When antivirus was developed, an antivirus software provider would learn about a piece of computer malware. It would then record the code and enable its software to scan a computer for the malware signature. Soon, security companies began to share information about the viruses they detected. Consumers benefited from their combined efforts to stop malware in its tracks.
As the Internet has expanded and the number of connected devices has grown, the sheer volume of malware from phishing emails, from malicious websites and from other sources is more than signature-based antivirus solutions can handle. Also, today's malware is designed to morph and change to evade signature-based detection.
By nature, antivirus software is reactive. It may protect individual machines from known threats, but it doesn't stop attacks until those malware signatures are detected. Fortunately, the best antivirus software is evolving to handle today's threats. Instead of becoming obsolete as some experts have argued, antivirus has evolved in seven primary ways to become more relevant than before.
Antivirus software and deep discovery tools can detect malware based on how a snippet of code behaves. By using data analytics to review the patterns associated with known malware, behavior-based blocking identifies code with similar characteristics or operating patterns to existing malware. In addition to pattern analysis, behavior-based blocking tools analyze the reputation of the source that transmitted the code. They also sandbox suspicious pieces of code, running code in a silo to expose malware without infecting the network or end-user devices.
Web Browser Integration
Today's antivirus solutions can analyze websites and prevent users from opening pages containing malicious code. Working as a browser extension, antivirus software can greenlight safe pages and red-light potentially dangerous pages. Many antivirus extensions also incorporate privacy tools, and they allow parents to control which sites their children can browse.
Network Access Monitoring
Modern antivirus tools log network access events. They record each time a user accesses a database, a set of files or a server and make note of any unusual patterns. For example, the software may send out an email alert if a user tries to access data from an unfamiliar IP address. Also, IT can review employee logs to see if data was accessed using an unfamiliar browser or from an unusual location.
Whitelisting Approved Sites
Instead of just blocking known malicious websites, applications or data, today's antivirus tools allow IT to take a whitelisting approach to security. By default, end users have access to nothing online unless it's authorized by IT. Whitelisting removes the burden of trying to detect every possible malicious site or application. Instead, users are given access to only what they need, and they avoid exposing the company to dangerous or malicious sites that may escape threat detection tools.
Early Warning Services
Security companies are competing to sell products, but they also work as a community to protect consumers and businesses from malware threats. When one company's antivirus tools detect a new threat, that company shares the information to keep threats from spreading.
Some antivirus tools offer Web-crawling tools that crawl websites looking for malicious executable code. The tools then blacklist dangerous websites from the company network, and they provide an early warning to other security companies that keep the malware from spreading.
Instead of detecting threats and then quarantining them, some antivirus tools isolate applications from a computer's operating system. Applications work as they should, but if any code from the application attempts to make changes to the operating system, the suspicious code is isolated and then discarded when the application is closed. Bromium creates a microenvironment for every task an application executes. Its vSentry solution detects any code's attempt to propagate, persist or compromise the microenvironment. Polymorphic malware can be eliminated even on unpatched computers, and IT can have a full view of the attack forensics.
Ignore the hype that says antivirus is obsolete; it's still an important component of any security strategy. Security companies are constantly incorporating value-added services into their antivirus solutions. Simply put, today's security programs have made significant advances from your mother's antivirus software.