Due to the growing threat of virus and other malicious programs, almost every computer comes with a pre-installed antivirus on it. In fact, an antivirus program has become one of the most important software package for each computer. Although all of us have an antivirus software installed on our computers, only a few bother to actually understand how it really works! Well, if you are one among those few who really worthwhile to understand how it works, an antivirus, then this article is for you.
An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two methods most widely employed for recognition:
1. Signature based dectection (dictionary)
This is the most commonly employed a process which involves the search for known virus patterns within a given file. Any antivirus software will have a dictionary of the sample malware codes signatures called in its database. Whenever a file is examined, the antivirus is mentioned in the dictionary of sample codes present in the database and compares the same as the current file. If the piece of code within the file matches the one in the dictionary then it is flagged and proper action is taken immediately in order to stop the virus from further reproduction. The antivirus program can choose to repair the file quarantine or delete it permanently from potential risk.
As new viruses and malwares are created and released every day, this detection method cannot defend against new malwares unless their samples are collected and signatures are released by antivirus software company. Some companies may also encourage users to upload new viruses and variants, so that they can analyse the virus and the signature can be added to the dictionary.
Signature based detection can be very effective, but requires frequent updates to the virus signature dictionary. Hence users should update their antivirus software on a regular basis in order to defend against new threats released daily.
2. Heuristic based detection (approach suspicious behaviour)
Based on the heuristic detection involves determining suspicious behavior from any given program may indicate a potential risk. This approach is used by some of the advanced antivirus software to identify new malware and variants of known malware. Unlike signature-based approach, the antivirus does not attempt to identify known viruses, but instead monitors the behavior of all programs.
For example, malicious behaviors, such as a program tries to write data to an executable program is flagged and the user is alerted about this action. This method provides an additional level of detection of security threats of unidentified.
Simulation of file: this is another type of approach based on heuristic where a given program is running in a virtual environment and recorded actions performed by it. Based on the actions logged, the antivirus software can determine if the program is malicious or not and to carry out any actions necessary in order to clean the infection.
Most commercial antivirus software uses a combination of both heuristic and signature-based approaches to combat malicious software.
Issues facing
Zero-day threats: A zero-day (zero hour) threat or attack where a malicious software that tries to exploit computer application vulnerabilities which have not yet unidentified by the antivirus companies. These attacks are used to cause damage to your computer, even before they are identified. Since the patches are not yet released for such new threats, you can manage easily bypass the antivirus software and perform malicious actions. However most of the threats identified after a day or two away from release, but damage was caused by them before recognition is absolutely unavoidable.
Daily updates means since new viruses and threats are released daily, it is now essential to update the antivirus software in order to keep the virus definitions updated. Most software will have an automatic update feature, so that the virus definitions are updated whenever the computer is connected to the Internet.
effectiveness: although an antivirus can catch almost any malware, is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of antivirus software. Virus writers also tried to stay one step ahead by writing "oligomorphic", "polymorphic" and, more recently, "metamorfikis" virus codes, which will encrypt portions of the same or otherwise modify themselves as a method of concealing, so that it fits with virus signatures in the dictionary.
Therefore, user education is as important as antivirus software? users must be trained to practice safe surfing habits, such as downloading files only from trusted websites and not blindly run a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the operation of an antivirus software.
Popularity: 4% [?]
Read also visitors who read this post:
How to test your Antivirus – working EICAR test
10 tips to avoid Adware
How to protect your computer against Keyloggers
How firewalls work
What is CAPTCHA and how does it work?
From this site using/following you agree to our legal disclaimer
