How To Test For Anti-Malware Effectiveness?
The “Ransomware Business” and the “Cryptocurrency mining epidemic” have become more and more sophisticated through the years, cybercriminals are after profit. Most people who use various computing devices are connected to the Internet fulltime. This means that all users of Internet-connected devices are constantly exposed to these threats, and security measures are a very important aspect that cannot be ignored. However, unlike in a corporate network where there is sophisticated Endpoint protection it seems that many users feel strongly uneasy when using antivirus products, for various reasons, including bloatedness of such software.
The key to security is a software update. Many software vendors continually publish patches via its internal update facility and for Windows, they are distributed using Windows Automatic Update. It is important to respond to new threats by updating to the latest software. The distribution of patches may be discontinued for older software, so keep the software up-to-date to keep up with the latest risks.
The extended support for Windows 7 will end on January 14, 2020. This means the end of the provision of the security update program, and even if an OS vulnerability is found, it will not be corrected and will be very risky. Early migration to the latest OS is recommended. In the early days of Windows Defender, there was only a countermeasure function against spyware, but with current Windows 10-based ones, functions from conventional products, including general antivirus functions. It is strengthening. Currently, Microsoft has a function to quickly reflect the latest threat information collected and accumulated from the world daily in the cloud, so it is comparable to third-party antivirus products in terms of detection rate as well.
Although it is difficult to completely prevent malware, using antivirus software can eliminate the most common malware. Antivirus software monitors file downloads and storage and prevent unauthorized programs from entering. Previous antivirus software was slow in checking files and slowed down the speed of the PC. Now the slowdown is minimized, given that users are migrating to a much faster SSD, replacing hard disk drives. Also, recent antivirus software has a detection rate with quick update procedures from their respective vendors.
Of course, if you want something more advanced, you may want to use third-party antivirus software provided by security companies. In addition, most third-party antivirus software is recommended to install one type per machine in principle. Therefore, Windows Defender is set to be automatically disabled when you install that third-party antivirus software.
It is difficult to objectively check whether antivirus software is working properly. If you think antivirus software is working and it is actually disabled, the only common understanding is it works if it filters malware. However, testing with real viruses is just too risky. That is not always the case though, as the antivirus industry itself created a test virus to measure if the installed antivirus works as intended. It is “EICAR” that is useful in such a case. This is a dummy virus created to test the behavior of antivirus software, and it is not intended to perform any destructive activity, but only for detection. Since antivirus software from each company is detected as a dummy virus, if this EICAR is deployed on a PC and no alert is given, it means that some abnormality in the antivirus software is suspected.
EICAR can be downloaded from Eicar website, it is only 68 bytes in size, so anyone can manually paste the source code published on the site into a text file, save it and create an extension. It shouldn’t even be stored if you have a strong security PC, so it’s best to turn off antivirus software and then run antivirus software for verification. The created virus can also be tested by inserting it into a USB memory or attaching it to a mail. You could also burn it to a CD in combination with an AutoRun file and have it run automatically. In addition to testing the operation of antivirus software, it can also be useful when you want to take screenshots of the screen when a virus is detected. It should also be active when creating a tutorial that describes how to handle virus detection for internal use.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.