How to Protect your System from Viruses | Antivirus

 Antivirus tools security check revealed that the tools themselves have obvious weaknesses. CHIP will tell you how you can close vulnerabilities and protect yourself from threats posed by malware.

Symantec security experts log 13 million new variants of malware per month. Antivirus systems are designed to protect against this threat, but it is obvious that they themselves are vulnerable and subject to attacks.

CHIP checked antivirus software along with AV-Test. The result gives cause for alarm: in some cases, transmission channels are insufficiently protected, in other cases, manufacturers use unreliable program libraries. We'll show you which antivirus tools are worth recommending, how programs' defenses work and explain how you can best customize these tools.

Even if you use good anti-virus protection, you need to additionally use programs from other manufacturers. This way, you can effectively secure not only a stationary PC but also mobile devices - and at the same time, it does not matter if it is about Android or iOS.

This is how antiviruses protect

Modern antivirus applications not only protect computers from known threats but also offer tools against zero-day vulnerabilities. To do this, they use heuristic methods to constantly monitor the PC. But for programs to effectively control the system, they need extended rights.

It gets to the point that they can often control and change the OS to a greater extent than a registered user. For hackers, successful attacks on antivirus tools become the easiest solution, since through these tools they can immediately gain system access to the PC, as well as to deactivate the control function of antivirus monitors. total security software vendors fight these three anti-hacking features.

Secure Connection at Boot

The first level of protection is used already on the manufacturer's website. After all, antivirus developers no longer distribute their programs on DVD - they are mostly provided to customers as a package with a downloadable code. The advantage is that the user will always have the latest version. Some vendors distribute software over a secure HTTPS connection. The data transmission channel is encrypted, manipulations are practically excluded.

True, some companies still rely on insecure HTTP connections. In theory, in this case, hackers can intercept the data stream and slip the user into an unsafe, externally controlled version of the antivirus. AV-Test discovered such an unreliable download channel from several manufacturers. After seeing the results, the firms solemnly vowed to eliminate all deficiencies and expressed their intention to transfer data in the encrypted form very shortly.

Signature Only Updates

To ensure that only certified and signature-protected updates are downloaded to PCs for scanning files, antivirus programs use certificates, although not very consistently. With their help, the manufacturer signs individual software packages. When it arrives at the user's computer, the anti-virus tool checks the authenticity of the digital signature and installs updates.

Thus, unlawful updates are excluded. But this is done on the condition that the antivirus program works perfectly from the very beginning and has the optimal settings set by the manufacturer - unfortunately, very many applications do not meet these requirements. And you will have to act on your own - more on this on the following pages.

Hardware Protection at the Processor Level

Starting with Windows XP SP2, the Microsoft operating system supports Data Execution Prevention (DEP) protection, which runs directly on the processor. The principle of operation is relatively simple: the OS uses a special attribute NX-Bit (execution inhibit bit) for a specific area of ​​memory where critical data is stored.

If some program, for example, when memory overflows, tries to use a processor register, DEP blocks access and sends information about this to the operating system. Today the technology is the standard, but despite this, not everyone uses it. DEP by itself does not provide 100% protection. Therefore, manufacturers use the function in conjunction with other technologies.

Memory overflow prevention software

To prevent hackers from guessing where critical data is stored in the computer's memory, ASLR (Address Space Layout Randomization) technology was developed more than ten years ago. In this case, programs receive their memory areas at random. ASLR was first used in Windows Vista. IOS 4.3 was the first among mobile systems, followed by Android 4.0. But ASLR does not provide a 100% security guarantee either. Using various techniques, hackers circumvent random distribution.

For example, through the so-called "spraying", the malware spreads throughout the drive. Thus, hackers provoke a memory overflow, thanks to which they can then perform their manipulations. So that this does not go so far, antivirus manufacturers try to ensure that only certified software is allowed on a computer.

Optimize Antivirus Programs

Especially for browser add-ons and update settings, you will need additional settings, since not all the functions of an antivirus tool are always useful for the security of your own system. Sometimes it is even better to completely disable an option.

Set an Optimal Time To Update

The effective protection of antivirus programs depends on timely updates. Security researchers assume that the publicity gaps have been actively exploited for hours. However, many antivirus programs run automatic updates only once a day, or even less frequently. Better to set the update frequency to 12 hours. This will suit most users. If you often visit unknown sites or install programs on the system, then this interval should be reduced to two hours.

Browser Toolbar

Most antivirus vendors install a browser add-on that controls the search process and the websites that are opened. The catch is that some of the web browser add-ons themselves are not reliable. Google security experts have found that, for example, the add-on activates special JavaScript APIs that are generally considered unsafe. Meanwhile, already has patches for the app.

In addition to security considerations, in the case of some add-ons, the issue of annoying ads is still acute for users - like, for example, It would seem that it is a good intention: this is how wants to show the user the most favorable online prices for products that the user sees directly in his browser using the SafePrice function. And here's what lies behind this concern for the user: with every click, the company makes money.

To alert you to dangerous sites, the tools scan all browser network traffic in the background. To enable programs to scan traffic from encrypted sites for viruses, the tools act as proxies, similar to middleman attacks. However, here, in the case of SSL proxies, security experts found weaknesses.

Among them, for example, is the famous explorer Tavis Ormandy. He considers the approach of antivirus vendors fatal since the use of proxies opens up additional opportunities for hackers to attack. And browsers themselves warn about dangerous sites - toolbars of anti-virus programs do not carry any additional protection.

Enable USB Protection

Virus protection, for example, helps with attacks originating from USB devices. To do this, the tools block access to external media. Malware such as BadUSB has no chance in this case. In the case of BadUSB, ordinary USB flash drives act as a hidden keyboard from which program code is invisibly entered.

This USB protection can be purposefully activated in many antivirus tools. If your antivirus does not support this feature, you can alternatively use MyUSBOnly (myusbonly.com, cost: about $ 29.9 - 1,750 rubles).

Professional PC Protection

With all the variety of antivirus programs, you can further enhance the protection of your devices using simple tools. We'll show you what tools you need and what settings you need to make.

Independent Infection Check

If you visit an unknown site that you do not know about, use the virustotal.com online service. After entering the URL to be verified, the service checks the web resource and displays a detailed report.

Additionally, the portal provides the ability to check files. If, for example, the antivirus system warns that a file on your hard drive is infected, you upload the file to virus total, and there it is scanned by several antivirus tools from well-known manufacturers. This allows you to check false alarms from your anti-virus protection with sufficient reliability.

Outsmart the Ransomware

Backups are the best solution for such scourge as ransomware Trojans, but there is a simple trick to outsmart such malware. New ransomware viruses do not encrypt the entire hard drive, as antivirus tools detect and block such access. Instead, viruses purposefully search for documents and images on disk and encrypt them.

This can be prevented by storing such files in an encrypted folder. Malware cannot get into it. To do this, you need to use the VeraCrypt tool and create an encrypted vault for your documents.

Security Check

Microsoft, with its Baseline Security Analyzer, offers a program that purposefully searches for weak points on a PC. To do this, this utility checks the installation of all necessary patches and the correct configuration of critical settings in the system, for example, a firewall and a strong password. Next to each alert, you will find a “Corrective Action” link that explains how to resolve the identified issues.

Protect Mobile Devices

On mobile systems, a combination of antivirus and add-on software should also be used. In the case of Android, this will be even easier, as the antivirus scanner, like Windows, scans the entire system. On the other hand, iOS users will have to use special tools.

Installing System Updates

By installing the latest operating system updates, you prevent most attacks on your smartphone or tablet. To run iOS updates, go to Settings | General | Updating software ". Updating is best done only through this operating system function.

If you boot through a program on an infected computer, external interference with the firmware files may occur. When updating within iOS, the download is encrypted and signed. Use the Lookout security app to check for malware on your mobile system. It checks for unwanted jailbreaks or malicious utilities on the device. The app can be found in the App Store.

The security level of Android devices is slightly lower. In particular, low-end models from newbie manufacturers do not receive firmware updates. The latest version of Android Nougat (version 7), according to Google, is installed on 11.5% of all Android devices. Almost half also work with Lollipop or Kitkat, two vulnerable versions of the operating system. To check the availability of new versions of the operating system, open on your tab "Settings" and go to the section "About phone". Here select "Software Updates".

Installed applications also need to be kept up to date. To do this, the Android system has an automatic mechanism that must be activated manually. Open the Play Market app and click on the three stripes in the upper left corner. Then select "Settings" and in the section "Auto-update applications" activate the option "Only via Wi-Fi". The system informs about upcoming updates in the drop-down menu that appears if you drag the top edge of the screen.

Install Protection Tools

Thanks to the rigid architecture of iOS, you don't need to use any additional antivirus software - the Lookout app is enough. Programs do not check the system. The situation is different with Android. Here you will have to use additional security software anyway, especially if you are using an older version of the operating system. Such tools are shown in the picture in the lower-left corner.

Installing an antivirus program will provide good protection. You can protect yourself from phishing attacks with the optional Financial Security utility. It checks known banking apps and the browser in the background for correct checksums. Thus, manipulation with applications is almost completely eliminated. Also, the tool checks the Internet connection for suspicious traffic diversion. If, for example, malware is installed on the device that displays data, will detect this and immediately block access.

Using a Dedicated Browser

Antivirus and anti-phishing applications protect against most threats. But to get your hands on a preventive weapon, you need special protection for using the mobile Internet. Cliqz Browser from the Google Play Market works best. On the one hand, the browser will prohibit data collection through tracking, and on the other hand, it will prevent access to passwords and user account data.

If you use information and applications as described in this article, most viruses will not pose a threat to your devices, even if your anti-virus protection has a couple of weak points. Nevertheless, in no case should you forget about maintaining the current state of programs, otherwise even the most sophisticated technologies will not help.