software of this kind, we can note some packages containing anti-virus modules in their sets.
What to prefer?
Naturally, all antiviruses have certain similarities and differences. What to install? Here you need to proceed from the needs and the level of protection provided. Usually, to corporative clients it's worth buying something more powerful with the ability network installation(Kaspersky, Dr. Web, ESET). As for home use, here the user chooses what he needs (if desired, you can even find an antivirus for a year - without registration or purchase). But, if you look at user reviews, it is better to install Panda Cloud, even despite some additional load on the system and the time it takes to check in the sandbox. But this is where there is a complete guarantee that the threat will not penetrate the system in any way. However, everyone is free to choose for themselves what exactly they need. If activation is not difficult, please: ESET products work fine on home systems. But using optimizers with anti-virus modules as the main means of protection is extremely undesirable. Well, it’s also impossible to say which program takes first place: there are so many users, so many opinions.
