A04-008-antivirus.md

"“The problem of viruses is temporary and will be solved in two years.”"

John McAfee, Founder of McAfee

An antivirus is a piece of software that protects the devices and users against malware and cybersecurity threats. It can look at the data, software, and files to search for suspicious signatures and behavior. It is an essential component of any cybersecurity strategy. It protects from several threats including, but not limited to, viruses, trojans, adware, malware, phishing, and spam attacks.

## Antivirus and Antimalware

Youtube-video: https://www.youtube.com/watch?v=bTU1jbVXlmM

Tässä kohtaa Multiple Choices -tehtäväkomponentti

'A device without antivirus is like a home with open doors, it gives cybercriminals an open way to enter and perform malicious activities.'

According to SE Labs, nearly 50% of the antivirus products are not capable of detecting known threats. Also, most of the advanced threats remain undetected by many antivirus solutions due to the sophistication of the malware and advanced evading techniques used by cybercriminals. Machine learning and artificial intelligence-based antivirus solutions can play an important role in detecting unknown threats by analyzing the behavior and patterns.

Different Ways to Detect Suspicious Files

Youtube-video: https://www.youtube.com/watch?v=1_rXO2Es5B8

Tässä kohtaa Matching-tehtäväkomponentti

'Although antivirus cannot protect from all of the threats, it provides a layer of protection and makes the device less vulnerable to attacks.'

What Happens to Infected Files?

When your antivirus detects a suspicious file, it often gives you three options:

  1. Delete. This removes the potentially infected files from your system.
  2. Clean. The antivirus tries to remove the infected parts of a file.
  3. Quarantine. The antivirus stores the files in a controlled location, so they can cause no harm.

You might be tempted to delete all suspicious files your antivirus detects, but it is not always the best solution. The files may be essential to the operating system to function, or you might want to save the files. In this case, trying to clean the files is your best bet. Sometimes you want to inspect the file yourself, before deciding what to do with it. You can quarantine the file so it can do no harm, and check it out if the antivirus flagged in incorrectly as suspicious.

Tässä kohtaa Scenario-komponentti, jonka tiedot alla

What Would You Do?

What would be the best course of action in these cyber-security scenarios? Continue

Q1.1: You're working on a programming project and your co-worker sent you some files. They are from a trusted source, but your antivirus flagged them anyway. (hands on the side, neutral face)

1.2: Delete the files 1.3: Quarantine and inspect the files 1.4: Clean the files

A1.2: That's one possibility. But maybe not the best one. (angry face)

A1.3: Great job! You're sure that the files are actually sent from a trusted source, and it probably contains code or executable files. The antivirus can flag them accidentally, as their origin is unknown. (happy with teeth)

A1.4: It might be more easily said than done. The antivirus may flag the files as harmful even after the cleaning attempt.

Q:1.3: You saw an ad online showcasing some phones for a great price - almost for free! When you clicked the ad, it downloaded a file on your device, and the antivirus software flagged it as suspicious. (neutral face)

1.3.1: Delete the files 1.3.2: Quarantine and inspect the files 1.3.3: Clean the files

A1.3.1: Good choice! You did not intent to download the files and the source from which they come from seems suspicious. (happy man)

A1.3.2: That's one possibility. But maybe not the best one. It's unlikely that the file contains free phones or riches.

A1.3.3: It might be more easily said than done. It's unlikely that the file contains free phones or riches.

Q1.3.1: The antivirus flags some files of your operating system as infected.

1.3.1.1: Delete the files 1.3.1.2: Quarantine and inspect the files 1.3.1.3: Clean the files

A1.3.1.1: Deleting the files may harm your system beyond repair. It's better to try something else first. (angry)

A1.3.1.2: It might be hard to know what's wrong with these types of files if you don't know the system inside out. Try out something different first.

A1.3.1.3: Good choice! Cleaning files is the first step with files that are essential for the operating system to function. If it doesn't help, you'll have to come up with something else.

A1.3: Great job! You're sure that the files are actually sent from a trusted source, and it probably contains code or executable files. The antivirus can flag them accidentally, as their origin is unknown.

Q1.3

END: Well done! Now you're prepared for when your antivirus program flags a file as suspicious.

Image in the beginning: Image for correct answers: Image for incorrect answers: