Chapter 2 Malware BMIT2713 Information and IT Security

Tutorial 2 Part 2

1. What are quarantine files?

Quarantine files are files that have been detected and isolated by antivirus
software because they are suspected of being infected with malware. When
an antivirus software program detects a suspicious file, it may move the file to
a secure location known as a quarantine. Quarantine is a feature of antivirus
software that helps to prevent the spread of malware by containing infected
files and preventing them from causing further harm to the system.

Once a file is moved to quarantine, it is no longer accessible by the user or

other programs. The antivirus software will typically provide options to either
delete the file permanently or restore it to its original location if it is
determined to be a false positive or a legitimate file that was mistakenly
flagged as malware. Keeping files in quarantine allows the user or system
administrator to review them and take appropriate action, such as deleting or
restoring the file, based on their analysis.

2. Why need to update anti-virus?

There are several important reasons to update antivirus software regularly:

1. Protection against new threats: Antivirus software needs to be updated

regularly to protect against new and emerging threats. New malware is
created and released every day, and antivirus software updates provide the
latest detection techniques and signatures to detect and remove new threats.
2. Vulnerability patching: Antivirus software may contain vulnerabilities that can
be exploited by attackers to bypass its protections. Software updates can
include security patches and bug fixes that address these vulnerabilities and
prevent attackers from exploiting them.
3. Improved performance: Antivirus software updates may include performance
improvements that can enhance the software's ability to detect and remove
malware, while minimizing the impact on system resources such as CPU and
memory usage.
4. Compatibility with new operating systems and software: Antivirus software
may need to be updated to ensure compatibility with new versions of
operating systems and other software. Failure to update antivirus software can
lead to compatibility issues that can impact system performance and security.
 5. Compliance requirements: Organizations may be required to maintain up-to-
date antivirus software to comply with regulatory requirements or industry
standards.

Overall, updating antivirus software is essential to maintain a high level of protection

against malware, protect system resources, and ensure ongoing compliance with
security requirements.

3. Is it sufficient to use only anti-virus to protect your device? Yes/no. Why?

No, it is not sufficient to use only antivirus software to protect your device. While
antivirus software is an important component of a comprehensive security strategy, it
is not enough to provide complete protection against all types of cyber threats. Here
are a few reasons why:

1. Limited protection: Antivirus software is designed to detect and remove

malware, but it may not protect against other types of threats, such as
phishing attacks, social engineering, or other types of cyber attacks.
2. Zero-day attacks: Antivirus software relies on known signatures and patterns
to detect malware, so it may not be effective against zero-day attacks, which
are new and unknown types of malware that have not yet been identified by
security researchers.
3. Outdated software: Antivirus software may not be effective if other software
on the system is outdated or vulnerable to exploitation. Attackers can exploit
vulnerabilities in outdated software to gain access to the system and bypass
antivirus protection.
4. Human error: Antivirus software cannot protect against all forms of human
error, such as weak passwords, social engineering attacks, or unauthorized
access to sensitive information.

To provide comprehensive protection for your device, it is important to use a multi-

layered approach to security, including antivirus software, firewalls, intrusion
detection and prevention systems, vulnerability scanners, and user awareness
training. By combining these different security measures, you can create a more
robust defense against cyber threats and help protect your device and data from
attack.
4. How anti-virus software works?

Antivirus software is designed to detect, prevent, and remove malicious

software or malware, such as viruses, worms, Trojans, adware, spyware, and
other types of harmful software that can infect your computer and
compromise your data.

Antivirus software works by using a combination of techniques, including

signature-based scanning, behavioral analysis, heuristics, sandboxing, and
machine learning algorithms, to identify and block malware threats.

5. What are the limitations of anti-virus?

 Reactive approach: Antivirus software relies on signature-based scanning,
which means that it can only detect known malware threats. If a new and
unknown malware variant is introduced, the antivirus software may not be
able to detect it until a signature is created.
 False positives: Antivirus software can sometimes generate false positives,
flagging legitimate programs or files as infected with malware. This can be a
problem if the user is prompted to delete or quarantine a file that is actually
safe to use.
 System performance: Antivirus software can sometimes slow down your
computer's performance, especially during scans or when running in the
background. This can be a problem if you have an older or slower computer,
or if you are running resource-intensive applications.
 Zero-day attacks: Zero-day attacks are attacks that exploit vulnerabilities that
are unknown to the software vendor or antivirus provider. Because antivirus
software relies on signature-based scanning, it may not be able to detect
these types of attacks until a patch or update is released.
 Social engineering: Antivirus software cannot protect against social
engineering attacks, such as phishing emails or other scams that trick users
into giving up their personal information or downloading malware.
 Advanced malware: Advanced malware, such as rootkits or fileless malware,
can evade detection by antivirus software by hiding in system files or memory,
making it difficult to detect and remove.

6. Advice the importance of regularly updating software.

 Security patches: Software updates often include security patches that address
vulnerabilities or exploits that could be used by hackers or malware to gain access to
your computer or other devices. Failing to update software can leave you vulnerable to
attacks that could compromise your personal information or cause other damage.
 Bug fixes: Software updates also often include bug fixes and other improvements that
can help to improve the stability and performance of your computer or other devices.
Failing to update software can lead to crashes, glitches, or other issues that can
negatively impact your productivity or enjoyment of the device.
  Compatibility: Some software updates are necessary to ensure compatibility with other
applications or hardware on your computer or other devices. Failing to update software
could result in compatibility issues that could make it difficult or impossible to use certain
applications or hardware.
 New features: Software updates often include new features or enhancements that can
improve the functionality or usability of your computer or other devices. Failing to
update software could mean missing out on new features that could make your device
more useful or enjoyable to use.

In summary, regularly updating software is important for maintaining the security, stability, and
functionality of your computer or other digital devices. It is recommended to enable automatic
updates whenever possible, and to check for updates on a regular basis to ensure that your
software is up-to-date.

7. Specify function of anti-virus software.

The main function of antivirus software is to detect, prevent, and remove
malware, which can include viruses, worms, Trojans, adware, spyware, and
other types of harmful software that can infect your computer or other
devices.

8. What could the risks of using obsolete and unsupported software.

 Security vulnerabilities: Obsolete and unsupported software may have security
vulnerabilities that have not been patched or fixed, making it easier for
hackers and malware to exploit these vulnerabilities and gain access to your
computer or other devices.
 Malware infections: Outdated software may not have the latest security
features, leaving your computer or other devices vulnerable to malware
infections. Hackers and malware developers often target outdated software
because they know that many users may not have updated to the latest
versions.
 Compatibility issues: As technology evolves, software becomes increasingly
complex, and new versions may not be compatible with outdated or
unsupported software. This can result in compatibility issues that can make it
difficult or impossible to use certain applications or hardware.
 Reduced functionality: Outdated software may not have the latest features or
enhancements that can improve the usability or functionality of your
computer or other devices. This can result in reduced productivity or
enjoyment of the device.
 Lack of support: Unsupported software may not have technical support or
resources available if you encounter problems or issues. This can make it
difficult to troubleshoot problems or find solutions to issues that may arise.

In summary, using obsolete and unsupported software can pose significant risks to
the security, stability, and functionality of your computer or other devices. It is
recommended to keep your software up-to-date and to use supported software
whenever possible to minimize these risks.