Due to the growing threat of virus and other malicious programs, almost every computer comes with a pre-installed antivirus on it. In fact, an antivirus program has become one of the most important software package for each computer. Although each of us has an antivirus software installed on our computers, only a few bother to actually understand how it really works! If you are one among those few who really worthwhile to understand how it works, an antivirus, then this article is for you.
An antivirus software typically uses a variety of strategies to identify and remove viruses, worms and other malicious programs. The following are the two methods most widely employed for recognition:
1. Signature based dectection (Dictionary)
This is usually employed method which includes the search for known virus patterns into a specific file. Any antivirus software will have a dictionary with sample malware codes signatures called in its database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes presence inside the database and compares the same as the current file. If the piece of code within the file matches the one in the dictionary then it is flagged and appropriate action is taken immediately in order to stop the virus from further reproduction. Antivirus may choose to repair the file, isolating or deleted permanently on the basis of the potential risk.
As new viruses and malwares are created and released every day, this detection method is unable to mark new malwares unless their samples are collected and signatures are released by the company of antivirus software. Some companies may also encourage users to upload new viruses and variants, so that they can analyse the virus and the signature can be added to the dictionary.
Signature based detection can be very effective, but requires frequent updates to the virus signature dictionary. Therefore, users must update their antivirus software on a regular basis in order to defend against new threats released daily.
2. Heuristic based detection (approach suspicious behaviour)
Based on the heuristic detection involves determining suspicious behavior from any given program may indicate a potential risk. This approach is used by some of the advanced antivirus software to identify new malware and variants of known malware. Unlike signature-based approach, the antivirus does not attempt to identify known viruses, but instead monitors the behavior of all programs.
For example, malicious behaviors, such as a program tries to write data to an executable program is highlighted and the user is alerted about this action. This method provides an additional level of detection from unknown threats.
File emulation: this is another type heuristic approach where a program that runs in a virtual environment and recorded actions performed by it. Based on the actions which have been recorded, the antivirus software can determine if the program is malicious or not, and to carry out necessary actions in order to clean the infection.
Most commercial antivirus software uses a combination of both heuristic and signature-based approaches to combat malicious software.
Issues facing
Zero-day threats: is a zero-day (zero hour) a threat or an attack where a malicious software that tries to exploit vulnerabilities application not yet unidentified by the antivirus companies. These attacks are used to cause damage to your computer, even before being recognized. Since the patches are not yet released for such new threats, you can manage easily bypass the antivirus software and perform malicious actions. However, most of the threats identified after a day or two away from release, but the damage caused by them before the recognition is absolutely unavoidable.
Daily updates means since new viruses and threats are released daily, it is now essential to update the antivirus software in order to keep the virus definitions updated. Most software will have an automatic update feature, so that the virus definitions are updated whenever the computer is connected to the Internet.
effectiveness: even if an antivirus software can match almost any malware, is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the shield antivirus software. Also the virus authors tried to stay one step ahead by writing (oligomorphic groups) "," polymorphic "and, more recently," transformed "virus codes, which will encrypt parts themselves or amend the same as metamfiesmenos method, so that it fits with virus signatures in the dictionary.
Therefore, user education is as important as antivirus software? users must be trained to practice safe surfing habits, such as downloading files only from trusted websites and not blindly runs a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the operation of an antivirus software.
Popularity: 5% [?]
Read also visitors who read this post:
How to test your antivirus-test EICAR
10 tips to avoid Adware
How to protect your computer against Keyloggers
How firewalls work
What is CAPTCHA and how does it work?
By using this site, following you agree to our legal disclaimer
