Anatomy of an Internet Security Product

| Posted by , under Uncategorized

Now, we all heard about detection, prevention, cleaning, behaviour blocker, firewall, Antivirus, Anti malware, detection tests, antivirus tests….it can be confusing… What is what and and more importantly what do I need as a consumer!

I will try to explain whats involved in desktop security products and hopefully will arm you with more knowledge about what to expect from them in an interview like style, hope you like it.

First of all: What the hell is Virus, spyware, trojan etc?ย 

Well, you know when you click on an application to run….. well it is just that.. a malware (which is a general name used for all the bad stuff like virus, spyware, trojan, rootkit and so on) is an application. Just a bunch of code that you send to your CPU (Central Processing Unit) for execution. For example you send a code (an instruction) to your CPU to turn a specific Pixel on your monitor to a specific colour.. Malware sends instructions to your CPU to do nasty stuff.. thats the only difference between a good application and malware they are both bunch of instructions that your CPU understands.

Now that we get what malware is…which security product do I need? What is anti virus? why do i need Firewall and million other questions in my head as the consumer.

Lets get to the basics…..the security products can be classified into 3 areas

1)Prevention: Eg it prevents stuff from coming into your computer in the first place
2)Detection: it detects when stuff enters your computer
3)Cleaning: You are toast, cos you are infected so need a decent product to clean up the mess.

So lets start by talking about AVs (Anti Virus)

A good analogy to Anti Virus would be a policeman who has a Photo Fit of a murderer and trying to find/detect that criminal amongst the people/files. So is Anti virus 1, 2 or 3?

Wow.. good job…you guessed right.. its 2! It can’t stop someone becoming a criminal but can detect them. So an Anti Virus product could never prevent a new Virus it doesn’t know about from infecting your machine. Just like a policemen can’t arrest a future murderer cos they haven’t committed the crime yet. Anti Virus products were invented in the late 1980’s as “Cleaning” products. Those days infections were at the speed of how fast you could exchange a floppy disk with your friends ๐Ÿ™‚ But nowadays the number of malware is increasing drastically and the speed in which the infections occur is increasing in speed thanks to internet. So can your Anti Virus company give you a guarantee that you will not be infected because they can’t possibly know the next Virus? Of course not, that’s why using Detection only mechanism as your sole protection will leave you as secured as a little lamb in the African desert surrounded by hungry lions!

What is Anti Spyware then?

Same as above…. there are few different nasties and they have been classified as virus, spyware, adware, rootkit etc etc.. at the end of day they are all Bad Code written by bad people.

Ok what is Anti Rootkit then?
Same as above… they are all baddies… just different names cos they way they operate is slightly different..at the end of the day they are all instructions sent to your CPU to do nasty stuff, from deleting files, to stealing your confidential information, to stealing your CPU power and internet connection. Same goes to Anti trojan, anti this and anti that…. same stuff…

What is a firewall then?

Firewall has 2 tasks really…one to stop people from getting access to your pc from internet..its like your internet door.. (but don’t be fooled cos everytime you browse some website you are opening this internet door to that website…just having firewall doesn’t mean you are secure). And the other task is for detecting if anyone is making a call home from your PC. Go to your local Clothes store and try to steal something…..the alarm you will hear, as you try to sneak out of the door while two big guys are running towards you, is because the garment is tagged, so anything leaving the premises will raise the alarm. Well thats what firewall for your computer do. It will raise alarm bells if someone is trying to make a connection from your computer to the outside world. So Firewall falls into both Prevention and Detection category…

So what can clean my computer if i get infected?

Now thats an important question…. Cleaning infection is not as simple as deleting a file on your hard disk. Some of these nasties hide themselves well and bring themselves back to life even after your Anti Virus deletes them at every start up of the operating system. Depending on what kind of nasty has infected you the choice of the cleaner (Anti Virus) product could be determined.

So how do I prevent these nasties coming into my computer in the first place?

The key is not to run an “unknown application”. The problem is, a file you are about to run on your computer could be a malware. You need a system that automatically sandboxes any unknown file. This way any new unknown application which turns out to be a malware won’t be able to infect your computer. There are many ways these things come into your computer, from USB sticks to you simply visiting a website. Yep, simply visiting a website could get you infected!

So what does infection mean again please?

Remember its just a piece of code that uses your CPU to do nasty stuff like giving out confidential information etc. All these bad stuff is merely a fight for control of your CPU so that they can get that CPU to do stuff that they want. Afterall if they control the CPU they can do anything they like with your computer.

So how do I stop these coming into my computer in the first place?

Excellent question!

Containment is the key. When was it last time you opened the door to a stranger blindfolded and invited them in?

Umm ย Never

Well you do that in the digital world every day. Think about it, how many unknown executables (applications) you have on your computer or network at the moment?

Umm…I dunno

How many strangers live in your house?

Haha..None!

So you know there are no strangers living in your house, but when it comes to your digital world, you don’t know how many unknown (strangers) living in your computer or network.

I see the problem now ๐Ÿ™‚

So Comodo uses “Containment” technology called “Auto Sandboxing” to stop any new malware from infecting my computer? Did i get this right?

Spot on!

Cool ๐Ÿ™‚

So in summary…a security product can provide you

Prevention
Detection
Cleaning

and you need to prevent the bad stuff coming in to your computer in the first place. For that you need new technologies based on Containment Security like Comodo Internet Security. Your first line of defense must be to
prevent the malware from coming in.

Melih