Virus Protection

Защита от вирусов

Most computer users and system administrators, many of them with their own bitter experience, have come to realize that antivirus protection is, in some way, essential. But it is not easy to scale antivirus solutions for home users or small business users to meet the needs of the corporate environment. Therefore, you should carefully consider the choice of antivirus solution for your company network, as it should be possible to scale this solution in the future with the growth of your enterprise network.

How antivirus solutions work

Antivirus software uses several different methods to detect and protect against malicious code:

  • Most antivirus programs use databases of known virus signatures. Signature is a certain string of binary code that functions as a specific virus identifier. Each virus (and its variations) has a unique signature. Because new viruses are created on a daily basis, antivirus software often needs to update its databases. Most antivirus programs include automatic updates. They join their suppliers' websites at scheduled times and upload new signature files.
  • Some antivirus programs use integrity checks to determine if files have been modified (such changes may be caused by viruses). The program can then allow the user to recover the file to the state it was in before the infection.
  • Antivirus programs can use heuristics to protect against new viruses that have not yet been identified. This is a method of analyzing its suspicion based on code building and not searching for specific signatures.
  • Some antivirus programs use a virtual machine environment called a "sandbox" to run suspicious code to understand how the suspicious code behaves and what it does.

Antivirus software can also scan files that are already on your computer hard drive and files (such as email messages and downloaded files) that are written to the hard drive when they are downloaded. The program can scan files before they are opened, and most antivirus programs are built to include the ability to scan files in the process of using them.

When antivirus solutions do not work

Unfortunately, those who write viruses have many ways to bypass antivirus programs or defeat them:

  • Hidden viruses that load before antivirus software loads and hides its activities.
  • Polymorphic viruses that change each time a virus infects a new computer, like mutating biological viruses.
  • Viruses that attempt to shut down their antivirus software and / or block antivirus software providers from accessing websites to prevent new alerts from being loaded.

Antivirus solutions based on the host

The traditional method of protecting against viruses and other malware is to install an antivirus program on each workstation and on servers connected to the Internet, such as email servers and web servers.

Host-based antivirus software is usually good at detecting viruses in e-mail and is essential for protection against viruses that are installed locally (for example, on a removable hard drive, USB key, or memory card). But it does not protect well against websites and viruses that come with instant solutions. Even more important is that it does not protect the network itself; The latter must be hit on a local machine to detect the virus.

Host-based antivirus software can also reduce productivity because scanning for viruses takes quite a lot of processing time. When scanning with an antivirus program, other consumer programs may not work properly. Programs running in the background can also prevent some consumer programs from installing properly.

If a company relies on a host-based antivirus to protect its network, it may overlook laptops that bring employees to connect to the network, or home computers from which employees access the network remotely. You may not easily be convinced that an updated antivirus program is installed on these systems.

Finally, host antivirus (AV) programs are controlled by individual users. Users can disable the antivirus program, change its settings, or open quarantined files.

On the other hand, host-based antivirus software is relatively inexpensive and easy to install on small networks.

Network antivirus solutions

Network antivirus solutions are deployed at the Brandmauer or server level. Brandmauer-based antivirus solutions stop viruses and worms on the perimeter of the network, so the latter are never found on the network. There are several ways to implement network antivirus solutions:

  • A device in the form of an inter-network screen to protect against spam and spyware that blocks viruses.
  • Additional software or modules for software or hardware brand-makers, filtered at the consumer application level
  • Mail-based antivirus software that runs on e-mail
  • Scan incoming and outgoing mail notifications and attachments for viruses and catch them before they reach users' mailboxes or before they are sent to the network.

Considering scale

 Software installation and maintenance can be cumbersome, costly, and error-free (machines may be vulnerable to outdated software). As your network grows, you should consider deploying a network solution that allows you to establish centralized control over the detection, blocking, and deletion of viruses.

At the enterprise level, Fortinet or Sophos solutions integrate antivirus, content protection, and IDS features through hardware clustering. This creates a good scalable solution as new cluster nodes can be added as your needs increase so you can maintain optimal productivity as your network grows

Vendors

DDoS-атакизащита от DDoS-атакиDDoS-атаки

If you are interested in learning more about virus protection solutions, please contact us at our office for advice.

Send a request

Office in Tbilisi:
Georgia, Tbilisi, Tsereteli Ave 116, 0119
Tel.: +995 (32) 234 16 09
e-mail: infotel@infotel.ge
Office in Kyiv:
03110, Ukraine, Kyiv,
Solomenskaya St., 3-B, office 205
Tel.: +380 (44) 520 2030
Fax: +380 (44) 520 2028
e-mail: infotel@infotel.ua
© Infotel Group 2004 - 2022.
All rights reserved.