Which antivirus to choose, which of them works better and faster?
Which antivirus to choose, which of them works better and faster? These and many other questions arise for users of Windows operating systems and, to a lesser extent, Android. To understand how to choose the right antivirus, let's figure out how they generally work, and whether it makes sense to choose.
Signature analysis
The very first function that appeared in antiviruses and is still the main one is scanning files for threats. Let's take a look at what a threat is and how an antivirus scanner can detect it.
A virus is a malicious program that can exist on its own or be attached to another program. Any program, first of all, is a code, i.e. sequence of characters. A signature is a kind of squeeze out of the program code, which is entered into the anti-virus database. A virus is considered found as soon as the scanner detects a signature in any file.
It turns out that the more signatures there are in the anti-virus database, the better it is? All antiviruses (except for a certain type of antivirus) use their own signature database, and the more current viruses there are, the better.
But, if antiviruses store all signatures in the database, then it will grow to an unprecedented scale, and scanning for viruses will slow down the computer so that it will simply become impossible to work on it. Therefore, antivirus developers select signatures based on their relevance to the current operating system.
Heuristic analysis
The next stage in the development of antiviruses was heuristic, i.e. smart, analysis. In the course of studying the code of various viruses, it turned out that hundreds of different viruses were created to perform a similar task, and they do it using the same commands in programming languages.
Heuristic analysis, based on the "experience" of old viruses, tries to detect new viruses that are not in the database. This is such an efficient analysis that you no longer need to store thousands of old signatures, because these old viruses are detected by the heuristic analyzer.
You can even say more, the least threats are detected by signature bases, heuristic analysis takes the bulk of the load... True, if the lion's share of the viruses detected by the smart algorithm had not been known earlier, the result would have been much more modest, but still.
New types of antiviruses are even beginning to appear, which do not have a signature database at all, and they work only on the basis of heuristic analysis. But, probably, this is the technology of the future, but for now, popular antiviruses use signatures and heuristic analysis at the same time, and such a "combo" improves the quality of scanning.
As you might guess, the heuristic analysis algorithm works very similarly for different antiviruses. Everyone has it, but the better the algorithm, the higher the quality of the antivirus in general. In the cons of heuristic analysis, you can write down false positives, and I think you have heard about them more than once.
This is when the antivirus reports that a virus has been found in the program, but in fact the virus is not there, it just "seemed". This happens because program commands can be used not only to cause harm, but also as part of the program's functionality, for example, to delete system files.
Usually, all patches, "cracks" and "drugs" for licensed programs, antiviruses are considered viruses, because they interfere with the contents of executable files, which is how a virus is introduced into the bodies of other programs.
Search for potentially dangerous programs
Antivirus developers decided to develop further, and apart from viruses, they identified a separate type of programs - potentially dangerous (PUP). These are programs that perform the functions assigned to them, as well as something "marked in small print." That is, it is not a virus, but the actions of the program may "surprise" you.
For example, a program can install extensions and toolbars in browsers and office programs without the user's permission. What are the sensational Mail.ru and Yandex bars. Also, other programs can be downloaded and installed, such as a new browser, and advertisements can be displayed.
A potentially dangerous program can change the home page in all your browsers and thoroughly settle in all sections of Windows startup. All this would be half a trouble if it were not for the fact that PUP is difficult to remove from the operating system.
Regular uninstallation via Add or Remove Programs removes the program, but traces of its work remain. After cleaning some part of the unwanted program, the remaining code will revert everything back. The most interesting thing is that sometimes it is not at all clear how to return the corrupted parameters of the operating system. In some cases helps rollback to a working system restore point, and in others - only reinstalling the OS helps.
Therefore, antiviruses offered the option of identifying potentially dangerous software. The disadvantage in this method is the same as in the heuristic analysis - false positives. The response may not be false, but you really need the program. In such cases, the program is easily added to the exceptions.
Different antiviruses use a similar algorithm for detecting potentially unwanted programs. Some antivirus will have it more sensitive, while others will have it less sensitive.
Antivirus functionality
Antiviruses differ greatly in type: scanners and resident programs. Scanners can scan your hard drive for threats, and they do it well. But scanners only work at user request and on schedule.
The scanner can find an already infected program, but it cannot prevent infection. just can't. These antiviruses are useful for disinfecting an infected computer, for example, by booting from a USB flash drive.
The second type is memory resident antivirus programs. Resident antivirus resides in the computer's RAM and monitors running programs, processes and new / changed files on disks. As soon as the virus appears, for example,Intel evaluated the impact of Meltdown patches and Specter on processor performance (tests), the antivirus will detect and neutralize it, preventing infection of the OS and further multiplication of the virus. All the usual popular antiviruses are resident.
Resident antiviruses also differ in functionality, and the main significant difference is the ability to catch threats from the Internet on the fly, i.e. on sites in the browser. As a rule, free antiviruses are limited in their web protection capabilities, but otherwise very good, here a list of trusted free antiviruses handpicked by professionals... Paid antiviruses provide complete protection.
Which antivirus is the most correct
Alas, there is no definite answer to this question. If you look at the ratings of antiviruses from independent testing laboratories in terms of such indicators as the effectiveness of antivirus protection, performance, updatability, user-friendliness of the interface, etc., it turns out that all popular antiviruses go hand in hand.
The first place is given to the user's preferences, what functionality he needs. Gone are the days when Kaspersky slowed down the system so much that Windows just hung up and Avira mercilessly glitched. Antiviruses have entered a new stage, combed their hair and are ready to keep order in the operating system.
The capacities, even of budgetary ones, of desktop systems have also grown, incl. the difference in the performance of antiviruses can only be noticed in specially conducted tests.
Someone wants an antivirus with advanced firewall settings, while someone wants a fast built-in VPN. Another antivirus will offer a convenient built-in password manager, or simply pause protection in two clicks. Antiviruses today compete more in additional functionality than in basic.
