So, yeah, use common sense, don't click stupid shit, and don't give anything advanced privileges on your machine (when you get a popup on your computer asking for an administrator password) unless you know what it is and why it needs it.If you have a newer Mac with one of the most recent OS versions installed, you might already have Apple’s proprietary antivirus software XProtect installed on your device.
This technology is called Endpoint Detection and Response (EDR) and is both expensive to buy and difficult to manage (in part because it generates a lot of suspicious findings of suspicious activity and someone has to go through them and weed out all the false positives).īecause EDR is expensive, hard to manage, and is unnecessary for the majority of computer users (who are usually targeted with threats that common sense will protect them from - things like shady drive-by downloads and email phishing) it doesn't really exist on the consumer market (although there may be some bullshit AVs that are falsely labeled as EDR), and is usually only used by businesses. jpg file to a server located in Belarus every Sunday at 3 AM, that's very odd). and looks for suspicious behavior (e.g.: huh, this one process doesn't seem to do anything but it uploads a. For that you need something that monitors process activity on a machine, and examines how processes are interacting with other processes, memory, files/disks, network interfaces, etc. Unknown threats by and large can't be detected by signature-based antivirus, since they're not in the database. This is either something that is brand new (the latest backdoor trojan that nobody has yet discovered and analyzed), or specifically targeted to a person/group (e.g.: stuxnet, which was designed to specifically target one air-gapped facility in Iran and infected millions of machines before anybody even knew it existed).
Things which have not been discovered and cataloged into the database of bad stuff. The other category is, of course, "unknown" threats. Checking every single file against a database of hundreds of thousands or millions of signatures also is what eats up all your computer's resources. As you said, common sense is sufficient to block nearly all of these threats, and AV doesn't really improve your chances. This is useful for people who will click on literally everything (like the random pop-up that says "you have to update Adobe Flash, download this file and open it"). "Antivirus" as we usually refer to it refers to a signature-based detection engine - it scans every file on your hard disk, and new ones as you download them, and compares them to a signature database of known-bad stuff.
0 kommentar(er)
