As mentioned in the introduction section there are various types of malware and an anti-virus solution protects against such malware, detects and removes them from an entity’s Information technology environment. An anti-virus is said to be robust enough when it is able to detect and appropriately respond to a large scope of the malware known today. The robustness of anti-virus depends on the number of signatures it has on its database for the signature-based types or the anomaly profiles configured for the anomaly-based anti-virus. A good anti-virus software combines both signature and anomaly criteria to protect an information technology environment from malware.
Wanna cry, Petya and kiratos are some of the most recent malware that has hit the information technology industry (Chen et al., p.45). Some old anti-viruses may not detect such malware if they are not updated regularly. Regular updates keep the signature base of an anti-virus up to date thus making it robust enough. Various studies have identified Bitdefender, Norton and Webroot among the best anti-virus solutions in the market today. The three anti-virus solutions are able to identify a large scope of malware if they are regularly connected to the respective vendor sites to pick up dates.
The antivirus was first introduced in the information security industry in 2001. At that time it was designed to help detect and remove the virus type of malware. Its functionality was limited to the number of signatures in its database. The antivirus was first developed for the windows environment. Various types of malware were later discovered in the information security industry necessitating a stronger mechanism of detecting and removing such malware. The signature-based approach could not detect new malware whose signatures had not been included in the antivirus database.
The Bitdefender Company under the leadership of founder and current CEO Florin Talpes included code in the antivirus solution that could facilitate abnormal behaviour based detection approach. Bitdefender was initially designed to work on the windows environment. A version compatible for the various Linux distributions was not available at inception. The security research team later developed a version that is compatible with Linux distributions such as the Android version used on mobile devices.
Currently, Bitdefender is both a signature and anomaly-based anti-virus that is used on windows environments across organizations and android based mobile devices to protect, detect and remove viruses among other malware. The combination of the signature based and anomaly-based approach makes the antivirus standout. The Bitdefender security team provides prompt updates for new malware to ensure sufficient protection of the company’s clients also.
The development of the Norton antivirus can be associated with the incorporation of Peter Norton Computing Inc. information security that was incorporated in 1982. The company was incorporated to produce DOS-based utilities with little focus on security and antiviruses. At that time, Norton was one of the DOS utilities produced by the company. Symantec acquired the company in 1990 necessitating its change of name to Peter Norton Consulting Group. The group launched the Norton Antivirus in 1991 to support personal computers. The company has continuously improved the antivirus and today it has a security package known as Norton Security that has the antivirus feature among other security features.
Currently, Norton is one of the antiviruses used by organizations with large information technology environments. The antivirus uses signatures, suspicious behaviour and sandbox approach in the process of detecting malware on an entities environment. The enterprise version of the Norton antivirus scans end-points and servers periodically or on demand based on configurations producing a report that used to take appropriate action by the system administrator. Norton has the ability to detect viruses, Trojan horses, ransomware among other malware (Military, p.13). The fact that Norton utilizes both signatures and suspicious behaviour approaches in the process of protecting, detecting and removing malware from an information technology environment makes it robust hence the reason it has been classified among the best antivirus solutions by various studies.
The history of the Webroot antivirus points back to 1997 when Steven Thomas an information security expert launched a security solution used to remove traces of software from an environment through the company Webroot (Mirza, p. 76). The tool was launched for the windows environment. At the time of launching, there was a Linux compatible version was not released. In 2002 the company designed and launched a security software for removing and blocking spyware. The product was known by the name Webroot Spy Sweeper (Baquiran, p.67). The solution was improved to incorporate the antivirus functionality in 2006 (Alazab et al., p.204-211).
The Webroot antivirus has been evolving over time and today it has the ability to protect systems from a wide range of malware. The tool equally has the ability to detect and remove malware on infected systems. Webroot antivirus is able to scan an environment either from an endpoint or enterprise antivirus server and produce results on any infections. Administrators can then use the reports to take action using the antivirus solution. Some of the actions that can be achieved using the Webroot antivirus solution after detecting malware is quarantining or removing the infected files. Webroot identifies malware using both signatures and suspicious software behaviour. Webroot is known for its robust nature that made it one of the first antiviruses to be able to detect and protect computer systems against ransomware such as Wanna cry and Petya.
The Cybersecurity threat landscape has evolved over time. Most antiviruses including Norton, Bitdefender and Webroot were first developed to help protect, detect and remove viruses from computer systems. The earliest versions of the three antiviruses were signature-based and were not robust enough. The emergence of other malware such as Trojan horse, worms and ransomware in the cybersecurity industry necessitated the creation of more robust security software. Some of the viruses that the three antiviruses were initially developed to detect were later altered to develop a feature changing capability that helped them execute in different ways hence the original signatures could not be detected. Systems secured by the antiviruses were still infected and inappropriate activities perpetrated by the malware.
The security companies went a step higher and incorporated the suspicious behaviour detection capability. Webroot, Norton and Bitdefender antiviruses have stood the test of time as the best antivirus software and the main reason they all stand out is the fact that they can all use machine learning or behaviour based detection abilities to fight malware. When the antivirus solutions were first developed, organizations had to install an antivirus individually in each endpoint server. With time all the three antiviruses had an enterprise edition that allowed system administrators to release the agents from a central server to end devices. Currently, security experts are able to scan their environments for any threats from an enterprise antivirus server. The antiviruses will continuously evolve with the changing security threat landscape.