Anti-Virus Software

Detects viruses and notifies the user that a virus is present on his or her computer. This kind of software keeps a data set of “fingerprints” on file—characteristic bytes from known viruses. The anti-virus software then searches files and programs on a computer for that fingerprint, and when it discovers a recognized fingerprint belonging to a virus, the anti-virus software alerts the user.

Virus writers have begun to use code-morphing techniques to avoid detection by anti-virus software by altering the machine code of the virus program while maintaining its malicious functionality. Thus, the signature of the virus is changed and detection by anti-virus software is avoided.

In short, anti-virus software is not foolproof. On February 25, 2005, for example, a critical vulnerability was reported in the anti-virus engine used by Trend Micro’s complete product line of client, server, and gateway security products. For that month alone, it was, in fact, the third report of flaws found in recognized security firms’ anti-virus software.

Although reported vulnerabilities in security products are more rare than they are in operating systems such as Windows, they do indeed exist. For example, the well-recognized Symantec company has had 108 reported vulnerabilities in its products (including Anti-Virus, Norton Utilities, Raptor Firewall, NetProwler, Anti-Spam, Web Security, Gateway, and others). Trend Micro has had 59 reported vulnerabilities in its products (including OfficeScan and VirusBuster), and F-Secure has had 12 reported vulnerabilities in its products (including Policy Manager, Backweb, and Anti-Virus).

Therefore, because anti-virus software products do have vulnerabilities, they tend to provide a false sense of security to purchasers who think they are 100% reliable. Though users buy firewalls to halt “bad traffic,” they can inadvertently install software that allows intruders into their system.

See Also: Code or Source Code; Computer; Firewall; Virus; Vulnerabilities in Computers.