Let's talk about antivirus and anti-malware. Basically, the two do almost exactly the same thing. Whereas, anti-virus just works with viruses, and anti-malware, well, handles everything else. So, in today's lesson, I want you to get out of it. What does antivirus or anti-malware actually do? And, understand the history of anti-malware and antivirus because it'll help you understand where we've come throughout the years. In order to understand what antivirus or anti-malware does, we really have to define what malware is. So, according to the computer security resource center definition, it is a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity or availability of the victim's data, applications or operating system, or otherwise, annoying or disrupting the victim. That's a mouthful. But, basically, it's just going to be anything that does harmful things, annoyance to the user or to the system. We have different malware types. These are broken down into two different types of classifications. The first one is how it propagates in the second one is the actions that are performed. So, let's look at a couple of types within these classifications. There's attack kits. Attack kits are very dangerous. In fact, at the university, they're one of the very few things that we actually send the ticket right away when we see it coming through the intrusion prevention system, to make sure that we quarantine the user that has an attack kit on it. Basically, attack kits can do anything they want. So, they can spy on the user through their web cam. They can steal information like credit card and bank information. They can put malicious software on. They can do really anything that they want. And, a lot of these attack kits are actually built by criminals and used by criminal organizations, and they're for rent. So, if you wanted to control one of these attack kits, you just go pay these malware writers and they'll let you have time on the attack kit. It's very quite interesting but very, very dangerous. Viruses are the next type and those, basically, do damage to your computer. Okay? They are things that destroy data, steal information, but they're not necessarily interacting with the user. Worms are going to be something that propagates throughout an entire network. So, one of the more famous worms, Conficker, or the Morris worm back in the 80s, really propagated through the networks. And, as long as there's a computer connected on the other end, or it can find another computer, it goes in and affects that system. And then, the last one is a rootkit. What the rootkit does is it compromises the actual integrity of the operating system. So, when you have a rootkit on your system, and it's very difficult or it's increasingly difficult to build one these days, but what a rootkit does is it controls the very underlying of the operating system. So, you can never, in my opinion, while there's anti-malware designed to remove that rootkit, if a rootkit is installed your system, just rebuild your entire computer. Rebuild the operating system. Rebuild the applications. It is not good to keep a rootkit or just clean it off your system. You really need to rebuild it. Okay. Let's talk about the counts of malware. There are tens of thousands of new samples every day coming out for malware. A lot of these are variations because what happens is, the antivirus and anti-malware companies are identifying these samples of malware and actually identifying them. So, the malware writers have to go back in and tweak something to bypass the antivirus or anti-malware program. So, in April, actually, of this year in 2017, Android released a statistic saying that, there is around 8400 samples of new Android malware every day, which is astonishing considering just a few years ago, we only had maybe about 10000. And now, we're actually seeing mobile devices taking over the entire amount of space that all malware composed of a few years ago. In order to understand where we're at with antivirus and anti-malware, we have to understand the history. There's four different categorizations of where we came from. The first is the simple scanners. Those were scanning for individual files, what it did to a computer, but very specific targeted classification and removal. The next was heuristics. Heuristics, which we'll talk about or which we've already talked about, is looking at what it's doing to the system. So, if it's changing a file, if it's propagated a certain way, we can flag it as a kind of category of malware instead of an actual piece of malware. That was good in understanding that, because malware kept on being rewritten by the malware writers, we had to adapt somehow, and that was the way to do it. Next is the activity or anomaly-based anti-malware, which now looks at anomalies or activity that is happening in the system. So, let's say, that I'm expecting only five megabytes a day to go through my network card. And, all of a sudden, I see all kinds of data leaving my network. Well, anti-malware might flag that and say, this is not normal, I'm going to stop that activity. And then, now we have NextGen anti-malware or antivirus that takes care of a lot of different things. It takes care of phishing. It takes care of spam. It takes care of network ports. It's a firewall. It's everything encompassing security on your computer to make sure nothing gets in or out. And, it's looking at all different things that malware could do to a computer or a computer system. Anti-malware is really the last line of defense. So, if all else fails, if your border firewall fails, if your internal firewall fails, if your best practices of what you're doing like, if you get a fishing e-mail, for example, and it doesn't catch the phishing e-mail, anti-malware is meant to be used to stop the installation and propagation of that software. So, most methods aren't good enough by themselves. NextGen antivirus is now needed. So, we have to look at the entire picture of the system, of what the system is doing, what files are being looked at. Anti-malware is really a necessity. It's still our last line of defense. And finally, real-time scanning has to be used. This is what got the Target Corporation in trouble with their latest breach, is malware was put on the systems, and because there wasn't real time scanning, which means that the anti-malware is looking at files throughout the running of that system. So, let's say, that I get a virus. Okay? And, I download the piece of software and it installs on to my computer, and it runs for two hours, and then goes away. Well, guess what? If it's not real-time then my anti-virus is set to scan the computer at five minutes after that malware is gone, then it's a false negative where I never had a virus in the first place. So, real-time scanning allows the system to be protected all the time. Malware can be identified a few different ways. So, the first way is writing two restricted locations such as registry files or startup files, modifying executables, opening or deleting and editing files, and also writing to the boot sector. And lastly, creating accessing and adding macros is the last identification item. And, macros are so important and, such a problem for security, and the viruses that go through macros, that Microsoft has actually sort of blocked those down. There are a number of issues with antivirus, though. So, not all antivirus is created equal. Av-test.org is a great website to look at, independently, all antiviruses. It'll show you corporate antivirus, enterprise antivirus and then personal antivirus as well, and ranks them on the level of protection, ease of use and how well it interacts with the user. Really, the best thing that you can do is research yourself, before choosing a antivirus or anti-malware solution. It really needs to be the last line of defense, or it is the last line of defense. So, you have to have anti-malware installed on your computer. There's been concerns in the past of certain products running poorly on a system. Well, in this day and age, with the speed of computers, that concern isn't really realized anymore. Antivirus is also costly for an organization but it is necessary.
