Editing Malware (section)

===Antivirus / Anti-malware software===
Anti-malware (sometimes also called [[Antivirus software|antivirus]]) programs block and remove some or all types of malware. For example, [[Microsoft Security Essentials]] (for Windows XP, Vista, and Windows 7) and [[Windows Defender]] (for [[Windows 8]], [[Windows 10|10]] and [[Windows 11|11]]) provide real-time protection. The [[Windows Malicious Software Removal Tool]] removes malicious software from the system.<ref>{{cite web|title=Malicious Software Removal Tool|url=http://www.microsoft.com/security/pc-security/malware-removal.aspx|url-status=dead|archive-url=https://web.archive.org/web/20120621103611/http://www.microsoft.com/security/pc-security/malware-removal.aspx|archive-date=21 June 2012|access-date=21 June 2012|publisher=Microsoft}}</ref> Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use).<ref name="PCmag">{{cite web|last=Rubenking|first=Neil J.|date=22 January 2025|title=The Best Free Antivirus Software for 2025|url=https://www.pcmag.com/picks/the-best-free-antivirus-protection|access-date=18 February 2025|archive-date=12 February 2025|archive-url=https://web.archive.org/web/20250212195340/https://www.pcmag.com/picks/the-best-free-antivirus-protection|url-status=live}}</ref> Tests found some free programs to be competitive with commercial ones.<ref name="PCmag" /><ref>{{cite news|title=Free antivirus profiles in 2025|website=antivirusgratis.org|url=https://www.antivirusgratis.org|url-status=live|access-date=18 February 2025|archive-url=https://web.archive.org/web/20250117052335/https://www.antivirusgratis.org/|archive-date=17 January 2025|language=es}}</ref><ref>{{cite web|title=Quickly identify malware running on your PC|url=https://www.techadvisor.co.uk/download/security/crowdinspect-1500-3329721|website=techadvisor.co.uk|access-date=2 September 2018|archive-date=2 September 2018|archive-url=https://web.archive.org/web/20180902220617/https://www.techadvisor.co.uk/download/security/crowdinspect-1500-3329721/|url-status=dead}}</ref>

Typically, antivirus software can combat malware in the following ways:
# '''Real-time protection:''' They can provide real time protection against the installation of malware software on a computer. This type of malware protection works the same way as that of antivirus protection in that the anti-malware software scans all incoming [[Computer network|network]] data for malware and blocks any [[Threat (computer)|threats]] it comes across.
# '''Removal:''' Anti-malware software programs can be used solely for detection and removal of malware software that has already been installed onto a computer. This type of anti-malware software scans the contents of the Windows registry, operating system files, and installed programs on a computer and will provide a list of any threats found, allowing the user to choose which files to delete or keep, or to compare this list to a list of known malware components, removing files that match.<ref>{{cite web|title=How Antivirus Software Works?|url=https://antivirus.comodo.com/how-antivirus-software-works.php|access-date=16 October 2015|archive-date=12 January 2017|archive-url=https://web.archive.org/web/20170112193703/https://antivirus.comodo.com/how-antivirus-software-works.php|url-status=live}}</ref>{{Failed verification|date=July 2024|reason=These statements are not matching the info provided by the reference, although they might still be accurate.}}
#'''Sandboxing:''' [[Sandbox (computer security)|Sandboxing]] confines applications within a controlled environment, restricting their operations and isolating them from other applications on the host while limiting access to [[system resource]]s.<ref name=":3">{{Cite report|url=https://csrc.nist.gov/pubs/sp/800/83/r1/final|title=Guide to Malware Incident Prevention and Handling for Desktops and Laptops|last1=Souppaya|first1=Murugiah|last2=Scarfone|first2=Karen|date=2013-07-22|publisher=National Institute of Standards and Technology|issue=NIST Special Publication (SP) 800-83 Rev. 1|language=en}}</ref> Browser sandboxing isolates web processes to prevent malware and exploits, enhancing security.<ref name="g370" />

====Real-time protection====
A specific component of anti-malware software, commonly referred to as an on-access or real-time scanner, hooks deep into the operating system's core or [[operating system kernel|kernel]] and functions in a manner similar to how certain malware itself would attempt to operate, though with the user's informed permission for protecting the system. Any time the operating system accesses a file, the on-access scanner checks if the file is infected or not. Typically, when an infected file is found, execution is stopped and the file is [[quarantine]]d to prevent further damage with the intention to prevent irreversible system damage. Most AVs allow users to override this behaviour. This can have a considerable performance impact on the operating system, though the degree of impact is dependent on how many pages it creates in [[virtual memory]].<ref>{{Cite journal|last1=Al-Saleh|first1=Mohammed Ibrahim|last2=Espinoza|first2=Antonio M.|last3=Crandall|first3=Jedediah R.|date=2013|title=Antivirus performance characterisation: system-wide view|journal=IET Information Security|language=en|volume=7|issue=2|pages=126–133|doi=10.1049/iet-ifs.2012.0192|issn=1751-8717|doi-access=free}}</ref>

====Sandboxing====
[[Sandbox (computer security)|Sandboxing]] is a [[Computer security model|security model]] that confines applications within a controlled environment, restricting their operations to authorized "safe" actions and isolating them from other applications on the host. It also limits access to system resources like memory and the file system to maintain isolation.<ref name=":3" />

Browser sandboxing is a security measure that isolates web browser processes and tabs from the operating system to prevent malicious code from exploiting vulnerabilities.
It helps protect against malware, [[zero-day exploit]]s, and unintentional data leaks by trapping potentially harmful code within the sandbox.
It involves creating separate processes, limiting access to system resources, running [[web content]] in isolated processes, monitoring system calls, and memory constraints.
[[Inter-process communication]] (IPC) is used for [[secure communication]] between processes.
Escaping the sandbox involves targeting vulnerabilities in the sandbox mechanism or the operating system's sandboxing features.<ref name="g370">{{cite web|title=What is Browser Sandboxing?|website=GeeksforGeeks|date=2024-02-19|url=https://www.geeksforgeeks.org/what-is-browser-sandboxing/|access-date=2024-07-07|archiveurl=https://web.archive.org/web/20240707050014/https://www.geeksforgeeks.org/what-is-browser-sandboxing/|archivedate=2024-07-07|url-status=live}}</ref><ref name="a944">{{cite web|title=What is browser sandboxing? How to escape the sandbox?|website=misile00's personal website|date=2024-06-15|url=https://misile00.github.io/notes/Browser-Sandboxing|access-date=2024-07-07|archiveurl=https://web.archive.org/web/20240424000722/https://misile00.github.io/notes/Browser-Sandboxing|archivedate=2024-04-24|url-status=live}}</ref>

While sandboxing is not foolproof, it significantly reduces the [[attack surface]] of common threats.
Keeping browsers and operating systems updated is crucial to mitigate vulnerabilities.<ref name="g370" /><ref name="a944" />