AntivirusOffers logo 


Back to Learning Center

How Fast Do Antivirus Programs React to New Threats?

Posted on May 10, 2011
Although almost every antivirus program does a good job at protecting you from known viruses, how good are these applications at protecting you from new threats that arise?
Tags: protection from new viruses

Almost all antivirus software products are regularly updated by their developers to provide the latest in protection against malware and viruses. However, new viruses or more potent versions of existing viruses are released and discovered every day. In addition, it can be very tough to guard against zero-day attacks, or threats that take advantage of security vulnerabilities that have not been recognized and corrected.

While vendors of paid antivirus software do their utmost to make sure that updates are released to their products as soon as possible, free antivirus software generally isn't updated as fast. But how fast is fast? Also, for the case of zero-day attacks, what can protection can be had if the vulnerability isn't even known yet?

How Fast Do Antivirus Programs React to New Threats?

In addition to releasing product updates to deal with emerging viruses, many security software applications use other methods of detection and scanning technologies to recognize potential new threats. The following methods are tools used by a good, solid antivirus program.

1. Heuristic Detection

Heuristic detection is a technology used by antivirus programs that is different from the traditional virus signature detection. With signature-based detection, a file or process is checked against the virus database. If the virus or malware is listed in this database, the antivirus program will act by blocking or preventing the file or process. Heuristic detection performs differently. It provides better detection by detecting variants or families of viruses with the same behavior for infecting a computer as known viruses. While free antivirus software usually relies mainly on detecting virus signatures, most paid security applications employ heuristic detection to better safeguard your system.

2. Cloud-Based Detection

A technique used by some antivirus vendors to protect end-users from new viruses is known as cloud-based detection. An in-the-cloud detection tool checks for virus signatures in an online database—that is not stored on your personal computer—in real-time using an Internet connection. The virus signatures located on the antivirus vendor's servers are updated faster, even before daily virus signatures are released. Cloud computing is now an important part of antivirus programs for detecting zero-day attacks that most users are not protected against if only using an antivirus program that employs traditional means of detection.

3. Community-Based Detection

Another technology used by some antivirus programs is providing an option to end-users to participate in an online community that is using the same antivirus or anti-malware program. For example, suppose User A is browsing the Internet and a plugin was installed without his or her consent. The antivirus program detects the changes or addition to the system and prompts User A for action. If User A decides to disallow or block the changes made, the antivirus vendor collects some information that helps identify the origin of the potential threat and the actions the user has applied. The antivirus vendor will start checking the data and provide protection if the action is found to be a risk or threat to the community.

4. Hosts Intrusion Prevention System

Some antivirus programs include Hosts Intrusion Prevention System (HIPS) to protect or detect unknown malware or viruses. By default, HIPS protection does not rely on virus signatures but it blocks unknown changes to the system unless the user decides to allow the installation.

Some antivirus or anti-malware programs use two types of HIPS protection. For example, Spybot - Search & Destroy anti-malware software provides a paranoid mode and non-paranoid mode for real-time protection. In paranoid mode, the HIPS-like protection is implemented so that all changes to the system that are unknown to the anti-malware software are blocked unless the user chooses to allow them. The non-paranoid mode is based on a blacklist, which will trigger an alert only if the process or file is known to be malicious.

Comodo Antivirus is another program that uses HIPS protection, aka Defense+. It works differently from Spybot - Search & Destroy. Instead of blocking specific items on a blacklist, Defense+ blocks any unknown file or process that is not on its whitelist by default.

In short, HIPS protection against unknown malware or suspicious processes relies on the user's action or decision.

Zero-Day Attacks or Zero-Day Viruses

As mentioned earlier, a zero-day attack is when a virus creator takes advantage of any new security vulnerability that has not yet been fixed by a vendor. Zero-day viruses only target vulnerable applications (such as web browsers) or operating systems. Antivirus vendors using cloud and community-based detection provide better protection to their customers against zero-day attacks.

Those antivirus vendors who receive a sample of the exploit code or the new malware will immediately send out a virus signature to protect every user. However, antivirus software that has cloud-based detection provides faster protection since the protection happens in real-time using an Internet connection. Example of antivirus software developers that offer this advanced protection include Norton, McAfee, F-Secure, Trend Micro and many more.

If you want to be fully protected from all potential threats, including new viruses that emerge every day, your best bet is to invest in security software that uses a variety of means to detect these security problems. Free antivirus software can be pretty good at protecting you from yesterday's threats, but the innovative technologies used by the most recent paid security software applications are what you need to protect you from tomorrow's issues.

Webroot SecureAnywhere Internet Security Plus 2013

Webroot SecureAnywhere Internet Security Plus 2013

Proven antivirus, identity and password protection for your computers and mobile devices
Instant discount: save 50% ($30 off). Offer ends soon!

$59.99 $29.99
Webroot SecureAnywhere Antivirus 2013

Webroot SecureAnywhere Antivirus 2013

Fast and light antivirus and antispyware protection ***formerly known as Webroot Spy Sweeper***
Instant discount: save 50% ($20 off). Offer ends soon!

$39.99 $19.99
Webroot SecureAnywhere Complete 2013

Webroot SecureAnywhere Complete 2013

Complete PC, Tablet and Mobile threat protection
Instant discount: save 60% ($50 off). Offer ends soon!

$79.99 $29.99