Antimalware is a type of software program created to protect information technology (IT) systems and individual computers from malicious software, or malware. Antimalware programs scan a computer system to prevent, detect and remove malware.
Antimalware software uses three strategies to protect systems from
malicious software: signature-based detection, behavior-based detection and
sandboxing.
1. Signature-based
malware detection
Signature-based malware detection uses a set of known software components
and their digital signatures to identify new malicious software.
Software vendors develop signatures to detect specific malicious software. The
signatures are used to identify previously identified malicious software of the
same type and to flag the new software as malware. This approach is useful for
common types of malware, such as keyloggers and adware, which share
many of the same characteristics.
2. Behavior-based
malware detection
Behavior-based malware detection helps computer security professionals
more quickly identify, block and eradicate malware by using an active approach
to malware analysis. Behavior-based malware detection works by identifying
malicious software by examining how it behaves rather than what it looks like.
Behavior-based malware detection is designed to replace signature-based malware
detection. It is sometimes powered by machine learning algorithms.
3. Sandboxing
Sandboxing is a security feature that can be used in antimalware to
isolate potentially malicious files from the rest of the system. Sandboxing is
often used as a method to filter out potentially malicious files and remove
them before they have had a chance to do damage.
For example, when opening a file from an unknown email attachment, the
sandbox will run the file in a virtual environment and only grant it access to
a limited set of resources, such as a temporary folder, the internet and a
virtual keyboard. If the file tries to access other programs or settings, it
will be blocked, and the sandbox has the ability to terminate it.
Uses of antimalware
Antimalware can help prevent malware attacks by scanning all incoming
data to prevent malware from being installed and infecting a computer.
Antimalware programs can also detect advanced forms of malware and offer
protection against ransomware attacks.
Antimalware programs can help in the following ways:
- prevent
users of from visiting websites known for containing malware;
- prevent
malware from spreading to other computers in a computer system;
- provide
insight into the number of infections and the time required for their
removal; and
- provide
insight into how the malware compromised the device or network.
No comments:
Post a Comment