Since they pass or store so much valuable and sensitive data, such devices are now a tempting target for criminals, who try to gain uninvited access. This is usually done by first installing – or getting the user to install – dangerous software on the PC, which is usually invisible to casual inspection.
As well as sending sensitive data stored on them to unknown attackers, PCs are sometimes hacked in order to take control for other unlawful hacking use. For example, most of the world’s spam email is sent via compromised Windows PCs, all unknown to the PC user. Many PCs colectively under the control of a cyber-criminal organisation is known as a botnet.
Most attempts to break into computers are aimed at Windows PCs, in part because Microsoft still has a near worldwide monopoly on personal computers, making them far more abundant; and in part because Windows is an inherently less-secure platform, designed before the internet age, and easier to compromise.
Malware is the name given to any combination of virus, Trojan, worm, spyware, rootkit or keylogger, usually designed to allow a remote attacker to gain control of your computer.
Security software is designed to prevent your PC from becoming infected with malware in the first instance. Additinally, it should also help remove malware that it let slip through and is now already installed.
Note that security software will not protect you from security holes and vulnerabilities that may exist in the computer operating system. Nor will it prevent your computer being taken over by security flaws in third-party software on your PC, such as Adobe Flash and Adobe Reader.
The simplest security software is sold as ‘anti-virus’; in fact, it’s usually designed to indentify and block any of the usual malware variants of virus, Trojan, worm, etc.
Anti-virus software today usually takes a two-pronged approach to spotting malware before it reaches your computer: signature identification, and heuristic detection.
Signature detection requires the anti-virus software to compare every file it sees, to a database of the ‘digital fingerprint’ of known malware. There are around 2.5 million known malware variants targetting Microsoft Windows, and the AV software should have all these in its database.
Windows malware evolves so fast, signature-based detection is not sufficient to catch it all. Some security software vendors are suggesting that more than 50,000 new strains of Windows malware appear, every single day. Clearly, that’s too much for signature-based detection to catch as the vendors cannot update their databases fast enough.
Instead, AV software now usually tries to determine if incoming files to the PC have any of the recognisable attributes of dangerous malware. This system is handy to help prevent new and untested malware from reaching the Windows PC, but it is not as reliable.
Most AV software has a success rate of 90%-plus for indentifying malware by signature. Other ways of ‘guessing’ the existence of malware are less effective, and are currently around 50-75% successful.
Anti-virus software may also incorrectly indentify innocent files as threats, resulting in ‘false positives’. As well as wasting the user’s time and promoting unnecessary infection anxiety, they undermine the reputation of the AV software maker – especially when important Windows systems files are marked as suspect and thereby quarantined. This can result in a non-functioning Windows PC.
If malware does get correctly detected on a PC, anti-virus software has varying levels of success in removing it. The industry average for successful removal of viruses, etc, is currently around 85%.
So bear in mind that modern anti-virus software alone will not prevent your Windows PC from becoming infected; but it can reduce the chances to better than a 1-in-2 chance when confronted by new malware variants.
See all: Anti-virus reviews
Once installed, security software is always working in the background, often making heavy use of the PC’s CPU. Running anti-virus software on a computer will reduce its performance, usually noticeably so to the end user. In the case of mobile devices such as laptops and smartphones, it also has the effect of reducing battery life.
On-demand scanning takes place when you specifically ask the security software to check a file, folder or storage device for the presence of any hidden malware.
On-access scanning takes place whenever you move a file or folder; for example, copying a file from one location on your PC to another will invoke the on-access scanner. This scanner will check every byte of the transfer for malware threats, slowing down the operation and taking processor power in the process.
The time it takes to start the PC, known as the boot time, is also increased by the operation of security software, sometimes markedly.
Look for security software that has minimal effect on PC performance.
Internet Security Suites
Security software vendors often bundle related software with anti-virus. These include firewalls, parental control software and online backup systems. While potentially increasing security for the user, the added bloat can also slow the PC further.
See all: Internet security suites reviews
Anti-virus software vendors have a sales model built around annual subscription. Typically priced from £25-50 per year, a subscription entitles you to download updated virus definitions for the latest known Windows malware.
When the subscription period expires, anti-virus companies advise you to renew your subscription in order that you can receive updates to their ever-changing database of malware.
Sometimes AV software is licensed per single computer, or for a fixed number of PCs – eg, a three-seat license.
Since many homes have more than one Windows PC, if you want to install anti-virus software on them all, look out for ‘household’ licenses which allow use on as many PCs as are in use by a family.
Mac OS X and Linux are desktop operating systems that do not attract anywhere near the level of malware as Windows. Security software is available for these platforms, usually to help screen out Windows threats and prevent them being passed on to Windows-using colleagues.
At present, there are no viruses in the wild that affect Macs, for instance, although there are some isolated reports of Trojans. These require the explicit consent of the user to be installed, by typing in an administrator password.
There are reports of malware designed for the Google Android mobile platform, and security software vendors are now releasing anti-virus software packages to help users fight the dangers. Google, meanwhile, responded to the last raft of Android malware by removing apps from its Market that were known to be hazardous.
No malware exists on the official Apple iPhone platform, although handsets that have been unlocked to run unapproved apps (‘jailbreak’)are at risk.
RIM BlackBerry OS likewise has no known malware in the field.
Windows Mobile did attract various forms of malware, and this can still pose a threat to users of Windows Mobile handsets; the revised Windows Phone 7 OS seems to have avoided the attention of virus writers so far.
See also: Security Advisor