Company:Symantec

Symantec Corporation

Symantec headquarters in Mountain View, California
Type	Public
Traded as	NASDAQ: SYMC NASDAQ-100 Component S&P 500 Component
Industry	Computer software
Founded	March 1, 1982; 43 years ago (1982-03-01) Sunnyvale, California , United States
Founder	Gary Hendrix
Headquarters	Mountain View, California , U.S.[1]
Area served	Worldwide
Key people	Daniel Schulman (Chairman) Greg Clark (CEO)
Products	Security software
Revenue	US$ 4.019 billion (2017)[2]
Operating income	US$ -100 million (2017)[2]
Net income	US$ -106 million (2017)[2]
Total assets	US$ 18.174 billion (2017)[2]
Total equity	US$ 3.487 billion (2017)[2]
Number of employees	12,518 (2017)[3]
Divisions	List of divisions

Symantec Corporation /sɪˈmænˌtɛk/ (commonly known as Symantec) is an American software company headquartered in Mountain View, California, United States . The company provides cybersecurity software and services. Symantec is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bengaluru (India).

On October 9, 2014, Symantec declared it would split into two independent publicly traded companies by the end of 2015. One company would focus on security, the other on information management. On January 29, 2016, Symantec sold its information-management subsidiary, named Veritas Technologies (which Symantec had acquired in 2004)^[4] to The Carlyle Group.^[5]

The name "Symantec" is a portmanteau of the words "syntax" and "semantics" with "technology".^[6]

Founded in 1982 by Gary Hendrix with a National Science Foundation grant, Symantec was originally focused on artificial intelligence-related projects, including a database program.^[7] Hendrix hired several Stanford University natural language processing researchers as the company's first employees, among them Barry Greenstein (professional poker player and developer of the word processor component within Q&A).^[7] Hendrix also hired Jerry Kaplan (entrepreneur and author) as a consultant to build the in-RAM database for Q&A.^[8]

In 1984, it became clear that the advanced natural language and database system that Symantec had developed could not be ported from DEC minicomputers to the PC.^[9] This left Symantec without a product, but with expertise in natural language database query systems and technology.^[10] As a result, later in 1984 Symantec was acquired by another, smaller software startup company, C&E Software, founded by Denis Coleman and Gordon Eubanks and headed by Eubanks.^[10] C&E Software developed a combined file management and word processing program called Q&A for "question and answer."^[10]

The merged company retained the name Symantec.^[10] Eubanks became its chairman, Vern Raburn, the former President of the original Symantec, remained as President of the combined company.^[11] The new Symantec combined the file management and word processing functionality that C&E had planned, and added an advanced Natural Language query system (designed by Gary Hendrix and engineered by Dan Gordon) that set new standards for ease of database query and report generation. The natural language system was named "The Intelligent Assistant". Turner chose the name of Q&A for Symantec's flagship product, in large part because the name lent itself to use in a short, easily merchandised logo. Brett Walter designed the user interface of Q&A (Brett Walter, Director of Product Management). Q&A was released in November 1985.

During 1986, Vern Raburn and Gordon Eubanks swapped roles, and Eubanks became CEO and president of Symantec, while Raburn became its chairman.^[12] Subsequent to this change, Raburn had little involvement with Symantec, and in a few years time, Eubanks added the Chairmanship to his other roles.^{[citation needed]} After a slow start for sales of Q&A in the fall of 1985 and spring of 1986, Turner signed up a new advertising agency called Elliott/Dickens, embarked on an aggressive new advertising campaign, and came up with the "Six Pack Program" in which all Symantec employees, regardless of role, went on the road, training and selling dealer sales staff nationwide in the United States. Turner named it Six Pack because employees were to work six days a week, see six dealerships per day, train six sales representatives per store and stay with friends free or at Motel 6.^[13] Simultaneously, a promotion was run jointly with SofSell (which was Symantec's exclusive wholesale distributor in the United States for the first year that Q&A was on the market). This promotion was very successful in encouraging dealers to try Q&A.

During this time, Symantec was advised by Jim Lally and John Doerr — both were board members of Symantec at that stage — (Kleiner Perkins Caufield & Byers) that if Symantec would cut its expenses and grow revenues enough to achieve cash flow break-even, then KPCB would back the company in raising more venture capital. To accomplish this, the management team worked out a salary reduction schedule where the chairman and the CEO would take zero pay, all vice presidents would take a 50% pay cut, and all other employees' pay was cut by 15%. Two employees were laid off. Eubanks also negotiated a sizable rent reduction on the office space the company had leased in the days of the original Symantec. These expense reductions, combined with strong international sales of Q&A, enabled the company to attain break-even.

The significantly increased traction for Q&A from this re-launch grew Symantec's revenues substantially, along with early success for Q&A in international markets (uniquely a German version was shipped three weeks after the United States version, and it was the first software in the world that supported German Natural Language) following Turner's having placed emphasis on establishing international sales distribution and multiple language versions of Q&A from initial shipment.

In 1985, Rod Turner negotiated the publishing agreement with David Whitney for Symantec's second product, which Turner named NoteIt (an annotation utility for Lotus 1-2-3). It was evident to Turner that NoteIt would confuse the dealer channel if it was launched under the Symantec name, because Symantec had built up interest by that stage in Q&A (but not yet shipped it), and because the low price for the utility would not be initially attractive to the dealer channel until demand had been built up. Turner felt that the product should be marketed under a unique brand name.

Turner and Gordon E. Eubanks, Jr., then chairman of Symantec Corporation, agreed to form a new division of Symantec, and Eubanks delegated the choice of name to Turner. Turner chose the name Turner Hall Publishing, to be a new division of Symantec devoted to publishing third-party software and hardware. The objective of the division was to diversify revenues and accelerate the growth of Symantec. Turner chose the name Turner Hall Publishing, using his last name and that of Dottie Hall (Director of Marketing Communications) in order to convey the sense of a stable, long established, company.^[14][15] Turner Hall Publishing's first offering was Note-It, a notation utility add-in for Lotus 1-2-3, which was developed by David Whitney, and licensed to Symantec.^[16][17] Its second product was the Turner Hall Card, which was a 256k RAM, half slot memory card, initially made to inexpensively increase the available memory for Symantec's flagship product, Q&A. The Turner Hall division also marketed the card as a standalone product. Turner Hall's third product, also a 1-2-3 add-in was SQZ! a Lotus 1-2-3 spreadsheet compression utility developed by Chris Graham Synex Systems.^[18] In the summer of 1986 Eubanks and Turner recruited Tom Byers from Digital Research, to expand the Turner Hall Publishing product family and lead the Turner Hall effort.

By the winter of 1986–87, the Turner Hall Publishing division had achieved success with NoteIt, the Turner Hall Card and SQZ!. The popularity of these products, while contributing a relatively small portion of revenues to Symantec, conveyed the impression that Symantec was already a diversified company, and indeed, many industry participants were under the impression that Symantec had acquired Turner Hall Publishing. In 1987, Byers recruited Ted Schlein into the Turner Hall Product Group to assist in building the product family and in marketing.

Revenues from Q&A, and from Symantec's early launch into the international marketplace, combined with Turner Hall Publishing, generated the market presence and scale that enabled Symantec to make its first merger/acquisition, in February 1987, that of Breakthrough Software, maker of the TimeLine project management software for DOS. Because this was the first time that Symantec had acquired a business that had revenues, inventory and customers, Eubanks chose to change nothing at BreakThrough Software for six months, and the actual merger logistics started in the summer of 1987, with Turner being appointed by Eubanks as general manager of the TimeLine business unit, Turner was made responsible for the successful integration of the company into Symantec and ongoing growth of the business, with P&L. There was a heavy emphasis placed on making the minimum disruption by Eubanks and Turner.

Soon after the acquisition of TimeLine/Breakthrough Software, Eubanks reorganized Symantec, structuring the company around product-centric groups, each having its own development, quality assurance, technical support and product marketing functions, and a General Manager with profit and loss responsibility. Sales, finance and operations were centralized functions that were shared. This structure lent itself well to Symantec's further growth through mergers and acquisitions. Eubanks made Turner general manager of the new TimeLine Product Group, and simultaneously of the Q&A Product Group, and made Tom Byers general manager of the Turner Hall Product Group. Turner continued to build and lead the company's international business and marketing for the whole company.

At the TimeLine Product Group, Turner drove strong marketing, promotion and sales programs in order to accelerate momentum. By 1989 this merger was very successful—product group morale was high, TimeLine development continued apace, and the increased sales and marketing efforts applied built the TimeLine into the clear market lead in PC project management software on DOS. Both the Q&A and TimeLine product groups were healthily profitable. The profit stream and merger success set the stage for subsequent merger and acquisition activity by the company, and indeed funded the losses of some of the product groups that were subsequently acquired.^[14] In 1989, Eubanks hired John Laing as VP worldwide sales, and Turner transferred the international division to Laing. Eubanks also recruited Bob Dykes to be Executive Vice President for Operations and Finance, in anticipation of the upcoming IPO. In July 1989 Symantec had its IPO.

In May 1990, Symantec announced its intent to merge with and acquire Peter Norton Computing, a developer of various utilities for DOS. Turner was appointed as product group manager for the Norton business, and made responsible for the merger, with P&L responsibility. Ted Schlein was made product group manager for the Q&A business.

The Peter Norton group merger logistical effort began immediately while the companies sought approval for the merger, and in August 1990, Symantec concluded the purchase—by this time the combination of the companies was already complete. Symantec's consumer antivirus and data management utilities are still marketed under the Norton name. At the time of the merger, Symantec had built upon its Turner Hall Publishing presence in the utility market, by introducing Symantec Antivirus for the Macintosh (SAM), and Symantec Utilities for the Macintosh (SUM). These two products were already market leaders on the Mac, and this success made the Norton merger more strategic. Symantec had already begun development of a DOS-based antivirus program one year before the merger with Norton. The management team had decided to enter the antivirus market in part because it was felt that the antivirus market entailed a great deal of ongoing work to stay ahead of new viruses. The team felt that Microsoft would be unlikely to find this effort attractive, which would lengthen the viability of the market for Symantec. Turner decided to use the Norton name for obvious reasons, on what became the Norton Antivirus, which Turner and the Norton team launched in 1991. At the time of the merger, Norton revenues were approximately 20 to 25% of the combined entity. By 1993, while being led by Turner, Norton product group revenues had grown to be approximately 82% of Symantec's total.

At one time Symantec was also known for its development tools, particularly the THINK Pascal, THINK C, Symantec C++, Enterprise Developer and Visual Cafe packages that were popular on the Macintosh and IBM PC compatible platforms. These product lines resulted from acquisitions made by the company in the late 1980s and early 1990s. These businesses and the Living Videotext acquisition were consistently unprofitable for Symantec, and these losses diverted expenditures away from both the Q&A for Windows and the TimeLine for Windows development efforts during the critical period from 1988 through 1992. Symantec exited this business in the late-1990s as competitors such as Metrowerks, Microsoft and Borland gained significant market share.

In 1996, Symantec Corporation was alleged of misleading financial statements in violation of GAAP.^[19]

From 1999 to April 2009 Symantec was led by CEO John W. Thompson, a former VP at IBM. At the time, Thompson was the only African-American leading a major US technology company. He was succeeded in April 2009 by the company's long-time Symantec executive Enrique Salem.^[20] Under Salem, Symantec completed the acquisition of Verisign's Certificate Authority business, dramatically increasing their share of that market.

Salem was abruptly fired in 2012 for disappointing earnings performance and replaced by Steve Bennett, a former CEO of Intuit and GE executive.^[21] In January 2013, Bennett announced a major corporate reorganization, with a goal of reducing costs and improving Symantec's product line. He said that sales and marketing "had been high costs but did not provide quality outcomes". He concluded that "Our system is just broken".^[22]

Robert Enderle of CIO.com reviewed the reorganization and noted that Bennett was following the General Electric model of being product-focused instead of customer-focused. He concluded "Eliminating middle management removes a large number of highly paid employees. This will tactically improve Symantec's bottom line but reduce skills needed to ensure high-quality products in the long term."^[23]

In March 2014, Symantec fired Steve Bennett from his CEO position and named Michael Brown as interim president and chief executive. Including the interim CEO, Symantec has had 3 CEOs in less than two years.^[24][25] On September 25, 2014 Symantec announced the appointment of Michael A. Brown as its President and Chief Executive Officer.^[26] Brown had served as the company's interim President and Chief Executive Officer since March 20, 2014.^[27] Mr. Brown has served as a member of the Company's Board of Directors since July 2005 following the acquisition of VERITAS Software Corporation. Mr. Brown had served on the VERITAS board of directors since 2003.^[28]

In July 2016, Symantec introduced a solution to help carmarkers protect connected vehicles against zero-day attacks. The Symantec Anomaly Detection for Automotive is an IoT solution for manufacturers and uses machine learning to provide in-vehicle security analytics.^[29] Greg Clark assumed the position of CEO in August 2016.^[30]

In November 2016, Symantec announced its intent to acquire identity theft protection company LifeLock for $2.3 billion.^[31]

In August 2017, Symantec announced that it had agreed to sell its business unit that verifies the identity of websites to Thoma Bravo. With this acquisition, Thoma Bravo plans to merge the Symantec business unit with its own web certification company, DigiCert.^[32]

On January 4, 2018, Symantec and BT announced their partnership that provides new endpoint security protection.^[33]

In May 2018, Symantec initiated an internal audit to address concerns raised by a former employee,^[34][35] causing it to delay its annual earnings report.^[36]

In August 2018, Symantec announced that the hedge fund Starboard Value had put forward five nominees to stand for election to the Symantec Board of Directors at Symantec's 2018 Annual Meeting of Stockholders.^[37] This followed a Schedule 13D filing by Starboard showing that it had accumulated a 5.8% stake in Symantec.^[38] In September 2018, Symantec announced that three nominees of Starboard were joining the Symantec board, two with immediate effect (including Starboard Managing Member Peter Feld) and one following the 2018 Annual Meeting of Stockholders.^[39]

On October 9, 2014, Symantec declared that the company would separate into two independent publicly traded companies by the end of 2015.^[40] Symantec will continue to focus on security, while a new company will be established focusing on information management. Symantec confirmed on January 28, 2015 that the information management business would be called Veritas Technologies Corporation, marking a return of the Veritas name.^[41] In August 2015, Symantec agreed to sell Veritas to a private equity group led by The Carlyle Group for $8 billion. The sale was completed by February 2016 that turned Veritas into a privately owned company.^[42]

As of 2015, Symantec's Norton product line includes Norton Security, Norton Small Business, Norton Family, Norton Mobile Security, Norton Online Backup, Norton360, Norton Utilities and Norton Computer Tune Up.^{[citation needed]}

In 2012, PCTools iAntiVirus was rebranded as a Norton product under the name iAntivirus, and released to the Mac App Store. Also in 2012, the Norton Partner Portal was relaunched to support sales to consumers throughout the EMEA technologies.^{[citation needed]}

In 1993, Symantec acquired ACT! from Contact Software International. Symantec sold ACT! to SalesLogix in 1999. At the time it was the world's most popular CRM application for Windows and Macintosh.^[43]

On December 16, 2004, Veritas Software and Symantec announced their plans for a merger. With Veritas valued at $13.5 billion, it was the largest software industry merger to date.^[44] Symantec's shareholders voted to approve the merger on June 24, 2005; the deal closed successfully on July 2, 2005.^[45] July 5, 2005, was the first day of business for the U.S. offices of the new, combined software company. As a result of this merger, Symantec includes storage- and availability-related products in its portfolio, namely Veritas File System (VxFS), Veritas Volume Manager (VxVM), Veritas Volume Replicator (VVR), Veritas Cluster Server (VCS), NetBackup (NBU), Backup Exec (BE) and Enterprise Vault (EV).^{[citation needed]}

On January 29, 2016, Symantec sold Veritas Technologies to The Carlyle Group.^[4]

On August 16, 2005, Symantec acquired Sygate,^[46] a security software firm based in Fremont, California, with about 200 staff.^[47] As of November 30, 2005, all Sygate personal firewall products were discontinued.^[48]

On January 29, 2007, Symantec announced plans to acquire Altiris,^[49] and on April 6, 2007, the acquisition was completed.^[50] Altiris specializes in service-oriented management software that allows organizations to manage IT assets.^[49] It also provides software for web services, security and systems management products. Established in 1998, Altiris is headquartered in Lindon, Utah.^[51]

On November 5, 2007, Symantec announced its acquisition of Vontu, the leader in Data Loss Prevention (DLP) solutions, for $350 million.^[52]

On January 17, 2008, Symantec announced^[53] that it was spinning off its Application Performance Management (APM) business and the i3 product line to Vector Capital.^[54] Precise Software Solutions took over development, product management, marketing and sales for the APM business, launching as an independent company on September 17, 2008.^[55]

On August 18, 2008, Symantec announced the signing of an agreement to acquire PC Tools. Under the agreement, PC Tools would maintain separate operations. The financial terms of the acquisition were not disclosed. In May 2013, Symantec announced they were discontinuing the PC Tools line of internet security software.^[56]

In December 2013, Symantec announced they were discontinuing and retiring the entire PC Tools brand and offering a non expiring license to PC Tools Performance Toolkit, PC Tools Registry Mechanic, PC Tools File Recover and PC Tools Privacy Guardian users with an active subscription as of December 4, 2013.^[57]

On April 18, 2008, Symantec completed the acquisition of AppStream, Inc. (“AppStream”), a nonpublic Palo Alto, California-based provider of endpoint virtualization software. AppStream was acquired to complement Symantec's endpoint management and virtualization portfolio and strategy.^[58]

On October 9, 2008, Symantec announced its intent to acquire Gloucester-based MessageLabs (spun off from Star Internet in 2007) to boost its Software-as-a-Service (SaaS) business. Symantec purchased the online messaging and Web security provider for about $695 million in cash.^[59] The acquisition closed on November 17, 2008.^[60]

On April 29, 2010, Symantec announced its intent to acquire PGP Corporation and GuardianEdge.^[61] The acquisitions closed on June 4, 2010, and provided access to established encryption, key management and technologies to Symantec's customers.^{[citation needed]}

On May 19, 2010, Symantec signed a definitive agreement to acquire Verisign’s authentication business unit, which included the Secure Sockets Layer (SSL) Certificate, Public Key Infrastructure (PKI), Verisign Trust and Verisign Identity Protection (VIP) authentication services.^[62] The acquisition closed on August 9, 2010. In August 2012, Symantec completed its rebranding of the Verisign SSL Certificate Service by renaming the Verisign Trust Seal the Norton Secured Seal.^[63]

Acquired in October 10, 2010, RuleSpace is a web categorisation product first developed in 1996.^[64] The categorisation is, automated using what Symantec refers to as the Automated Categorization System (ACS). It is used as the base for content filtering by many UK ISP.^{[citation needed]}

On May 19, 2011, Symantec announced the acquisition of Clearwell Systems for approximately $390 million.^[65]

On January 17, 2012, Symantec announced the acquisition of cloud email-archiving company LiveOffice. The acquisition price was $115 million.^[66] Last year,^[ambiguous] Symantec joined the cloud storage and backup sector with its Enterprise Vault.cloud and Cloud Storage for Enterprise Vault solutions, in addition to a cloud messaging solution, Symantec Instant Messaging Security cloud (IMS.cloud).^{[citation needed]} Symantec stated that the acquisition would add to its information governance products,^[66][67] allowing customers to store information on-premises, in Symantec's data centers, or both.

On March 2, 2012, Symantec completed the acquisition of Odyssey Software. Odyssey Software's main product was Athena, which was device management software that extended Microsoft System Center solutions, adding the ability to manage, support and control mobile and embedded devices, such as smartphones and ruggedized handhelds.^[46][68]

Symantec completed its acquisition of Nukona, a provider of mobile application management (MAM), on April 2, 2012.^[69] The acquisition agreement between Symantec and Nukona was announced on March 20, 2012.^[70]

On May 2014 Symantec acquired NitroDesk, provider of TouchDown, the market-leading third-party EAS mobile application.^[71]

On June 13, 2016 it was announced that Symantec has acquired Blue Coat for $4.65 billion.^[72]

On August 9, 2004, the company announced that it discovered an error in its calculation of deferred revenue, which represented an accumulated adjustment of $20 million.^[73][74]

The arrival of the year 2010 triggered a bug in Symantec Endpoint. Symantec reported that malware and intrusion protection updates with "a date greater than December 31, 2009 11:59pm [were] considered to be 'out of date.'" The company created and distributed a workaround for the issue.^[75]

In March 2010, it was reported that Symantec AntiVirus and Symantec Client Security were prone to a vulnerability that might allow an attacker to bypass on-demand virus scanning, and permit malicious files to escape detection.^{[76][77][citation needed]}

In January 2011, multiple vulnerabilities in Symantec products that could be exploited by a denial-of-service attack, and thereby compromise a system, were reported. The products involved were Symantec AntiVirus Corporate Edition Server and Symantec System Center.^[78]

The November 12, 2012 Vulnerability Bulletin of the United States Computer Emergency Readiness Team (US-CERT) reported the following vulnerability for older versions of Symantec's Antivirus system: "The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file."^[79]

The problem relates to older versions of the systems and a patch is available. US-CERT rated the seriousness of this vulnerability as a 9.7 on a 10-point scale. The "decomposer engine" is a component of the scanning system that opens containers, such as compressed files, so that the scanner can evaluate the files within.^{[citation needed]}

In January 2012, James Gross filed a lawsuit against Symantec for distributing fake scareware scanners that purportedly alerted users of issues with their computers. Gross claimed that after the scan, only some of the errors and problems were corrected, and he was prompted by the scanner to purchase a Symantec app to remove the rest. Gross claimed that he bought the app, but it did not speed up his computer or remove the detected viruses. He hired a digital forensics expert to back up this claim. Symantec denied the allegations and said that it would contest the case.^[80] Symantec settled a $11 million fund (up to $9 to more than 1 million eligible customers representing the overpaid amount for the app) and the case was dismissed in court.^[81][82]

On January 17, 2012, Symantec disclosed that its network had been hacked. A hacker known as "Yama Tough" had obtained the source code for some Symantec software by hacking an Indian government server.^[83] Yama Tough released parts of the code, and threatened to release more. According to Chris Paden, a Symantec spokesman, the source code that was taken was for Enterprise products that were between five and six years old.^[83]

On September 25, 2012, an affiliate of the hacker group Anonymous published source code from Norton Utilities.^[84] Symantec confirmed that it was part of the code that had been stolen earlier, and that the leak included code for 2006 versions of Norton Utilities, pcAnywhere and Norton Antivirus.^[84]

In February 2012, it was reported that Verisign's network and data had been hacked repeatedly in 2010, but that the breaches had not been disclosed publicly until they were noted in an SEC filing in October 2011.^[85] Verisign did not provide information about whether the breach included its certificate authority business, which was acquired by Symantec in late 2010.^[85] Oliver Lavery, Director of Security and Research for nCircle, asked rhetorically, "Can we trust any site using Verisign SSL certificates? Without more clarity, the logical answer is no."^[86][87]

On February 17, 2012, details of an exploit of pcAnywhere were posted. The exploit would allow attackers to crash pcAnywhere on computers running Windows.^[88] Symantec released a hotfix for the issue twelve days later.^[89]

According to Mandiant, Symantec security products used by The New York Times detected only one of 45 pieces of malware that were installed by Chinese hackers on the newspaper's network during a three-month period in late 2012.^[90] Symantec responded:

"Advanced attacks like the ones the New York Times described in the following article, <http://nyti.ms/TZtr5z>, underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our [E]ndpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of [E]ndpoint solutions alone [is] not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough".^[91]

In February 2015, Symantec was found guilty of two counts of patent infringement in a suit by Intellectual Ventures Inc and ordered to pay $17 million in compensation and damages,^[92] In September 2016, this decision was reversed on appeal by the Federal Circuit.^[93][94]

On September 18, 2015, Google notified Symantec that the latter issued 23 test certificates for five organizations, including Google and Opera, without the domain owners' knowledge.^[95] Symantec performed another audit and announced that an additional 164 test certificates were mis-issued for 76 domains and 2,458 test certificates were mis-issued for domains that had never been registered. Google requested that Symantec update the public incident report with proven analysis explaining the details on each of the failures.^[96]

The company was asked to report all the certificates issued to the Certificate Transparency log henceforth.^[97][98] Symantec has since reported implementing Certificate Transparency for all its SSL Certificates. Above all, Google has insisted that Symantec execute a security audit by a third party and to maintain tamper-proof security audit logs.^[97]

On March 24, 2017, Google stated that it had lost confidence in Symantec, after the latest incident of improper certificate issuance.^[99][100] Google says millions of existing Symantec certificates will become untrusted in Google Chrome over the next 12 months. According to Google, Symantec partners issued at least 30,000 certificates of questionable validity over several years, but Symantec disputes that number.^[101] Google said Symantec failed to comply with industry standards and could not provide audits showing the necessary documentation.^[102][103]

Google’s Ryan Sleevi said that Symantec partnered with other CAs (CrossCert (Korea Electronic Certificate Authority), Certisign Certificatadora Digital, Certsuperior S. de R. L. de C.V., and Certisur S.A.) who did not follow proper verification procedures leading to the misissuance of certificates.^[104]

Following discussions in which Google had required that Symantec migrate Symantec-branded certificate issuance operations a non-Symantec-operated “Managed Partner Infrastructure”,^[105] a deal was announced whereby DigiCert acquired Symantec's website security business.^[106] In September 2017, Google announced that starting with Chrome 66, "Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016".^[107] Google further stated that "by December 1, 2017, Symantec will transition issuance and operation of publicly-trusted certificates to DigiCert infrastructure, and certificates issued from the old Symantec infrastructure after this date will not be trusted in Chrome."^[107] Google predicted that toward the end of October, 2018, with the release of Chrome 70, the browser would omit all trust in Symantec’s old infrastructure and all of the certificates it had issued, affecting most certificates chaining to Symantec roots.^[107] Mozilla Firefox will also remove trust in Symantec-issued certificates by Firefox 63, due to be released on October 23, 2018.^[108]

• Comparison of antivirus software
• Comparison of computer viruses
• Huawei Symantec, a joint venture between Huawei and Symantec
• List of mergers and acquisitions by Symantec
• Web blocking in the United Kingdom - Technologies
• Symantec behavior analysis technologies SONAR and AntiBot

• Business data for Symantec:
  • Google Finance
  • Yahoo! Finance
  • Reuters
  • SEC filings

Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

Antivirus software was originally developed to detect and remove computer viruses, hence the name. However, with the proliferation of other malware, antivirus software started to protect against other computer threats. Some products also include protection from malicious URLs, spam, and phishing.^[1]

Although the roots of the computer virus date back as early as 1949, when the Hungarian scientist John von Neumann published the "Theory of self-reproducing automata",^[2] the first known computer virus appeared in 1971 and was dubbed the "Creeper virus".^[3] This computer virus infected Digital Equipment Corporation's (DEC) PDP-10 mainframe computers running the TENEX operating system.^[4][5]

The Creeper virus was eventually deleted by a program created by Ray Tomlinson and known as "The Reaper".^[6] Some people consider "The Reaper" the first antivirus software ever written – it may be the case, but it is important to note that the Reaper was actually a virus itself specifically designed to remove the Creeper virus.^[6][7]

The Creeper virus was followed by several other viruses. The first known that appeared "in the wild" was "Elk Cloner", in 1981, which infected Apple II computers.^[8][9][10]

In 1983, the term "computer virus" was coined by Fred Cohen in one of the first ever published academic papers on computer viruses.^[11] Cohen used the term "computer virus" to describe programs that: "affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself."^[12] (note that a more recent definition of computer virus has been given by the Hungarian security researcher Péter Szőr: "a code that recursively replicates a possibly evolved copy of itself").^[13][14]

The first IBM PC compatible "in the wild" computer virus, and one of the first real widespread infections, was "Brain" in 1986. From then, the number of viruses has grown exponentially.^[15][16] Most of the computer viruses written in the early and mid-1980s were limited to self-reproduction and had no specific damage routine built into the code. That changed when more and more programmers became acquainted with computer virus programming and created viruses that manipulated or even destroyed data on infected computers.^[17]

Before internet connectivity was widespread, computer viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable files and the boot sectors of floppy disks and hard disks. However, as internet usage became common, viruses began to spread online.^[18]

There are competing claims for the innovator of the first antivirus product. Possibly, the first publicly documented removal of an "in the wild" computer virus (i.e. the "Vienna virus") was performed by Bernd Fix in 1987.^[19][20]

In 1987, Andreas Lüning and Kai Figge, who founded G Data Software in 1985, released their first antivirus product for the Atari ST platform.^[21] In 1987, the Ultimate Virus Killer (UVK) was also released.^[22] This was the de facto industry standard virus killer for the Atari ST and Atari Falcon, the last version of which (version 9.0) was released in April 2004.^{[citation needed]} In 1987, in the United States, John McAfee founded the McAfee company (was part of Intel Security^[23]) and, at the end of that year, he released the first version of VirusScan.^[24] Also in 1987 (in Czechoslovakia), Peter Paško, Rudolf Hrubý, and Miroslav Trnka created the first version of NOD antivirus.^[25][26]

In 1987, Fred Cohen wrote that there is no algorithm that can perfectly detect all possible computer viruses.^[27]

Finally, at the end of 1987, the first two heuristic antivirus utilities were released: Flushot Plus by Ross Greenberg^[28][29][30] and Anti4us by Erwin Lanting.^[31] In his O'Reilly book, Malicious Mobile Code: Virus Protection for Windows, Roger Grimes described Flushot Plus as "the first holistic program to fight malicious mobile code (MMC)."^[32]

However, the kind of heuristic used by early AV engines was totally different from those used today. The first product with a heuristic engine resembling modern ones was F-PROT in 1991.^[33] Early heuristic engines were based on dividing the binary into different sections: data section, code section (in a legitimate binary, it usually starts always from the same location). Indeed, the initial viruses re-organized the layout of the sections, or overrode the initial portion of a section in order to jump to the very end of the file where malicious code was located—only going back to resume execution of the original code. This was a very specific pattern, not used at the time by any legitimate software, which represented an elegant heuristic to catch suspicious code. Other kinds of more advanced heuristics were later added, such as suspicious section names, incorrect header size, regular expressions, and partial pattern in-memory matching.

In 1988, the growth of antivirus companies continued. In Germany, Tjark Auerbach founded Avira (H+BEDV at the time) and released the first version of AntiVir (named "Luke Filewalker" at the time). In Bulgaria, Vesselin Bontchev released his first freeware antivirus program (he later joined FRISK Software). Also Frans Veldman released the first version of ThunderByte Antivirus, also known as TBAV (he sold his company to Norman Safeground in 1998). In Czechoslovakia, Pavel Baudiš and Eduard Kučera started avast! (at the time ALWIL Software) and released their first version of avast! antivirus. In June 1988, in South Korea , Ahn Cheol-Soo released its first antivirus software, called V1 (he founded AhnLab later in 1995). Finally, in autumn 1988, in the United Kingdom, Alan Solomon founded S&S International and created his Dr. Solomon's Anti-Virus Toolkit (although he launched it commercially only in 1991 – in 1998 Solomon's company was acquired by McAfee). In November 1988 a professor at the Panamerican University in Mexico City named Alejandro E. Carriles copyrighted the first antivirus software in Mexico under the name "Byte Matabichos" (Byte Bugkiller) to help solve the rampant virus infestation among students.^[34]

Also in 1988, a mailing list named VIRUS-L^[35] was started on the BITNET/EARN network where new viruses and the possibilities of detecting and eliminating viruses were discussed. Some members of this mailing list were: Alan Solomon, Eugene Kaspersky (Kaspersky Lab), Friðrik Skúlason (FRISK Software), John McAfee (McAfee), Luis Corrons (Panda Security), Mikko Hyppönen (F-Secure), Péter Szőr, Tjark Auerbach (Avira) and Vesselin Bontchev (FRISK Software).^[35]

In 1989, in Iceland, Friðrik Skúlason created the first version of F-PROT Anti-Virus (he founded FRISK Software only in 1993). Meanwhile, in the United States, Symantec (founded by Gary Hendrix in 1982) launched its first Symantec antivirus for Macintosh (SAM).^[36][37] SAM 2.0, released March 1990, incorporated technology allowing users to easily update SAM to intercept and eliminate new viruses, including many that didn't exist at the time of the program's release.^[38]

In the end of the 1980s, in United Kingdom, Jan Hruska and Peter Lammer founded the security firm Sophos and began producing their first antivirus and encryption products. In the same period, in Hungary, also VirusBuster was founded (which has recently being incorporated by Sophos).

In 1990, in Spain, Mikel Urizarbarrena founded Panda Security (Panda Software at the time).^[39] In Hungary, the security researcher Péter Szőr released the first version of Pasteur antivirus. In Italy, Gianfranco Tonello created the first version of VirIT eXplorer antivirus, then founded TG Soft one year later.^[40]

In 1990, the Computer Antivirus Research Organization (CARO) was founded. In 1991, CARO released the "Virus Naming Scheme", originally written by Friðrik Skúlason and Vesselin Bontchev.^[41] Although this naming scheme is now outdated, it remains the only existing standard that most computer security companies and researchers ever attempted to adopt. CARO members includes: Alan Solomon, Costin Raiu, Dmitry Gryaznov, Eugene Kaspersky, Friðrik Skúlason, Igor Muttik, Mikko Hyppönen, Morton Swimmer, Nick FitzGerald, Padgett Peterson, Peter Ferrie, Righard Zwienenberg and Vesselin Bontchev.^[42][43]

In 1991, in the United States, Symantec released the first version of Norton AntiVirus. In the same year, in the Czech Republic, Jan Gritzbach and Tomáš Hofer founded AVG Technologies (Grisoft at the time), although they released the first version of their Anti-Virus Guard (AVG) only in 1992. On the other hand, in Finland , F-Secure (founded in 1988 by Petri Allas and Risto Siilasmaa – with the name of Data Fellows) released the first version of their antivirus product. F-Secure claims to be the first antivirus firm to establish a presence on the World Wide Web.^[44]

In 1991, the European Institute for Computer Antivirus Research (EICAR) was founded to further antivirus research and improve development of antivirus software.^[45][46]

In 1992, in Russia, Igor Danilov released the first version of SpiderWeb, which later became Dr.Web.^[47]

In 1994, AV-TEST reported that there were 28,613 unique malware samples (based on MD5) in their database.^[48]

Over time other companies were founded. In 1996, in Romania, Bitdefender was founded and released the first version of Anti-Virus eXpert (AVX).^[49] In 1997, in Russia, Eugene Kaspersky and Natalya Kaspersky co-founded security firm Kaspersky Lab.^[50]

In 1996, there was also the first "in the wild" Linux virus, known as "Staog".^[51]

In 1999, AV-TEST reported that there were 98,428 unique malware samples (based on MD5) in their database.^[48]

In 2000, Rainer Link and Howard Fuhs started the first open source antivirus engine, called OpenAntivirus Project.^[52]

In 2001, Tomasz Kojm released the first version of ClamAV, the first ever open source antivirus engine to be commercialised. In 2007, ClamAV was bought by Sourcefire,^[53] which in turn was acquired by Cisco Systems in 2013.^[54]

In 2002, in United Kingdom, Morten Lund and Theis Søndergaard co-founded the antivirus firm BullGuard.^[55]

In 2005, AV-TEST reported that there were 333,425 unique malware samples (based on MD5) in their database.^[48]

In 2007, AV-TEST reported a number of 5,490,960 new unique malware samples (based on MD5) only for that year.^[48] In 2012 and 2013, antivirus firms reported a new malware samples range from 300,000 to over 500,000 per day.^[56][57]

Over the years it has become necessary for antivirus software to use several different strategies (e.g. specific email and network protection or low level modules) and detection algorithms, as well as to check an increasing variety of files, rather than just executables, for several reasons:

• Powerful macros used in word processor applications, such as Microsoft Word, presented a risk. Virus writers could use the macros to write viruses embedded within documents. This meant that computers could now also be at risk from infection by opening documents with hidden attached macros.^[58]
• The possibility of embedding executable objects inside otherwise non-executable file formats can make opening those files a risk.^[59]
• Later email programs, in particular Microsoft's Outlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. A user's computer could be infected by just opening or previewing a message.^[60]

In 2005, F-Secure was the first security firm that developed an Anti-Rootkit technology, called BlackLight.

Because most users are usually connected to the Internet on a continual basis, Jon Oberheide first proposed a Cloud-based antivirus design in 2008.^[61]

In February 2008 McAfee Labs added the industry-first cloud-based anti-malware functionality to VirusScan under the name Artemis. It was tested by AV-Comparatives in February 2008^[62] and officially unveiled in August 2008 in McAfee VirusScan.^[63]

Cloud AV created problems for comparative testing of security software – part of the AV definitions was out of testers control (on constantly updated AV company servers) thus making results non-repeatable. As a result, Anti-Malware Testing Standards Organisation (AMTSO) started working on method of testing cloud products which was adopted on May 7, 2009.^[64]

In 2011, AVG introduced a similar cloud service, called Protective Cloud Technology.^[65]

Following the 2013 release of the APT 1 report from Mandiant, the industry has seen a shift towards signature-less approaches to the problem capable of detecting and mitigating zero-day attacks.^[66] Numerous approaches to address these new forms of threats have appeared, including behavioral detection, artificial intelligence, machine learning, and cloud-based file detonation. According to Gartner, it is expected the rise of new entrants, such Carbon Black, Cylance and Crowdstrike will force EPP incumbents into a new phase of innovation and acquisition.^[67] One method from Bromium involves micro-virtualization to protect desktops from malicious code execution initiated by the end user. Another approach from SentinelOne and Carbon Black focuses on behavioral detection by building a full context around every process execution path in real time,^[68][69] while Cylance leverages an artificial intelligence model based on machine learning.^[70] Increasingly, these signature-less approaches have been defined by the media and analyst firms as "next-generation" antivirus^[71] and are seeing rapid market adoption as certified antivirus replacement technologies by firms such as Coalfire and DirectDefense.^[72] In response, traditional antivirus vendors such as Trend Micro,^[73] Symantec and Sophos^[74] have responded by incorporating "next-gen" offerings into their portfolios as analyst firms such as Forrester and Gartner have called traditional signature-based antivirus "ineffective" and "outdated".^[75]

As of Windows 8, Windows includes its own free antivirus protection under the Windows Defender brand. Despite bad detection scores in its early days, AV-Test now certifies Defender as one of its top products.^[76][77] While it isn't publicly known how the inclusion of antivirus software in Windows affected antivirus sales, Google search traffic for antivirus has declined significantly since 2010.^[78]

Since 2016, there has been a notable amount of consolidation in the industry. Avast purchased AVG in 2016 for $1.3 billion.^[79] Avira was acquired by Norton owner Gen Digital (then NortonLifeLock) in 2020 for $360 million.^[80] In 2021, the Avira division of Gen Digital acquired BullGuard.^[81] The BullGuard brand was discontinued in 2022 and its customers were migrated to Norton. In 2022, Gen Digital acquired Avast, effectively consolidating four major antivirus brands under one owner.^[82]

In 1987, Frederick B. Cohen demonstrated that the algorithm, which would be able to detect all possible viruses, can't possibly exist (like the algorithm which determines whether or not the given program halts).^[27] However, using different layers of defense, a good detection rate may be achieved.

There are several methods which antivirus engines can use to identify malware:

• Sandbox detection: a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged which can include memory usage and network accesses,^[83] the antivirus engine can determine if the program is malicious or not.^[84] If not, then, the program is executed in the real environment. Albeit this technique has shown to be quite effective, given its heaviness and slowness, it is rarely used in end-user antivirus solutions.^[85]
• Data mining techniques: one of the latest approaches applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features, that are extracted from the file itself.^{[86][87][88][89][90][91][92][93][94][95][96][97][98][99][excessive citations]}

Traditional antivirus software relies heavily upon signatures to identify malware.^[100]

Substantially, when a malware sample arrives in the hands of an antivirus firm, it is analysed by malware researchers or by dynamic analysis systems. Then, once it is determined to be a malware, a proper signature of the file is extracted and added to the signatures database of the antivirus software.^[101]

Although the signature-based approach can effectively contain malware outbreaks, malware authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.^[102]

Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition.^[103]

For example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct categories, Trojan.Vundo and Trojan.Vundo.B.^[104][105]

While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code.^[106] A detection that uses this method is said to be "heuristic detection".

Anti-virus software can attempt to scan for rootkits. A rootkit is a type of malware designed to gain administrative-level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases can tamper with the anti-virus program and render it ineffective. Rootkits are also difficult to remove, in some cases requiring a complete re-installation of the operating system.^[107]

Real-time protection, on-access scanning, background guard, resident shield, autoprotect, and other synonyms refer to the automatic protection provided by most antivirus, anti-spyware, and other anti-malware programs. This monitors computer systems for suspicious activity such as computer viruses, spyware, adware, and other malicious objects. Real-time protection detects threats in opened files and scans apps in real-time as they are installed on the device.^[108] When inserting a CD, opening an email, or browsing the web, or when a file already on the computer is opened or executed.^[109]

Some commercial antivirus software end-user license agreements include a clause that the subscription will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval. For example, McAfee requires users to unsubscribe at least 60 days before the expiration of the present subscription^[110] while Bitdefender sends notifications to unsubscribe 30 days before the renewal.^[111] Norton AntiVirus also renews subscriptions automatically by default.^[112]

Some apparent antivirus programs are actually malware masquerading as legitimate software, such as WinFixer, MS Antivirus, and Mac Defender.^[113]

A "false positive" or "false alarm" is when antivirus software identifies a non-malicious file as malware. When this happens, it can cause serious problems. For example, if an antivirus program is configured to immediately delete or quarantine infected files, as is common on Microsoft Windows antivirus applications, a false positive in an essential file can render the Windows operating system or some applications unusable.^[114] Recovering from such damage to critical software infrastructure incurs technical support costs and businesses can be forced to close whilst remedial action is undertaken.^[115][116]

Examples of serious false-positives:

• May 2007: a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.^[117]
• May 2007: the executable file required by Pegasus Mail on Windows was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running. Norton AntiVirus had falsely identified three releases of Pegasus Mail as malware, and would delete the Pegasus Mail installer file when that happened.^[118] In response to this Pegasus Mail stated:

“

On the basis that Norton/Symantec has done this for every one of the last three releases of Pegasus Mail, we can only condemn this product as too flawed to use, and recommend in the strongest terms that our users cease using it in favour of alternative, less buggy anti-virus packages.[118]

”

• April 2010: McAfee VirusScan detected svchost.exe, a normal Windows binary, as a virus on machines running Windows XP with Service Pack 3, causing a reboot loop and loss of all network access.^[119][120]
• December 2010: a faulty update on the AVG anti-virus suite damaged 64-bit versions of Windows 7, rendering it unable to boot, due to an endless boot loop created.^[121]
• October 2011: Microsoft Security Essentials (MSE) removed the Google Chrome web browser, rival to Microsoft's own Internet Explorer. MSE flagged Chrome as a Zbot banking trojan.^[122]
• September 2012: Sophos' anti-virus suite identified various update-mechanisms, including its own, as malware. If it was configured to automatically delete detected files, Sophos Antivirus could render itself unable to update, required manual intervention to fix the problem.^[123][124]
• September 2017: the Google Play Protect anti-virus started identifying Motorola's Moto G4 Bluetooth application as malware, causing Bluetooth functionality to become disabled.^[125]
• September 2022: Microsoft Defender flagged all Chromium based web browsers and Electron based apps like WhatsApp, Discord, Spotify as a severe threat.^[126]

Running (the real-time protection of) multiple antivirus programs concurrently can degrade performance and create conflicts.^[127] However, using a concept called multiscanning, several companies (including G Data Software^[128] and Microsoft^[129]) have created applications which can run multiple engines concurrently.

It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.^[130] Active antivirus protection may partially or completely prevent the installation of a major update. Anti-virus software can cause problems during the installation of an operating system upgrade, e.g. when upgrading to a newer version of Windows "in place"—without erasing the previous version of Windows. Microsoft recommends that anti-virus software be disabled to avoid conflicts with the upgrade installation process.^{[131][132][133]} Active anti-virus software can also interfere with a firmware update process.^[134]

The functionality of a few computer programs can be hampered by active anti-virus software. For example, TrueCrypt, a disk encryption program, states on its troubleshooting page that anti-virus programs can conflict with TrueCrypt and cause it to malfunction or operate very slowly.^[135] Anti-virus software can impair the performance and stability of games running in the Steam platform.^[136]

Support issues also exist around antivirus application interoperability with common solutions like SSL VPN remote access and network access control products.^[137] These technology solutions often have policy assessment applications that require an up-to-date antivirus to be installed and running. If the antivirus application is not recognized by the policy assessment, whether because the antivirus application has been updated or because it is not part of the policy assessment library, the user will be unable to connect.

Studies in December 2007 showed that the effectiveness of antivirus software had decreased in the previous year, particularly against unknown or zero day attacks. The computer magazine c't found that detection rates for these threats had dropped from 40 to 50% in 2006 to 20–30% in 2007. At that time, the only exception was the NOD32 antivirus, which managed a detection rate of 68%.^[138] According to the ZeuS tracker website the average detection rate for all variants of the well-known ZeuS trojan is as low as 40%.^[139]

The problem is magnified by the changing intent of virus authors. Some years ago it was obvious when a virus infection was present. At the time, viruses were written by amateurs and exhibited destructive behavior or pop-ups. Modern viruses are often written by professionals, financed by criminal organizations.^[140]

In 2008, Eva Chen, CEO of Trend Micro, stated that the anti-virus industry has over-hyped how effective its products are—and so has been misleading customers—for years.^[141]

Independent testing on all the major virus scanners consistently shows that none provides 100% virus detection. The best ones provided as high as 99.9% detection for simulated real-world situations, while the lowest provided 91.1% in tests conducted in August 2013. Many virus scanners produce false positive results as well, identifying benign files as malware.^[142]

Although methods may differ, some notable independent quality testing agencies include AV-Comparatives, ICSA Labs, SE Labs, West Coast Labs, Virus Bulletin, AV-TEST and other members of the Anti-Malware Testing Standards Organization.^[143][144]

Anti-virus programs are not always effective against new viruses, even those that use non-signature-based methods that should detect new viruses. The reason for this is that the virus designers test their new viruses on the major anti-virus applications to make sure that they are not detected before releasing them into the wild.^[145]

Some new viruses, particularly ransomware, use polymorphic code to avoid detection by virus scanners. Jerome Segura, a security analyst with ParetoLogic, explained:^[146]

“

It's something that they miss a lot of the time because this type of [ransomware virus] comes from sites that use a polymorphism, which means they basically randomize the file they send you and it gets by well-known antivirus products very easily. I've seen people firsthand getting infected, having all the pop-ups and yet they have antivirus software running and it's not detecting anything. It actually can be pretty hard to get rid of, as well, and you're never really sure if it's really gone. When we see something like that usually we advise to reinstall the operating system or reinstall backups.[146]

”

A proof of concept virus has used the Graphics Processing Unit (GPU) to avoid detection from anti-virus software. The potential success of this involves bypassing the CPU in order to make it much harder for security researchers to analyse the inner workings of such malware.^[147]

Detecting rootkits is a major challenge for anti-virus programs. Rootkits have full administrative access to the computer and are invisible to users and hidden from the list of running processes in the task manager. Rootkits can modify the inner workings of the operating system and tamper with antivirus programs.^[148]

If a file has been infected by a computer virus, anti-virus software will attempt to remove the virus code from the file during disinfection, but it is not always able to restore the file to its undamaged state.^[149][150] In such circumstances, damaged files can only be restored from existing backups or shadow copies (this is also true for ransomware^[151]); installed software that is damaged requires re-installation^[152] (however, see System File Checker).

Any writeable firmware in the computer can be infected by malicious code.^[153] This is a major concern, as an infected BIOS could require the actual BIOS chip to be replaced to ensure the malicious code is completely removed.^[154] Anti-virus software is not effective at protecting firmware and the motherboard BIOS from infection.^[155] In 2014, security researchers discovered that USB devices contain writeable firmware which can be modified with malicious code (dubbed "BadUSB"), which anti-virus software cannot detect or prevent. The malicious code can run undetected on the computer and could even infect the operating system prior to it booting up.^[156][157]

Antivirus software has some drawbacks, first of which that it can impact a computer's performance.^[158]

Furthermore, inexperienced users can be lulled into a false sense of security when using the computer, considering their computers to be invulnerable, and may have problems understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, it must be fine-tuned to minimize misidentifying harmless software as malicious (false positive).^[159]

Antivirus software itself usually runs at the highly trusted kernel level of the operating system to allow it access to all the potential malicious process and files, creating a potential avenue of attack.^[160] The US National Security Agency (NSA) and the UK Government Communications Headquarters (GCHQ) intelligence agencies, respectively, have been exploiting anti-virus software to spy on users.^[161] Anti-virus software has highly privileged and trusted access to the underlying operating system, which makes it a much more appealing target for remote attacks.^[162] Additionally anti-virus software is "years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there", according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy.^[162]

Antivirus software running on individual computers is the most common method employed of guarding against malware, but it is not the only solution. Other solutions can also be employed by users, including Unified Threat Management (UTM), hardware and network firewalls, Cloud-based antivirus and online scanners.

Network firewalls prevent unknown programs and processes from accessing the system. However, they are not antivirus systems and make no attempt to identify or remove anything. They may protect against infection from outside the protected computer or network, and limit the activity of any malicious software which is present by blocking incoming or outgoing requests on certain TCP/IP ports. A firewall is designed to deal with broader system threats that come from network connections into the system and is not an alternative to a virus protection system.

Cloud antivirus is a technology that uses lightweight agent software on the protected computer, while offloading the majority of data analysis to the provider's infrastructure.^[163]

One approach to implementing cloud antivirus involves scanning suspicious files using multiple antivirus engines. This approach was proposed by an early implementation of the cloud antivirus concept called CloudAV. CloudAV was designed to send programs or documents to a network cloud where multiple antivirus and behavioral detection programs are used simultaneously in order to improve detection rates. Parallel scanning of files using potentially incompatible antivirus scanners is achieved by spawning a virtual machine per detection engine and therefore eliminating any possible issues. CloudAV can also perform "retrospective detection", whereby the cloud detection engine rescans all files in its file access history when a new threat is identified thus improving new threat detection speed. Finally, CloudAV is a solution for effective virus scanning on devices that lack the computing power to perform the scans themselves.^[164]

Some examples of cloud anti-virus products are Panda Cloud Antivirus and Immunet. Comodo Group has also produced cloud-based anti-virus.^[165][166]

Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files. Periodic online scanning is a good idea for those that run antivirus applications on their computers because those applications are frequently slow to catch threats. One of the first things that malicious software does in an attack is disable any existing antivirus software and sometimes the only way to know of an attack is by turning to an online resource that is not installed on the infected computer.^[167]

Virus removal tools are available to help remove stubborn infections or a certain type of infection. Examples include Windows Malicious Software Removal Tool,^[168] Sophos Scan & Clean,^[169] and Kaspersky Virus Removal Tool.^[170] It is also worth noting that sometimes antivirus software can produce a false-positive result, indicating an infection where there is none.^[171]

A rescue disk that is bootable, such as a CD or USB storage device, can be used to run antivirus software outside of the installed operating system in order to remove infections while they are dormant. A bootable rescue disk can be useful when, for example, the installed operating system is no longer bootable or has malware that is resisting all attempts to be removed by the installed antivirus software. Examples of software that can be used on a bootable rescue disk include the Trend Micro Rescue Disk,^[172] Kaspersky Rescue Disk,^[173] and Comodo Rescue Disk.^[174] Most of the rescue disk software can also be installed onto a USB storage device that is bootable on newer computers.

According to an FBI survey, major businesses lose $12 million annually dealing with virus incidents.^[175] A survey by Symantec in 2009 found that a third of small to medium-sized business did not use antivirus protection at that time, whereas more than 80% of home users had some kind of antivirus installed.^[176] According to a sociological survey conducted by G Data Software in 2010 49% of women did not use any antivirus program at all.^[177]

• Anti-virus and anti-malware software
• CARO, the Computer Antivirus Research Organization
• Comparison of antivirus software
• Comparison of computer viruses
• EICAR, the European Institute for Computer Antivirus Research
• Firewall software
• Internet security
• Linux malware
• Quarantine (antivirus program)
• Sandbox (computer security)
• Timeline of computer viruses and worms
• Virus hoax

      PLEASE BE CAUTIOUS ADDING MORE EXTERNAL LINKS.

Wikipedia is not a collection of links and should not be used for advertising.

    Excessive or inappropriate links will be removed.

See Wikipedia:External links and Wikipedia:Spam for details.

If there are already suitable links, propose additions or replacements on the article's talk page, or submit your link to the relevant category at the Open Directory Project (dmoz.org) and link there using Symantec at Curlie. -->

This article is part of a series on
Information security
Related security categories
Internet security Automotive security Cyberwarfare Computer security Mobile security Network security
Threats
Advanced persistent threat Computer crime Vulnerabilities Eavesdropping Malware Spyware Ransomware Trojans Viruses Worms Rootkits Bootkits Keyloggers Screen scrapers Exploits Backdoors Logic bombs Payloads Denial of service Web shells Web application security Phishing
Defenses
Computer access control Application security Antivirus software Secure coding Secure by default Secure by design Secure operating systems Authentication Multi-factor authentication Authorization Data-centric security Encryption Firewall Intrusion detection system Mobile secure gateway Runtime application self-protection (RASP)
v t e

0.00 (0 votes) Original source: https://en.wikipedia.org/wiki/Antivirus software. Read more

0.00 (0 votes)