With the help of anti-virus software, known computer viruses, trojan viruses as well as malware and spyware are detected on your computer and then blocked or removed if possible. The anti-virus software, often also called virus scanner or virus protection software, can work reactively or proactively. In the most common variant - reactive working, the anti-virus software checks the computer or a network for signatures of known viruses and can thus recognize them.
A distinction is made between real-time monitoring and a targeted scan. In real-time monitoring, any activity that is carried out on the computer is checked and compared to the extent to which this activity corresponds to known viruses, but also to general virus patterns. The entire computer is checked in a targeted scan so that even inactive viruses and malware can be detected. Additional scanners can also analyze the data traffic in a network and thus stop third-party and unauthorized access and neutralize malicious software right from the start. Online virus scanners can also be mentioned as an alternative to anti-virus software installed directly on the computer. However, these can only carry out a scan on the computer on direct request and cannot perform passive real-time monitoring or network analysis. Such online virus scanners are often used to check the results of an anti-virus software and to quickly get a second opinion.
At a time when a lot of new viruses are being developed every day, but especially malware and spyware, it is of increasing importance that anti-virus software tries to detect unknown viruses. Accordingly, almost all current anti-virus software works with reactive methods as well as proactive ones. For this purpose, the software can search for general characteristics of malicious programs and thus recognize patterns of viruses, even if an exact signature is still unknown. However, there are also a number of other variants of how anti-virus software can also detect unknown viruses and render them harmless. These include, among other things, the SandBox technology (here a computer is simulated and the possibly harmful program is opened in a situation where no damage can occur) or the behavior analysis (here a real-time monitoring is carried out in the real-time monitoring, which detects the suspected virus when a stimulus threshold is exceeded blocked).
Subsequent detection is also an important means, especially in large networks, to detect the widespread use of viruses and malware. All attachments are included in the entire e-mail traffic of a network. If one of the attachments is identified as harmful, all emails with the same attachments can be sorted out directly and the users can be warned. This method is also used by common email providers to be able to eliminate viruses in emails in advance.
The reliability, but also the effectiveness, of virus scanners is often criticized and questioned. This is based on statistics that the average anti-virus software detects and eliminates just over 40 percent of the attacks. It is also argued that the software can severely affect the performance of the computer or network. It should be said that any anti-virus software can only work perfectly if the user actively contributes to protection (through thoughtful and responsible behavior when working and surfing). And even if 100% protection can never be guaranteed, because too many new viruses are developed every day, good anti-virus software still offers considerably more protection than the complete waiver.
Good anti-virus software works permanently in the background and checks all incoming files, programs and emails for their possible threat. This ensures that important memory and resources are used by the computer, which means that other applications may work a little slower. It is often argued that the Windows computer or Mac is already adequately protected by the operating system and therefore the additional use of anti-virus software can be dispensed with. Another argument that is often made here is that anti-virus software only recognizes a good 40 percent of all attacks and threats anyway.
But no matter how strong the criticism of anti-virus programs is - if you are honest, there is no way around this software, you want to protect your computer as best as possible from harmful programs, viruses and Trojans. No matter how careful you are on the Internet, the number of malicious sites, software and emails can no longer be quantified. Even the most careful user can get caught and a virus threatens to affect the home system.
Since most threats sneak onto the computer through security holes, it actually helps a lot if all programs, especially the operating system, are kept up to date. Windows and Mac also offer pre-installed anti-virus software. Nevertheless, an additional security network in the form of another anti-virus program is certainly not a mistake. Each software has different databases of known signatures, but also works in different ways. Good anti-virus software also relies on the detection and elimination of unknown viruses. This is precisely where the weaknesses of the Windows, Mac and Co. security systems mentioned above lie. They can only react to new viruses after a certain time. All reactions take time in which the security gaps can be closed. During this time, viruses and malware can spread and move freely if they are not kept in check and removed by additional anti-virus software.
In summary, it can be said that a current operating system, current programs and a good dose of common sense and responsible action can already eliminate the mass of threats to the average private user. Many of the viruses and attacks that slip through this first security network rarely target private users. Nevertheless, it can also happen that viruses go undetected to the computer. In such a case, the damage is usually very high. Additional protection - even if only against the 40% percent of attacks mentioned - offers a reassuring feeling - and at least 40 percent more security on your own PC.
The term computer virus is often used as a general term for all malicious software that can infect a computer. In detail, this is not correct. A computer virus is a computer program that is either hidden in other computer programs, a boot sector or RAM. This occurs through reproduction (computer 1 is infected and comes into contact with computer 2. This also infects computer 2. However, the computer virus is not removed from computer 1 and has increased as a result). This reproduction as a distribution and infection function gave the computer virus its name in comparison to the biological variants.
As early as 1949, the first theoretical papers were written on whether and how computer programs can reproduce and spread independently. In 1980 the comparison with biological viruses was used for the first time. In 1982, the first boot virus was written by a 15-year-old student who was able to spread via floppy disks on Apple II systems. Almost all early viruses, which could infect MS-DOS, Amiga, Atari or Unix, used this method of distribution. The virus is usually hidden in a host program. If this is carried out, the virus is also started and spreading is initiated. Computer viruses were often not particularly harmful. The programming was mostly just about the widest possible distribution and getting attention (the so-called existence report). However, even in the early days of computer viruses, there were those that could cause actual damage. This included the destruction of data as well as the targeted destruction of individual hardware elements (e.g. by overclocking the graphics card or reducing the fan speed). Frequently, the firmware was attacked directly, with the result that the computer could no longer be started.
Nowadays the actual computer virus is of little importance and has been replaced by painting software, spyware and computer worms (which are still spreading via e-mails and the Internet, but also via removable media). Nowadays, the threat of computer viruses (including worms, Trojans and malware / spyware) is much greater. The viruses not only aim to spread as widely as possible, but also aim to steal information from other computers. All information - from valuable bank or credit card data to uninteresting data such as Google behavior or shopping preferences - can be marketed profitably. Personal data is one of the most important currencies of the modern age. Of course, computer viruses can also be used specifically to obtain passwords from certain websites. Again and again, even large corporations like Facebook hit the headlines that the passwords were stolen by millions of users. Sites and programs are often also targeted by attacks where users' money is virtually deposited. Examples include telephony programs such as Skype, but also computer games or virtual casinos. By changing the password, users can often no longer access their credit. In addition, bank or credit card details are usually stolen, so that the damage can be double or triple.
Compared to computer worms and malware, the spread rate of real computer viruses was very low and the economic damage was also relatively insignificant.
With the introduction of Windows 10 at the latest, the automatically installed virus scanner "Windows Defender" also found its way into the home computer world. This is Microsoft's own anti-virus software. For Windows 8 and Windows 10, basic protection against spyware is provided and an offline cleaning tool for Windows 7, Windows 8 and Windows 10 is provided. Microsoft Virus Software Security Essentials is available for older versions of the Windows operating system. Microsoft has also provided an in-house solution to protect against dangerous content for the Microsoft "Edge" browser. But what are the advantages and disadvantages of Microsoft solutions and is additional anti-virus software required? Isn't it enough to use this pre-installed solution in combination with responsible behavior on the Internet?
The biggest advantage of the Microsoft Defender is certainly that the anti-virus program comes directly from the same manufacturer as the operating system and can thus be the first to react to all weaknesses and possible security gaps. Possible security gaps can also be avoided by installing additional external programs, which in turn also require various authorizations to work properly. Finally, it should be said that the Windows Defender really works in the background in a resource-saving manner and has no negative effects on the system performance.
As a disadvantage, it is often mentioned that the protection provided by Windows Defender would not be sufficient. Reference is made to various tests in which the Defender did poorly compared to other, usually very expensive, anti-virus programs. It should be mentioned here that these tests are based on very different test procedures. Different malware programs are often grouped together. If only one of the programs is not recognized, the entire group is rated as negative, which leads to an exaggeration of the negative result. But even if one does not take this exaggeration into account, the result is that Windows Defender detects and eliminates fewer threats than many of the other anti-virus programs. Microsoft also stands for a large corporation with numerous divisions. Even if a dedicated department works specifically on virus protection, there is still a lack of extensive, long-term experience and the ability to work purely on anti-virus software, as the competition can have.
In summary, it can be said that users of Windows 8 or Windows 10 have already installed virus protection. If this, like the operating system itself, is kept up to date, good basic protection is already in place. To be on the safe side and get really excellent protection, it is recommended to install another anti-virus program. Free software can be used here if you can live with the somewhat more complicated operation and the insertion of advertising. However, the best result is still guaranteed by using paid anti-virus programs.
Windows 7 or older users should definitely use anti-virus software. Not only is the basic protection preinstalled with Windows 8 or Windows 10 missing, but the older versions of Windows are rarely or not serviced these days and are provided with security updates. As a result, a large number of security gaps are never closed and open doors for all malicious programs. Even the best anti-virus programs can reach their limits here, since the latest (and therefore the most difficult to detect) viruses can of course penetrate through such security holes. If the older version of Windows is not absolutely necessary (be it due to system values that are too low, but also because certain programs are used that are not compatible with Windows 8 or Windows 10), it is recommended to upgrade to a newer version of Windows (preferably Windows 10) to change.
This question is often asked by people switching from Windows PCs to Macs. The usual procedure for Windows is (or should be) to install additional virus protection as one of the first activities. But everything is different with the Mac, is often said. Is virus protection really necessary here?
Most of the time the answer will be: No, a Mac does not need virus protection. The main reasons for this are:
- Apple uses an operating system based on UNIX. This has significantly larger and better security mechanisms than Windows (in return it is considerably more complicated and user-unfriendly). This makes it much more difficult to successfully carry out attacks and to place viruses and malware on the computer.
- The Apple operating system is automatically equipped with anti-virus software and a firewall. This program is called XProtect and works inconspicuously in the background without consuming a lot of resources.
- The Mac email program is also automatically provided with virus protection, which is primarily intended to protect against Trojans and phishing emails.
- Finally, it is often emphasized that Apple computers are simply not as widespread as Windows devices. It is simply not economically worthwhile to program special viruses for Macs if you can achieve a multiple of infections with the same effort on Windows computers.
However, if you work a step further into the matter, you can see that the Mac is not automatically perfectly protected against viruses. Yes - there are fewer viruses attacking a Mac than on Windows PCs, yes - the Mac has a preinstalled program and also: Yes, the UNIX-based operating system is more secure than Windows. Nevertheless, the following also applies here: The threat from viruses, malware and spyware is real, even on a Mac. No matter how few security holes the operating system may have - the majority of viruses and malware are downloaded to the computer by the user, and it does not matter whether it is a Mac or a Windows PC. And even if a pre-installed anti-virus software offers a certain level of protection, it will never be up-to-date like a specialized program, the developers of which work solely for this purpose and have decades of experience in this area.
Therefore it can be said: A Mac offers good basic protection, which is usually better than a Windows PC. However, even with a Mac, additional anti-virus protection should not be left out. However, due to the considerably lower threat, it is advisable to use so-called on-demand online virus scanners. These do not work in the background and therefore do not require any RAM, but also do not offer permanent protection, but only check the Mac for viruses and other harmful programs on request. However, if you want to protect your Mac as well as possible, an additional program should also be installed here, which in addition to different scan variants also has real-time protection and thus ensures permanent security.
Any anti-virus software is only as good as the underlying database. The easiest way that anti-virus programs can prevent system damage is to detect known viruses and malware. Every virus or unwanted program has a specific signature, a digital fingerprint, so to speak. If a program is known as a virus, this signature can be identified as harmful. If the anti-virus software detects such a signature, the executing program is automatically blocked and deleted. Countless new malicious programs are developed every day. Virus programmers are fighting a tough battle against anti-virus software programmers. The signature of every malware detected is immediately imported into the anti-virus program database. However, this latest database can only be used if the user keeps the anti-virus software up to date. Therefore, updating the software is of the utmost importance.
Occasionally, special malware programs directly attack the anti-virus software. You can try to prevent the software from working, but you can also use permits granted to the software to gain unauthorized access to a system or network. Here Anti-Virus Software is no different from any other program. Such errors in the program are corrected as soon as they are recognized, thereby closing the security gaps. However, the following also applies here: The improvements can only come into force if the program is actually up to date and all updates have been carried out. It is highly recommended that the anti-virus software, like most other important programs on the computer, allow automatic updates to be carried out.
Of course, the developers of anti-virus software are always in the process of developing new methods with which both known viruses can be better recognized and unknown viruses in general. These new possibilities can build on known signatures and recognize similarities to unknown ones, but also analyze the pattern of programs and thereby filter out possible threats. New variants of scan programs for the targeted search for viruses are also being developed. For paid anti-virus programs, these updates are usually included in the service. A contract is often concluded for a certain period of time. During this time, all innovations in the software are available free of charge. With free anti-virus software, updates are of course free of charge. Only the frequency in which these take place will be guaranteed to be lower. But here too, it is necessary to carry out the updates regularly - be it manually or by means of automatic updates.
A firewall is software that is used to protect a single computer or an entire network from unwanted external access. A firewall is therefore an elementary element of any security system. A firewall is not used to directly identify and prevent attacks as such. Rather, a firewall is used to lay down very clear rules on how communication on the computer / in the network may work. All communication that does not comply with the rules is blocked, even if it were not harmful attacks at all. Basically, it can be said that all remote attacks on computers are only possible through security gaps in systems and various computer programs. In today's times, it is necessary for a number of programs to be provided with so-called network services. This means that, for example, a printer in the network can be used by different computers, but also access to data on another computer. These access rights can be used by malicious programs, but also specifically by hackers, to penetrate a network or a computer without authorization. This means that private data and documents can be stolen or viruses, malware and spyware can be installed unnoticed.
This is exactly where a firewall comes in. Due to the clearly regulated access rights, strangers or websites cannot usually access the computer. However, if access is permitted by the user (this is usually requested in a very hidden manner so that the average user has no idea what rights he is currently assigning), a firewall can no longer guarantee protection. This is why it is often ensured in large companies that the individual employee has no rights for changes to his computer, in the network and above all in the security systems. This is done centrally by IT technicians, the so-called admins. The firewall is then not installed directly on the computer of the individual user (personal firewall), but on a separate device that directly shields and protects the entire network from the outside (external firewall). A combination of personal and external firewalls is operated in most large networks. The external firewall is to protect the network from unauthorized access from outside, the personal firewall ensures that.
A firewall can use different methods to detect and prevent unwanted network traffic. The most common variant is the so-called packet filter firewall. All network packets are evaluated here and checked for the specified rules. With network addressing, the MAC addresses and IP addresses of the individual network cards in the network are assigned access rights. In this way it can be clearly regulated who has access to which functions and data. With a proxy firewall, the content of the network packets is checked in addition to the source, destination and service of the traffic data. Firewall software is usually reinforced with additional modules, which technically are not part of the firewall. These include IDS (detection of unauthorized access) and IPS (prevention of unauthorized attacks).
Malware (a compound word consisting of malicious and software) can be translated into German as malware or malware. The term encompasses all computer programs which perform undesirable and, above all, harmful functions. The word malware basically includes various sub-terms such as computer viruses or Trojans. Nevertheless, the term computer virus is still widespread today and is often used as a generic term. If you want to make a distinction between the two terms, it must be said that the aim of the virus is to spread it as widely as possible, the purpose of malware is mostly remote control.
The different types of malware include:
- Computer viruses: These spread by creating copies of themselves on other data carriers.
- Computer worms: In terms of how it works, it is similar to computer viruses, only that it is usually distributed via networks and e-mails.
- Backdoor: In German called back door, this malware is used to generate hidden unauthorized access to the computer or network.
- Trojan horse, Trojan virus: Here the myth of the Trojan horse is used as the basis for naming. Hidden in a program, malicious software is played on the computer. A Trojan usually represents the combination of a backdoor and other malware such as viruses or spyware.
- Scareware: This should plunge the user into such uncertainty that paid programs should be purchased
- Dialer: Especially before the times of flat rates and unlimited internet access, but also nowadays on mobile devices, this malware is widespread. Here the telephone line is used to access chargeable offers such as value-added numbers.
- Spyware: These programs collect information about the user
Spyware is therefore to be understood as a sub-category of malware. The term is a combination of the English words spy (spy) and software. This is a program that hides itself on the computer system and spies on the user. Data on the behavior of the user is usually collected with the help of spyware. This includes, among other things, terms that are searched for, products that are purchased online, etc. Occasionally, spyware should also steal the data from online banking. For this purpose, the software uses so-called keyloggers, which save all keyboard entries and can thus decipher passwords. However, this has been slowed down considerably in times of SMS-Tan. Spyware usually occurs in combination with adware. This means the undesired but controlled insertion of advertisements and pop-ups. These are individually adapted to the user through the collected data of the spyware, whereby the companies - mostly of a rather dubious nature (erotic, counterfeit drugs, gambling, ...) hope for an increase in the effectiveness of advertising. However, there are also numerous spyware programs known that collect data unnoticed and forward it to third parties for further processing and evaluation. This means that no personal advertising is generated, but data and statistics on individual regions and the behavior there are obtained.
In order to protect yourself against malware and spyware, it is recommended to keep all programs, but especially the operating system, always up to date. Internet behavior should also be responsible. If possible, unsafe pages should be avoided, unknown attachments of e-mails should not be opened and when installing programs it should always be ensured that no unwanted additions (own search bars and the like are very popular). However, the best protection is only provided by combining all of these points with the use of special anti-virus software. This is always state of the art and is informed about all new known threats, and can thus protect the user from the most hidden programs. Real-time protection ensures that every action that is carried out by the user is checked immediately. If the action would ensure that a malicious program is installed, the protection intervenes immediately and prevents this before damage can occur.
The selection of anti-virus programs is large. Numerous paid anti-virus software developers such as Kaspersky Internet Security, Bitdefender Internet Security, Bullguard Internet Security or Norton Internet Security have made a name for themselves in the past decades in terms of virus protection. However, free anti-virus programs are becoming increasingly important. Accordingly, many users wonder why they should pay for their security. But do these free anti-virus programs really offer adequate protection?
In 2018 Stiftung Warentest carried out an extensive test of anti-virus programs. The first three places were paid programs. Nevertheless, the free anti-virus programs were largely rated well. But not all of the tested anti-virus programs were convincing. In order to get really good protection, it is necessary to get specific information about the individual products. If it is all about the actual protection against viruses and other harmful software, free programs can certainly perform well. However, it should be mentioned that the service of the paid programs is better and faster. This means that new viruses and their signatures are imported into the respective software considerably faster. Against the latest viruses, a paid anti-virus program is the better solution.
Every software needs capital to be generated and, above all, to be maintained. Paid anti-virus programs can use the money earned directly in personnel to ensure that maintenance is carried out as best as possible. The handling of the program is also guaranteed by a large number of programmers. Weaknesses of the free programs can be seen here. The handling is often confusing and inadequate, which was also criticized in the test by Stiftung Warentest.
Free anti-virus software is also often funded by advertising. In some cases it is placed in a reserved manner, in others it can be shown very excessively and penetratively. Negative extreme examples even went so far that spyware programs and adware were installed together with free anti-virus software or that a sophisticated Trojan virus was hidden behind the supposed anti-virus software.
In summary, it can be said that private users who are reasonably familiar with computers and programs can fall back on free programs. You just shouldn't be bothered by advertisements that appear. For people with less background knowledge, paid programs are recommended due to the simpler operation. Larger companies and connected networks should always use the faster updated, but therefore paid programs. It is also a good idea to provide protection using firewalls. Private users only need a personal firewall, while networks should be protected by private firewalls on each individual computer and an additional external firewall.
The name of a Trojan virus goes back to Greek mythology: the robbery of beautiful Helena triggered a war in ancient Greece. The Greeks around Agamemnon marched against Troy and besieged the city for over 10 years. The cunning Odysseus finally suggested building a wooden horse and placing it outside the city as a peace gift. The unsuspecting Trojans enjoyed the gift and rolled the horse into the city center. In the middle of the night the Greeks, who had been hiding inside the horse, climbed out and were able to beat the defenders and take Troy.
Just like in this myth, the computer version of a Trojan horse is also down to business. A malicious program hides behind a facade and pretends to be useful. If the program is executed in good faith, the true form is shown and the virus is triggered.
Towards the end of the 1980s, the first Trojan viruses, which were spread with blackmail intentions, made their rounds. Programs, which encrypted private data and should only be decrypted after a certain amount had been paid, were hidden behind the appearance of useful data. From the 2000s, Trojan horses were primarily used to put spyware into operation on a wide variety of systems. In 2005 Sony BMG, which had hidden a Trojan virus on their music CDs, gained negative awareness. The associated spyware collected information about the music behavior of the user and sent it directly to Sony. It should also be prevented that music CDs are illegally copied and distributed. Several virus programmers used this Trojan, which is widely used by Sony, to put their own malware into circulation.
The so-called federal trojan also became known. This means software that is to be used by the German federal authorities on PCs, but also on smartphones and other mobile devices. The software is designed to prevent, research and combat crime. This form of digital search is highly controversial and can also be misused by officials for private purposes.
In order to effectively protect against Trojans viruses, the installation and use of programs from unknown sources should be avoided. Above all, reference should be made to the use of illegal copies of known programs, but the illegal downloading of music or film files can also involve Trojan horses. Effective protection is also guaranteed by the combined use of anti-virus software with a firewall. The anti-virus software rarely recognizes the Trojan horse as such, but the malware installed with it and can therefore immediately isolate and block it. If the virus is too new and cannot be recognized by the anti-virus software, the firewall takes effect. It blocks all unauthorized communication, which means that the spyware programs that are often installed by Trojans cannot function.
If you suspect that you have accidentally installed a Trojan virus (this can be signaled, among other things, by slowing down the system, longer boot times, but also by suddenly appearing advertisements or tool bars), you should not only perform a detailed virus scan with a good anti-virus software are carried out, but at best the computer system is reset. This can be done by importing a clean backup copy of the hard disk, which should be created at regular intervals.