TEXT 3. Anti-virus Software and Firewalls

Anti-virus software

Anti-virus software is a program or set of programs (software utility) that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more.

These tools are critical for users to have installed and up-to-date because a computer without anti-virus software installed will be infected within minutes of connecting to the internet. The bombardment is constant, with anti-virus companies update their detection tools constantly to deal with the more than 60,000 new pieces of malware created daily.

There are several different companies that build and offer anti-virus software and what each offers can vary but all perform some basic functions:

· Scan specific files or directories for any malware or known malicious patterns

· Allow you to schedule scans to automatically run for you

· Allow you to initiate a scan of a specific file or of your computer, or of a CD or flash drive at any time.

· Remove any malicious code detected –sometimes you will be notified of an infection and asked if you want to clean the file, other programs will automatically do this behind the scenes.

· Show you the ‘health’ of your computer

Most anti-virus programs include an auto-update feature that permits the program to download profiles against new viruses, enabling the system to check for new threats. Antivirus programs are essential utilities for any computer but the choice of which one is very important. One AV program might find a certain virus or worm while another cannot, or vice-versa.

Anti-virus software searches the hard drive and external media attached to a computer for any potential viruses or worms. Broadly speaking, the two main approaches to virus detection are:

· Dictionary Approach: The anti-virus software checks a file and automatically refers to a dictionary of known viruses. If there is a match, the file is deleted, quarantined or repaired.

· Suspicious Behavior Approach: The anti-virus software monitors the behavior of all programs and flags any suspicious behavior. For example, a program might be flagged if it tries to change settings to the operating system or write to a certain directory.

There are several methods which antivirus engine can use to identify malware:

Sandbox detection

Sandbox detection is a particular behavioral-based detection technique that, instead of detecting the behavioral fingerprint at run time, executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged, the antivirus engine can determine if the program is malicious or not. If not, then, the program is executed in the real environment.

Data mining

Data mining techniques are one of the latest approaches applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behavior of a file (as either malicious or benign) given a series of file features that are extracted from the file itself.

Signature-based detection

Traditional antivirus software relies heavily upon signatures to identify malware. Substantially, when a malware arrives in the hands of an antivirus firm, it is analyzed by malware researchers or by dynamic analysis systems. Then, once it is determined to be a malware, a proper signature of the file is extracted and added to the signatures database of the antivirus software.

Although the signature-based approach can effectively contain malware outbreaks, malware authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Heuristics

Many viruses start as a single infection and through either mutation or refinements by other attackers can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition. For example, the Vundo Trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct categories, Trojan.Vundo and Trojan.Vundo.B.

While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. A detection that uses this method is said to be "heuristic detection."

Firewall

A firewall is a system that provides network security by filtering incoming and outgoing network traffic based on a set of user-defined rules. In general, the purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely. In most server infrastructures, firewalls provide an essential layer of security that, combined with other measures, prevent attackers from accessing your servers in malicious ways.

There are three basic types of network firewalls: packet filtering (stateless), stateful, and application layer.

Packet filtering, or stateless, firewalls work by inspecting individual packets in isolation. As such, they are unaware of connection state and can only allow or deny packets based on individual packet headers.

Stateful firewalls are able to determine the connection state of packets, which makes them much more flexible than stateless firewalls. They work by collecting related packets until the connection state can be determined before any firewall rules are applied to the traffic.

Application firewalls go one step further by analyzing the data being transmitted, which allows network traffic to be matched against firewall rules that are specific to individual services or applications. These are also known as proxy-based firewalls.

In addition to firewall software, which is available on all modern operating systems, firewall functionality can also be provided by hardware devices, such as routers or firewall appliances.

 

15. True, false or no information? Find the sentences in the text that support your point of view.

1. Anti-virus software is a program that provides network security by filtering incoming and outgoing network traffic.

2. Anti-virus software offered by different companies performs five basic functions.

3. One of the latest approaches in malware detection is known to be data mining technique.

4. A good antivirus suite is an excellent first line of defense for your PC.

5. Sandbox detection is a particular dictionary-based detection technique.

6. Firewalls prevent attackers from accessing servers in malicious ways.

7. Organizations can protect themselves from rootkits by updating virus definitions, avoiding suspicious downloads, and performing static analysis scans.

 

16. Ask questions about types of firewalls and virus detection methods. Use the following patterns:

a. I would like to know, if /whether …

b. Can you tell me what/which/how/why …?

c. Does anybody know what/which/how/why …?

d. Are you sure that …?

e. Do you agree that …?

 

17. Give a summary of the textAnti-virus Software and Firewalls. (See Appendix II for annotation details).

Part II. Language

18. Match the terms to their definitions:

1) ransomware	a) software utility designed to prevent, search for, detect, and remove malicious software
2) sandbox detection	b) software program created to automatically perform specific operations
3) computer security	c) a form of malware that essentially holds a computer system captive while demanding a ransom
4) anti-virus software	d) the protection of information in its electronic form
5) bot	e) a behavioral-based detection technique executing the programs in a virtual environment

 

19. Match the malware types with their definitions:

A. rootkit B. spyware C. adware D. virus E. worm F. bug G. Trojan

1. a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware

2. a type of malware that automatically delivers advertisements

3. a type of malware causing  harm to their host networks by consuming bandwidth, overloading web servers and containing “payloads”

4. a type of malicious software designed to remotely access or control a computer

5. a program error causing crashing or freezing

6. a form of malware capable of copying itself and spreading to other computers

7. a type of malware spying on users activity without their knowledge

 

20. Put in the linking words (conjunctions) both...and, either …or, neither …nor, not only …but also:

1. ____ viruses ____  worms are designed to steal data, delete files or create botnets. 2. To detect malware ____ dictionary approach ____ suspicious behavior approach is used. 3. Anti-virus programs are critical for users to have installed because they ____ search for and detect malware ____ remove it. 4. ____ management ____ other departments can access these files if they are not authorized. 5. AVG Antivirus Free ____ is quite configurable ____ is very simple to use. 6. You can ____ install additional anti-malware software ____ replace your existing security software with a whole new suite designed to protect against all kinds of malware. 7. This antivirus set ____ scans your computer fast ____ has the best phishing protection.

 

21. Compare the antivirus sets using the constructions “as …as” and “not so …as”:

1. Bit Defender Antivirus quietly gets on with the job of identifying and eliminating anything that poses a risk to your safety and security. AVG Antivirus Free is vocal with its notifications (silent).

2. AVG Antivirus Free scans your computer rather slowly. Avast Antivirus doesn’t slow your computer (fast).

3. With AVG Antivirus Free you can use your mobile to scan your PC remotely. Both Bit Defender Antivirus and Avast Antivirus don’t possess such option (clever).

22. Make sentences using Complex Subject and Complex Object Constructions.

Pattern: A firewall is a system that provides network security by filtering incoming and outgoing network traffic (know).

1. A firewall is known to be a system that provides network security by filtering incoming and outgoing network traffic.

2. CS specialists know a firewall to be a system that provides network security by filtering incoming and outgoing network traffic.

 

1. Traditional antivirus software relies heavily upon signatures to identify malware (report). 2. Ransomware typically spreads like a normal computer worm (know). 3. Computer security has become increasingly important since the late 1960s (say). 4. Data mining and machine learning algorithms help classify the behavior of a file (expect). 5. Assigning an individual password protects a computer system (suppose).

 

23. Translate into English:

1. Компьютерная безопасность – это защита компьютерных систем и хранящихся в них данных. 2. Вредоносное программное обеспечение используется для того, чтобы нанести вред компьютерной системе и повредить или украсть информацию. 3. Имеются признаки, которые позволяют определить, заражён ли компьютер вредоносными программами. 4. Компьютерные черви обычно наносят вред сетям, перегружая серверы. 5. Особенно опасны ошибки в системе безопасности компьютера. 6. Необходимо постоянно обновлять антивирусное программное обеспечение, т.к. компьютерная система заражается в течение нескольких минут работы в сети. 7. Руткит – это набор компьютерных утилит или специальный модуль ядра, устанавливаемый взломщиком сразу после получения прав суперпользователя. 8. Программа-вымогатель блокирует доступ к компьютерной системе, требуя затем выкуп для восстановления исходного состояния. 9. В настоящее время песочницы используют для запуска непроверенного кода из неизвестных источников, а также для обнаружения и анализа вредоносных программ. 10. Сигнатурный анализ выявляет характерные черты каждого вируса, а эвристический анализ основан на предположении, что новый вирус похож на уже известный.