What is antivirus software? | Trusted Reviews | #microsoft | #hacking | #cybersecurity | #education | #technology | #infosec

Antivirus software is designed to detect and neutralise any malicious software – known as “malware” – that gets onto your computer.

This specific task is carried out by a malware detection engine, which is generally shared by all of a company’s anti-malware products, whether they’re free, sold to home users as consumer antivirus subscriptions, or to enterprises in as part of end-point protection solutions.

This means that, for home users, free antivirus often provides protection that’s just as effective as the paid-for products from the same company – the main difference comes in extra features, which you may or may not need. You can see a breakdown of the reasons for this in our Microsoft Defender vs Third Party Antivirus guide.

A key benefit of free AV products for the antivirus companies themselves is that your antivirus sends back samples of any malicious software it encounters for analysis. This means that their teams have more data to contribute to their signature databases and behavioural detection engines, making all of their antivirus products more accurate.

Real-time malware protection

The most important element of your anti-virus software is real-time protection. This constantly monitors your system, blocking and quarantining files with known malware signatures or that behave in a suspicious manner, such as by attempting to change key system files or registry entries.

On modern Windows systems, Microsoft Defender Antivirus provides real-time malware protection by default. This is disabled when you install a third-party antivirus suite with real-time protection.

macOS similarly has integrated malware defences in the form of XProtect, which remains active when third-party antivirus is installed, while Linux distributions primarily rely on being inhospitable to software that tries to run without appropriate permissions.

On-demand scanners

Almost all anti-malware tools that offer real-time protection also have an on-demand scanner, which you can run at will or schedule to run on a regular basis. As modern hard disks can run to multiple terabytes, a full scan can take an extremely long time, so you’re generally better off using this to check for specific suspect threats or newly introduced material.

You can also get stand-alone on-demand scanners that will happily cohabit with with an installed full anti-malware suite on Windows. Probably the most popular of these is Malwarebytes Free, although many products that brand themselves as “online scanners” (see below) are in fact on-demand scanners.

The most common Linux antivirus tool, ClamAV, is an on-demand scanner. The integrated antivirus features of macOS do everything in the background, without any human intervention. In this spirit, there’s no on-demand scanning, but you can download on-demand scanners for your Mac, including free tools from Malwarebytes, ClamAV and MacPaw.

Online virus scanners

There are very few “true” online virus scanners in the form of a web service that you can upload suspected malicious files to for a near-instant scan. If you’re after that, visit VirusTotal.

The term is more commonly, if somewhat deceptively, used for small on-demand virus scanners, usually for Windows. These are usually free, and are very helpful if you want fast access to the malware detection engines from the likes of Trend Micro HouseCall and Eset, who don’t have conventional free antivirus suites.

There’s no real-time protection to be had here, but they’re worth bearing in mind if you wish to supplement your scanning arsenal.

If malware takes hold on your PC and disables your antivirus, then you’ll probably need a bootable rescue disk to remove it.

These are usually tiny Linux distributions that you can download to a bootable CDs or USB drives. On boot, they an easy-to-use malware scanner, which will download the latest virus definition files and then scan and remove threats from your computer’s hard disks. Because the infected drives aren’t themselves booted, the malware won’t be able to defend itself.

Learn more in my guide to malware recovery tools.

Firewalls

Not an antivirus tool per se but frequently mentioned in the same breath, your firewall prevents unauthorised network traffic from accessing your network or, in the case of the software firewalls we’re discussing, your PC. Traffic can be granted or denied access by protocol, port number, IP address, and more. A firewall can also block unauthorised outbound traffic.

The most important firewall you own is probably built into your router, and its this that protects every device on your local network. However, software firewalls on your PC can also play a useful role, particularly if you connect your computer to public networks.

Windows and macOS both come with built in system firewalls. Linux has one, but it’s disabled by default in most distros.

Your system’s firewall is absolutely all you need, although Windows Defender Firewall feels dated when it comes to manual configuration. Fortunately, it’ll effectively suggest new firewall rules as you need them, so you’ll rarely have to open ports yourself.

If you do find yourself doing a lot of manual firewall configuration, a third-party option with a nicer interface worth considering.

Additional utilities and services

Because anti-malware firms want to distinguish their protects both from each other and from those of their rivals, you’ll often find a range of extra services, from parental control tools and password managers, to VPN services, folder encryption tools, secure file shredders and system optimisation tools.

These can be useful, but with the possible exception of parental control software, you’re just as well off with a dedicated product that isn’t tied to your antivirus subscription for all of these use cases.