Popular Antivirus programs:

Comparison of the Best Antiviruses of 2020

Cloud-
Antivirus Firewall Based Included VPN Free Version Money-Back Gu
Scanning

Yes No Unlimited data No 60-days

Unlimited data (with

Yes No automatic subscription No 30-days
renewals)

Yes No No No 30-days

BullGuard Yes No No No 30-days

Unlimited data (with

Avira No Yes Yes 30-days
Avira Prime)

Bitdefender Yes Yes 200 MB/day Yes 30-days

Kaspersky Yes Yes 300 MB/day Yes 30-days (USA) an

Unlimited (with
TotalAV Yes Yes Yes 30-days
TotalAV Internet Security)

Unlimited (with
Panda Yes No Yes 30-days
Panda Dome Premium)

Trend Micro No No No No 30-days

Cylance No No No No 30-days
basic idea of how antivirus identifies a virus (Signature based detection, Heuristics-based detection,
Cloud- based detection)

How Antivirus Works?

Antivirus software scans the file comparing specific bits of code against information in its
database and if it finds a pattern duplicating one in the database, it is considered a virus,
and it will quarantine or delete that particular file.
How The Antivirus Detects Virus?
All program files (executable) that enter a system go through the antivirus scan. Those that
match the signatures are classified as viruses and are blacklisted. The other program files then
pass through the Defense + HIPS ( Host Intrusion Prevention System). Here the known files
would be allowed entry and would run in the system while the unknown ones, irrespective of
whether they are good or bad, are sent to the Defense+ Sandbox. These would be allowed to
run, but only in this restricted environment. Those that the user allows as good files would be
added to the Whitelist while all others would remain in the sandbox, after which they would go to
the Comodo labs for analysis.

Full System Scans

Full system scans are generally not essential when you already have an on access
scanning facility. Full system scans are essential when you install antivirus software for
the first time or you have updated your antivirus software recently. This is done to make
sure that there are no viruses present hidden on your system. Full system scans are
also useful when you repair your infected computer.

Virus Definitions
Antivirus software depends on the virus definitions to identify malware. That is the
reason it updates on the new viruses definitions. Malware definitions contain signatures
for any new viruses and other malware that has been classified as wild. If the antivirus
software scans any application or file and if it finds the file infected by a malware that is
similar to the malware in the malware definition. Then antivirus software terminates the
file from executing pushing it to the quarantine. The malware is processed accordingly
corresponding to the type of virus protections.
It is really essential for all the antivirus companies to update the definitions with the
latest malware to ensure PC protection combating even the most latest form of
malicious threat.

How to get rid of malware?

● Signature-based detection
● Heuristic-based detection
● Behavioural-based detection
 ● Sandbox detection
● Data mining techniques

Signature-based detection - This is most common in Traditional antivirus software that

checks all the .EXE files and validates it with the known list of viruses and other types of
malware. or it checks if the unknown executable files shows any misbehaviour as a sign
of unknown viruses.
Files, programs and applications are basically scanned when they in use. Once an
executable file is downloaded. It is scanned for any malware instantly. Antivirus
software can also be used without the background on access scanning, but it is always
advisable to use on access scanning because it is complex to remove malware once it
infects your system
Heuristic-based detection - This type of detection is most commonly used in
combination with signature-based detection. Heuristic technology is deployed in most of
the antivirus programs. This helps the antivirus software to detect new or a variant or an
altered version of malware, even in the absence of the latest virus definitions.
Antivirus programs use heuristics, by running susceptible programs or applications with
suspicious code on it, within a runtime virtual environment. This keeps the vulnerable
code from infecting the real world environment.
Behavioural-based detection - This type of detection is used in Intrusion Detection
mechanism. This concentrates more in detecting the characteristics of the malware
during execution. This mechanism detects malware only while the malware performs
malware actions.
Sandbox detection - It functions most likely to that of behavioral based detection
method. It executes any applications in the virtual environment to track what kind of
actions it performs. Verifying the actions of the program that are logged in, the antivirus
software can identify if the program is malicious or not.
Data mining techniques - This is of the latest trends in detecting a malware. With a set
of program features, Data mining helps to find if the program is malicious or not.
Cloud based detection: Cloud antivirus software does most of its processing
elsewhere on the Internet rather than on your computer's hard drive. Internet
technology like cloud computing has made such innovations both possible and
affordable.
Cloud antivirus software consists of client and Web service components working
together. The client is a small program running on your local computer, which
scans the system for malware. Full locally installed antivirus applications are
notorious resource hogs, but cloud antivirus clients require only a small amount
processing power.

The Web service behind cloud antivirus is software running on one or more servers
somewhere on the Internet. The Web service handles most of the data processing
so your computer doesn't have to process and store massive amounts of virus
information. At regular intervals, the client will scan your computer for any
malware listed in the Web service's database.

Why is Updating Antivirus Software So Important?

Updating antivirus is critical for the security of any system. This is because any system
gets constantly threatened and attacked by new viruses every day. Antivirus updates
would have latest definition files that are needed to identify and combat new viruses.

about Virus Total website : VirusTotal, a subsidiary of Google, is a free online service that analyzes
files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious
content detected by antivirus engines and website scanners. At the same time, it may be used as a
means to detect false positives, i.e. innocuous resources detected as malicious by one or more
scanners.

How it works
VirusTotal inspects items with over 70 antivirus scanners and URL/domain blacklisting services,
in addition to a myriad of tools to extract signals from the studied content. Any user can select a
file from their computer using their browser and send it to VirusTotal. VirusTotal offers a
number of file submission methods, including the primary public web interface, desktop
uploaders, browser extensions and a programmatic API. The web interface has the highest
scanning priority among the publicly available submission methods. Submissions may be
scripted in any programming language using the HTTP-based public API.
As with files, URLs can be submitted via several different means including the VirusTotal
webpage, browser extensions and the API.
Upon submitting a file or URL basic results are shared with the submitter, and also between the
examining partners, who use results to improve their own systems. As a result, by submitting
files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.
This core analysis is also the basis for several other features, including the VirusTotal
Community: a network that allows users to comment on files and URLs and share notes with
each other. VirusTotal can be useful in detecting malicious content and also in identifying false
positives -- normal and harmless items detected as malicious by one or more scanners.

Free and unbiased

VirusTotal is free to end users for non-commercial use in accordance with our Terms of Service.
Though we work with engines belonging to many different organizations, VirusTotal does not
distribute or promote any of those third-party engines. We simply act as an aggregator of
information. This allows us to offer an objective and unbiased service to our users.
Many contributors
VirusTotal's aggregated data is the output of many different antivirus engines, website scanners,
file and URL analysis tools, and user contributions. The file and URL characterization tools we
aggregate cover a wide range of purposes: heuristic engines, known-bad signatures, metadata
extraction, identification of malicious signals, etc.

Raising the global IT security level through sharing

Scanning reports produced by VirusTotal are shared with the public VirusTotal community.
Users can contribute comments and vote on whether particular content is harmful. In this way,
users help to deepen the community’s collective understanding of potentially harmful content
and identify false positives (i.e. harmless items detected as malicious by one or more scanners).
The contents of submitted files or pages may also be shared with premium VirusTotal customers.
The file corpus created in VirusTotal provides cybersecurity professionals and security product
developers valuable insights into the behaviors of emerging cyber threats and malware. Through
our premium services commercial offering, VirusTotal provides qualified customers and anti-
virus partners with tools to perform complex criteria-based searches to identify and access
harmful files samples for further study. This helps organizations discover and analyze new
threats and fashion new mitigations and defenses.

Real-time updates
Malware signatures are updated frequently by VirusTotal as they are distributed by antivirus
companies, this ensures that our service uses the latest signature sets.
Website scanning is done in some cases by querying vendor databases that have been shared
with VirusTotal and stored on our premises, and in other cases by API queries to an antivirus
company's solution. As such, as soon as a given contributor blacklists a URL it is immediately
reflected in user-facing verdicts.

Detailed results
VirusTotal not only tells you whether a given antivirus solution detected a submitted file as
malicious, but also displays each engine's detection label (e.g., I-Worm.Allaple.gen). The same is
true for URL scanners, most of which will discriminate between malware sites, phishing sites,
suspicious sites, etc. Some engines will provide additional information, stating explicitly whether
a given URL belongs to a particular botnet, which brand is targeted by a given phishing site, and
so on.