Endpoint-protection products include these types of solutions: Antivirus software, which seeks potentially malicious executable code, is central to any protection system. Antivirus scanning engines typically search for signatures characteristic of known viruses or use heuristic analysis to test questionable code. Spyware, designed to gather and relay information from your computer, typically runs in the background. Antispyware agents similarly operate behind the scenes, watching the programs on your computer for symptoms of pernicious behavior. Anti-rootkit–scanning tools look for symptoms of known rootkits, a special kind of malicious software designed to take control of your computer at or below the OS level by subverting kernel-level modules, for example. Another component of many endpoint-protection applications is the ability to detect unsolicited email or spam. Client firewalls, on the other hand, monitor network traffic to and from your computer. Unwanted traffic can compromise your system’s functioning by interfering with legitimate network traffic, such as Denial of Service (DoS) attacks, and can provide a venue for intruders to install malware. Firewall rules describe traffic that can be allowed or blocked at the network interface based on IP address, IP port, or originating application. For example, you likely want your favorite Internet browser to be able to communicate via IP port 80 but don’t want to grant the same privilege to unknown applications. Web scanning engines, using the same antivirus scanning methods just described, also inspect web pages for malicious content before they’re displayed in the browser window. Email scanners can operate at the network level with knowledge of email protocols such as SMTP, POP3, and IMAP \[we don’t spell out any of these acronyms (or IP), per glossary\], scanning messages as they enter or leave your computer. Other email scanners that integrate into popular email clients offer additional protection by detecting misuse of the client’s features—for example, Microsoft Outlook’s ability to run scripts.
