BotNet News

Your source for Online Security News


Antivirus is a baseline tool that MSPs use to protect clients against malicious files and malware, but understanding how it weaves into a larger cybersecurity strategy requires more than a passing familiarity with the basics. This article will help MSPs understand how antivirus protection works, what to look for in a program and the most effective way to deploy it.

Antivirus software is designed to prevent viruses and other malware infections by detecting and eradicating threats from singular computing devices, systems or IT networks. AV programs analyze websites, files, installed software and other data to parse for suspicious code. Typically, they monitor day-to-day program behavior, flag anomalies and alert the user; they can also run comprehensive scans of entire devices or specific folders on demand.

The most traditional form of antivirus software – still the one that many users are most familiar with – relies on signature-based detection, which matches suspected malware code to a database of known malicious signatures. This method can be slow and ineffective, especially as malware developers tamper with their creations to avoid detection or release polymorphic strains that change their code over time.

Newer forms of AV protection focus on behavior-based analysis, comparing new files and programs to existing ones to identify suspicious characteristics. Some rely on sandbox analysis, which runs a file in an isolated environment to observe its behavior before permitting it into the real world; this can also be useful in identifying hidden programs and spyware that may not register as malware under typical AV signatures.