Why POS Antivirus Software Is Different than Traditional Antivirus Options
Antivirus engines rely heavily on the hash values being identified as belonging to known malicious content. Hash values use a file and process it with a special algorithm to find an alpha-numeric string. That string is considered a fingerprint for the file and is unique to the file. However, today, most antivirus products use various rules, including:
- Behavioral Detection
- Generic Detection
- Heuristic Detection
At Comodo, we want you to understand why traditional antivirus options won’t work as a POS antivirus solution. As an example, most antivirus engines look for suspicious calls to APIs, or may look for process injections, substrings that are only found with malware types. Detection by heuristics can help a little more because it can protect from malware and variations of that malware, as long as it is known, though it doesn’t have to match exactly.
Why Does It Fail?
POS security is highly important, but most companies don’t understand it or how it works. Most POS malware is targeted, so the criminal can modify the malware in the lab until they create something that isn’t detected by traditional antivirus options. That is why POS antivirus software must take a different approach, but most businesses don’t understand that there are different approaches.
Another problem is that the malware is restricted to only point-of-sale models, so it only makes up a small fraction of the malware out there. It is also distributed differently and doesn’t spread using worm exploits, social engineering or kit delivery mechanisms.
How We Are Different
Our POS antivirus works differently than others, which makes it more effective against these attacks. However, it is important to understand that no one solution is perfect, and ours may not detect everything, so you may want to consider checking passwords, connection logs and keeping up with other processes and policies. Contact us today to learn more.