ANTIVIRUS AND ANTI-SPYWARE

ANTIVIRUS ??? Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. Before Internet connectivity was widespread, viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently. However, as internet usage became common, initially through the use of modems, viruses spread throughout the Internet. Now, a user's computer could be infected by just opening or previewing a message.

IDENTIFICATION METHODS There are several methods which antivirus software can use to identify malware such as : Signature based detection  To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. Heuristic-based detection  like malicious activity detection, can be used to identify unknown viruses. File emulation  involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.

ISSUES OF CONCERN Unexpected renewal costs  Some commercial antivirus software end-user license agreements include a clause that the subscription will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval. ** Open source and free software applications, such as Clam AV, provide both the scanner application and updates free of charge and so there is no subscription to renew. Rogue security applications  Some antivirus programs are actually malware masquerading as antivirus software, such as WinFixer and MS Antivirus. False positives  A false positive is identifying a file as a virus when it is not a virus. System related issues  Running multiple antivirus programs concurrently can degrade performance and create conflicts.

OTHER METHODS Cloud antivirus  CloudAV would be able to send programs or documents to a network cloud where it will use multiple antivirus and behavioural detection simultaneously. It is more thorough and also has the ability to check the new document or programs access history. Network firewall  They may protect against infection from outside the protected computer or LAN, and limit the activity of any malicious software which is present by blocking incoming or outgoing requests on certain TCP/IP ports. A firewall is designed to deal with broader system threats that come from network connections into the system and is not an alternative to a virus protection system. Online scanning  Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. Examples include Kaspersky Online Scanner[30] and ESET Online Scanner.

However, no matter how useful antivirus software is, it can sometimes have drawbacks. Antivirus software can degrade computer performance if it is not designed efficiently. Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. In one case, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.[1] Finally, antivirus software generally runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack. In addition to the drawbacks mentioned above, the effectiveness of antivirus software has also been researched and debated. One study found that the detection success of major antivirus software dropped over a one-year period.

ANTISPYWARE ??? Spyware is a type of malware that is installed on computers and collects information about users without their knowledge. Spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. Unlike viruses and worms, spyware does not usually self-replicate. Like many recent viruses.

ROUTES OF INFECTIONS Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities. Most spyware is installed without users' knowledge. Some "rogue" spyware programs masquerade as security software. of spyware usually presents the program as a useful utility—for instance as a "Web accelerator" or as a helpful software agent. Spyware can also come bundled with other software. The user downloads a program and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does.

EFFECTS AND BEHAVIOURS A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. Stability issues, such as applications freezing, failure to boot, and system-wide crashes, are also common. Spyware, which interferes with networking software commonly causes difficulty connecting to the Internet. In some infections, the spyware is not even evident. Users assume in those situations that the issues relate to hardware, Windows installation problems, or another infection. The cumulative effect, and the interactions between spyware components, causes the symptoms which slows to a crawl, overwhelmed by the many parasitic processes running on it. some types of spyware disable software firewalls and anti-virus software, and/or reduce browser security settings, thus opening the system to further opportunistic infections, much like an immune deficiency disease.

EXAMPLE OF SPYWARE CoolWebSearch  a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites. HuntBar (WinTools) or Adware.Websearch  was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware. Zlob trojan (Zlob)  downloads itself to a computer via an ActiveX codec and reports information back to Control Server[citation needed]. Some information can be the search-history, the Websites visited, and even keystrokes.

REMEDIES AND PREVENTION As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system. Anti-spyware programs have released products dedicated to remove or block spyware. Major anti-virus firms such as Symantec, McAfee and Sophos have come later to the table, adding anti-spyware features to their existing anti-virus products. Integrated anti-spyware solution to some versions of the AVG Anti-Virus family of products, and a freeware AVG Anti-Spyware Free Edition available for private and non-commercial use.

HOW DOES IT WORK ??? Anti-spyware programs can combat spyware in two ways: They can provide real time protection against the installation of spyware software on your computer. This type of spyware protection works the same way as that of anti-virus protection in that the anti-spyware software scans all incoming network data for spyware software and blocks any threats it comes across. Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed onto your computer. With this spyware protection software you can schedule weekly, daily, or monthly scans of your computer to detect and remove any spyware software that has been installed on your computer.

SECURITY PRACTICES Many system operators install a web browser other than IE, such as Opera, Google Chrome or Mozilla Firefox. Use network firewalls and web proxies to block access to Web sites known to install spyware. Some users install a large hosts file which prevents the user's computer from connecting to known spyware-related web addresses. Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. Put a computer on "lockdown". This can be done in various ways, such disconnecting computer from the internet. Disconnecting the internet prevents controllers of the spyware from being able to remotely control or access the computer.

OTHER TYPES OF PROTECTION Cryptography - A process associated with scrambling plaintext (ordinary text, or cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Firewall - Normally the firewall will block the download and upload files activities if you are using instant messaging like Yahoo messenger.

Security Risks Descriptions Unauthorized access and use • Unauthorized access - the use of a computer or network without permission. • Unauthorized use – the use of a computer or its data for unapproved or possibly illegal activities. Hardware Theft and Vandalism • Hardware theft – the act of stealing computer equipment. • Hardware vandalism – the act of destroying computer equipment. Identity Theft When someone steals personal or confidential information. Software Theft When someone • steals software media • intentionally erases programs • illegally copies a program