AntiVirus Software – What todays software needs to be capable of

Ransomware is gaining ground, but security software vendors have learnt. Who will best defend your PC against Ransomware, infected websites and other threats? We have tested free to use solutions as well as software for up to 120$.
 
The malware scene has become “more violent” in recent years. At least it appears to the consumer that ransomware, has been on the rise for years. Ransomware attacks the user’s data and makes it unreadable – with encryption. Then the user is also attacked . A message appears on the screen asking the victim to pay the ransom. Some encryptionstrojans, such as Jigsaw delete a file hourly to put even more pressure on the victim. Resistance seems futile. The newer versions of Ransomware use strong encryption algorithms. It is often not possible to recover the affected files without the blackmailer. After all, there is a little hope. Antivirus vendors offer decryption tools for some Ransomware variations.

AntiVirus vs. Silent Trojan Horses

Before 2013, people were afraid of another type of Trojan horse. Trojans that implant themselves in the PC and remain silent. They spy on credit card information, exchange the user’s bank transactions, or use the PC they’ve captured to attack servers anywhere in the world. These trojans are still active and their effect is bad enough. But secret Trojans usually leave the data of the users alone. And users often don’t even notice the secret data traffic of malware without special knowledge of network technology. Harmful viruses that attacked, i. e. deleted or modified the data of users were rather rare before 2013?

Rootkits in reverse gear

A particularly tricky variant of the “silent” Trojans are the rootkits. They can nest deep in the operating system and thus make their discovery more difficult. But this threat has now lost much of its horror. Because the rootkits have been in decline for years, McAfee? reports (PDF). McAfee handles this development with the widespread adoption of 64-bit systems and current operating systems such as Windows 8 and Windows 10. Those OS provide protection against rootkit programs. The category of rootkits is no longer mentioned in the malware reports of many? other vendors. Different with Ransomware. This genre of malware is starting to boom.

Ransomware on its way to the top

Extortion programmes have been on the rise since about 2014. The growth rates are frightening. Trend Micro reports (Trend Micro, Reign of Ransomware, TrendLabs 2016 1H Security Roundup) an increase of 172 percent in Ransomware attacks. Only in the first half of 2016. The Kaspersky Security Bulletin 2015 states that Kaspersky has detected around 50,000 computers with Ransomware in corporate networks through its security programs. That is more than twice as many infections with this type of malware than in 2014. Approximately 58 percent of computers in corporate networks were attacked in 2015.

How does the Ransomware get to the computer?

Trend Micro has investigated the causes in Das Reich der Ransomware and found nothing surprising about it. In the first six months of 2016, email spam was the most common vehicle (71 percent) for the known infection pathways, but only accounted for 47 percent of the Ransomware cases analyzed. This is far behind with 18 percent infections caused by exploit kits – i. e. by invoking infected websites. An exploit kit is a collection of software that runs on web servers. If a PC connects to one of these infected servers, the scripts running there search for vulnerabilities in the user’s browser, for example. These vulnerabilities allow the malware to reach the computer. According to Trend Micro, the remaining infections occur via exploits (5 percent), i. e. software vulnerabilities, infected apps and the Teamviewer software (3 percent each). The manufacturer asserts that these infections are not caused by a security vulnerability in Teamviewer. Rather, hacked Teamviewer accounts were used to distribute the Surprise-suspensestrojan.

AntiVirus Protection against Ransomware

Because Ransomware uses the same secret paths as other malware, the proven recipes are enough to defend itself. Use an antivirus program, either a free or one of our test candidates. All programs in the test can scan emails for malicious attachments and block them. If you clicked on a dangerous link, there is still a chance. All test candidates have browser plug-ins that can prevent dangerous sites from loading. With a little luck, the plugin recognizes the imminent danger. Otherwise, advertising and script blockers such as Noscript and Adblock Plus are the last line of defense. Still, the most important tool remains common sense as always: If an e-mail appears suspicious, you should delete it and not open it in the first place. The same applies to obscure web links. Important: Patch your operating system, browser and other programsy. This reduces the chance of becoming a victim of an exploit kit. Some programs in the test field can check the system for outdated software and thus reduce the risk of infection.

And if you did download a Trojan horse

Even then you still have a chance with the candidates in our test field. All antivirus programs can detect malware by its behavior, for example when it starts to encrypt files in the background. One example is Bitdefender Total Security 2017, which specifically monitors document and image folders and prevents encryption…
 
But what happens if the malware has passed the virus scanner and actually encrypted files? Then it’s time to keep calm and not pay a ransom. Now you need a good backup of your important data. Yet, make sure that your backup software is set up to hold many versions of your backed-up files. Should the encryption of your files have started without you noticing, could your intact files be overwritten by backups of encrypted filesEven if your data is encrypted and any backup is missing, there is still a glimmer of hope. Many security companies provide decryption tools that allow you to recover many infected files.

Focus on intelligent devices

The Internet of Things (IoT), i.e. computerised household appliances ranging from surveillance cameras to heating control systems, have long been the focus of safety experts. This is because with some devices, manufacturers have neglected safety. This was made clear by the actions of the Mirai botnet in September and October of this year. At the end of September 2016, security expert Brian Krebs’s site was attacked by thousands of IoT devices. The attacks were so violent that the site had to be taken off the net. In October, the Internet service provider Dyn was the victim. As a result, there were disruptions at major online companies such as Amazon, Twitter, Github and Airbnb. According to Brian Krebs, among the infected devices were not only classical IoT devices, but also printers and routers.
 
The incident shows that anti-virus programs today need to protect not only the PC, but the entire home network. An entry gate is, for example, the domestic ADSL router with which most devices are connected. That’s why we’ve included functions for scanning routers in the evaluation this year.