How Antivirus Software Works

You may be using antivirus software for many years. It is important to know how the antivirus software installed on your system works. This would help you know the importance of regular updates as well as upgrades. An antivirus software basically scans your system for viruses and other potential threats that may cause damage to the system. These include spyware and malware. The two techniques used for this are suspicious behavior and virus database.


How Antivirus Software Works

Antivirus Software

In the virus database method every file coming from another source such as portable storage device or the internet is checked against a database. In case it is found on the database, you are alerted. The software takes action on the file, these including removing the file from the system, putting in quarantine or try to repair the file.

The first attempt being trying to repair the file in case it is detected to be infected rather that being the virus itself. In case it cannot be repaired it is quarantined so it cannot duplicate itself or infect similar files. A file is completely deleted if it has been established as a virus beyond any doubt. This method requires regular updates of the database, so that the PC is safe from latest threats. The main drawback of the system is that it is generally not able to detect a virus which has modified itself, thus still wandering about in your system.

In suspicious behavior method the software monitors the functioning of the computer and notes abnormal behavior. For instance, in case a program attempts to change an executable file, the process is noted and you are given an alert, along with actions to be taken.

This is a better method compared to virus database, as it alerts the user of a new virus, much before it is updated in the dictionary. However, the drawback is that, even small changes such as normal software upgrades are detected as suspicious behavior, causing unnecessary alerts. This leads to the user ignoring the alerts after some time, thus relying more on the virus database method.

Another method of detecting virus similar to suspicious behavior is the file emulation method. In this method the suspected file is run in a virtual operating system, prompting it to work the way it would when executed in normal OS. In case it shows some abnormal behavior such as modifying code or trying to duplicate itself, it is deleted or quarantined.

How Antivirus Software Works
4.6 (92.94%) 17 votes
360 Black Radar Detector This 360 black radar detector is amazing, but very expensive. This radar detector earns its place at the top of the list. Good thing about radar is...
What is Hysterectomy? Hysterectomy is a surgical procedure for removal of uterus. Almost in 33 % percent women have their uterus removed before they reach age of 60 years. ...
Stuff Rich People Buy – 5 Crazy Things Did you ever thought about stuff rich people buy? Do you dream of being rich? If you were, what would you buy? Below are a few rather bizarre examples...
Single Beer Cooler Bought this as a gift for my boyfriend. Sturdy material and high quality. Was so excited to see this and we tried on friday. And you know what. It ...

Leave a Reply

Your email address will not be published. Required fields are marked *

->

Trending