Antivirus is software or program that can be used to prevent, detect or remove viruses, worms, Trojan horses etc. However doesn't matter how useful is antivirus but it having some drawbacks like sometimes it slow down your computer if not configured correctly. Antivirus usually runs into highly trusted kernels sometimes it create vulnerabilities as well. There is several methods antivirus software use to detect malware code few of them are as follows:
- Signature: It is the common method use to detect viruses. In this antivirus compare the files with signature directory and find the virus.
- Malicious activity detection: In this method antivirus check the behaviour of program if it's found abnormal or suspicious then further investigation done by antivirus by signature based technique or something else.
- Heuristic-based detection: This method is same as malicious detection but in this approach you can analyze suspicious file two methods. File analysis is the first method in which antivirus investigate the file if any malicious code detected and in file emulation method antivirus just run the malicious code in virtual environment and see it will affect your system.
- Performance of system: Some anti viruses reduce the speed of system because they check the everything comes to system from outside world.
- Security: Anti virus by himself can create security hole because all antivirus run on system level privileges and there can be privilege escalation.
- Renewal cost: There could be unexpected renewal cost with antivirus because most of them come with life span of 60 or 30 days
- Privacy: Some antivirus automatically send the file to the developer for further investigation in that case the confidentiality of file can be questioned.
But there can be some issues with antivirus installation like:
Firewall is part of network which is used to protect unauthorized access when having authorized communication. Firewall can be implemented in hardware or software or both. Firewall is use to protect unauthorized user to access to private network. All messages entering in network or internet need to pass through firewall and firewall examines every message and block that doesn't met security criteria of network. There are several firewall techniques can be used as follows:
- Packet Filter: It is technique in which every packet pass through the network checked against user requirements.
- Application Gateway: It is type of firewall that comes in between end user and internet. Application gateway check more thoroughly every packet pass through the network and make decisions. It use more memory and processor power and sometimes downgrade the speed of network.
- Circuit-level gateway: In circuit level gateway the internal computers make connection to proxy server and proxy server communicate with internet. In this case external computers only knows the IP address of proxy server nothing else.
- Proxy Servers: Proxy server generally used to boost up the performance of network but also can use as a firewall. Proxy server hide your internal addresses and communication appeared originating from proxy server. Proxy server also cache the pages you requested if any other user requested for same page then proxy server send the same page as sended to you.
- Software Patches: Software patches are the programs need to be updated according to the requirements or for fixing valneribilities. It mainly uses to remove problems with bugs and improve performance. Sometimes incorrectly designed patch can create more problems. Software Patches got various names like software updates and usually provideed free by service provider. Software patches are more common with games and known as extension packs. Software patches are sometimes requirement of software devolping program. There are other means in which patches can be useful.
- In Software Development: Patches sometimes become mendatorry for fix problems with the source code of the program that used so frequently. Patches mostly used by large projects like Windows they time to time realse service packs to keep the software up to date until completely new program devolped.
- Security Patches: Security patches are mainly used to overcome the valneribilties explored time to time. These patches mitigate the threats or prevent successful expliotation of valnerbility. Now days microsoft realse security patches every 30 days or as soon as any new valnerbility got discovered. Security patches are closely tied to responsible disclosure
- Hot Patching : These are kind of patches allowed to apply without shuting down restarting your computer.
Each technique described above have benefits and drawbacks But I think Application gateway firewall is more secure than other three. Packet filtering is usually easy to implement and faster but its is easy to break into as well. In packet filtering hacker can create fake IP addresses known as IP Spoofing and your firewall will be tricked into allow unwanted traffic on network.