What is antivirus and why is it important?

You’ll see a lot of warnings about the importance of installing antivirus software.  There are a lot of competing  pieces of software on the market, and we’d like to help you understand what computer viruses are, how your machine can become infected, and how anti-virus software works.  It’s important to note that Macs and PCs are equally vulnerable, despite what you may hear.

What is a computer virus?  A computer virus, sometimes called malware, is a computer program that is installed on your computer without your knowledge that is intended to perform tasks that are not in your best interests.  Among the common impacts of different viruses:

  • Encrypting all the data on your computer so the attacker can charge you money to get your files back
  • Stealing every keystroke, so the attacker can learn your accounts and passwords
  • Turning on your computer’s microphone and camera
  • Using your computer to attack other users

Usually viruses not only perform the function they were designed to do, but also alter your computer’s operating system to make them hard to detect, and to reinstall themselves if they are not removed properly.

How do viruses spread?  Viruses are designed to spread quickly and easily, and can do so in a number of ways.  The most common are:

  • Attachments:  Almost any kind of file can host a virus.  These include Microsoft Office files, PDFs, images, and nearly anything else.
  • Malicious website.  Every website actually contains content from dozens of places: Images, articles, surveys, ads, etc.  Less reputable sites don’t do a very good job checking that those pieces of content are free from viruses.  Often, attackers will set up sites that are specifically designed to look like reputable sites but in fact spread malware when you connect to them.
  • USB sticks:  Attackers will leave USB memory sticks in public places like parking lots and conference rooms, hoping someone will pick them up and insert them in computers.  When the stick is inserted, the malware installs.

What does anti-virus software do?  Anti-virus software examines every file and piece of software that tries to install or execute on your computer and determines if it’s malicious.  It does this in 2 ways.

  • Signature-based:  This is the most common method.  Anti-virus companies are constantly publishing lists of known malware as reported across the Internet.  If a file matches the list, it is blocked.  Literally thousands of new viruses are discovered daily, so it’s very important that antivirus software is set up to update itself constantly.  This works pretty well, but if you’ve been hit with a new piece of malware that hasn’t been included in your software’s list yet, you won’t be protected.
  • Behavior-based:  More sophisticated programs supplement their list of signatures by watching what a program does and making judgements about whether it is malicious, and acting accordingly.  For example, if a new file starts modifying the operating system and encrypting your computer, behavior-based antivirus software might block that software because it is acting like a virus.

What should you install?  We’re not going to recommend a specific piece of software, but here are some guidelines.

  • Software you pay for is generally better than freeware.  Often it will include behavioral detections and additional features such as blocking you from visiting known malicious websites.  Usually they cost less than $100 per year, and often the fee allows you to protect several computers. 
  • Well-known software from reputable vendors is usually better than something no one has ever heard of.  Check PC Magazine or something similar for ratings and reviews.

If you don’t want to buy antivirus software, click here for information on how to download Sophos’ home edition, which is free to the FIT community.