You may be using antivirus software for many years. It is important to know how the antivirus software installed on your system works. This would help you know the importance of regular updates as well as upgrades. An antivirus software basically scans your system for viruses and other potential threats that may cause damage to the system. These include spyware and malware. The two techniques used for this are suspicious behavior and virus database.
In the virus database method every file coming from another source such as portable storage device or the internet is checked against a database. In case it is found on the database, you are alerted. The software takes action on the file, these including removing the file from the system, putting in quarantine or try to repair the file.
The first attempt being trying to repair the file in case it is detected to be infected rather that being the virus itself. In case it cannot be repaired it is quarantined so it cannot duplicate itself or infect similar files. A file is completely deleted if it has been established as a virus beyond any doubt. This method requires regular updates of the database, so that the PC is safe from latest threats. The main drawback of the system is that it is generally not able to detect a virus which has modified itself, thus still wandering about in your system.
In suspicious behavior method the software monitors the functioning of the computer and notes abnormal behavior. For instance, in case a program attempts to change an executable file, the process is noted and you are given an alert, along with actions to be taken.
This is a better method compared to virus database, as it alerts the user of a new virus, much before it is updated in the dictionary. However, the drawback is that, even small changes such as normal software upgrades are detected as suspicious behavior, causing unnecessary alerts. This leads to the user ignoring the alerts after some time, thus relying more on the virus database method.
Another method of detecting virus similar to suspicious behavior is the file emulation method. In this method the suspected file is run in a virtual operating system, prompting it to work the way it would when executed in normal OS. In case it shows some abnormal behavior such as modifying code or trying to duplicate itself, it is deleted or quarantined.