How does Antivirus work?

By -
Antivirus

From the very first virus created as an experiment to the latest virus created one of the biggest worries for all computer users is how to prevent them from attacking our computers. Antivirus software was created to protect virus attacks it detects harmful Software's or programs  like Computer Virus, Computer Worms, Trojan Horses, Spyware, Ad-ware. Antivirus is one of the most important parts of a computer and saves us from many dangers every day.

So how exactly do Antivirus work?
When you scan your computer with antivirus software, it uses virus "scan engine" and scans all the data, files on your computer and if viruses are detected, it disinfects them. Virus are detected in two methods.
  •  Signature based detection 
  •  Checking for Suspicious behavior


Signature Based Detection:

The Signature Based Detection is the way in which the antivirus compares the content of the file to the dictionary of the viruses. The antivirus uses 'virus signatures' (also known as 'virus definition'). This is a very effective way because it is able to identify all the viruses that are publicly known. Every virus has a signature in it. The antivirus will maintain a signature database in which it stores the signatures of known viruses. When scanning a file, antivirus reads the signature and compares it with the signatures in its database. If it matches then the file is identified as a virus. Hundreds and thousands of viruses are found each day in the internet. Each may have new signatures which are not in the antivirus database. This is why we need to update our antivirus. When we update our antivirus, new signatures will be stored in the database allowing the antivirus to track down new viruses in our computer.

Checking for Suspicious behavior:

In this method, the antivirus runs in the real time and observes the behaviors of files currently running. It sees for malicious activities of files without user permission (like overwriting a file). If this kind of suspicious behavior is observed by the antivirus then it suddenly stops the program and warns the user about the file’s activity. The user can decide whether it is all right to keep the program or to kick it out.

Antivirus software like ESET, Norton, etc. use both the methods.
Both methods have pros and cons in them.
  •  In virus signature method as I mentioned above, hundreds and thousands of viruses are created each day and it is important to update antivirus at least once a day. An antivirus that is left for two or three days without being updated becomes outdated and is a serious danger.
  •  In suspicious behavior method, the drawback is that it can warn you about items that are not viruses. If you have to work with a lot of items that may be considered dangerous, you could soon tire of the alerts. Programmers in particular may prefer to disable this option.
To know more, read "What is a Computer Virus?" and "What is a Virus Signature?"

Comments

Post a Comment

Popular posts from this blog

The ALT codes

By -
Image
Hello friends... Previously I discussed   Empty/blank post in Facebook ,  Smileys and emoticons for Facebook   and   Symbols that you can use in Facebook ... These topics and the topic which I'm going to discuss now have a relationship.. Most of the symbols that I have used in those topics are ALT codes…
Read more

How a webcam works?

By -
Image
W elcome back friends... I'm here with another cool topic about working of a webcam. A webcam is a compact camera which can be used with computer to capture, broadcast real time videos and images. Just like every camera it has a small lens at the front through which it captures light using light-detectors known as charge-coupled device (CCD) . This CCD will convert the picture into digital format (a binary string of 0s and 1s) which is handled by the computer.
Read more