Table of Contents
What is an Antivirus program (anti – virus) software
Antivirus software is a type of program that is designed to detect, remove, and prevent malware infections on individual computer systems, networks, and it systems.
Antivirus software, originally created to detect and eliminate viruses from PCs, can also protect against a number of threats, including other kinds of malicious software, like keyloggers, adware, spyware, rootkits, worms, Trojan horses, browser hijackers, botnets and ransomware.
How does Antivirus software work?
Typically, antivirus software runs in the background and scans mobile devices, servers, or all computers to identify and limit the spread of malware. Antivirus applications typically include real time threat detection and protection to guard against possible vulnerabilities as they occur, as well as system scans that scan the device and system files for potential vulnerabilities.
The basic functions that antivirus software typically performs are:
Checking directories or particular files for known malicious patterns indicating the presence of malicious software;
Enabling users to schedule scans to run automatically;
Allowing users to initiate scans at any time; and
Eliminating any harmful software it detects. Some anti – Virus programs do this in the background, while others warn a user of an infection and ask him if he wants to clean the files.
Antivirus software must generally have privileged access to the whole system in order to comprehensively scan the systems. This makes antivirus software a popular target for attackers, and in recent years researchers have found remote code execution as well as other serious vulnerabilities in antivirus products.
What are the different types of antivirus programs?
Antivirus software is sold in a variety of forms, including stand alone antivirus scanners and online security suites that offer antivirus protection, in addition to firewalls, other security and privacy controls protections.
There are many anti – Virus vendors that provide free basic versions of their products. These no cost versions generally provide basic spyware and antivirus protection, but more advanced features and protections are generally available only to paying customers.
While some OSes are targeted more often by virus designers, antivirus software is available for nearly all OSes :
Windows antivirus software.
The majority of antivirus software vendors offer a number of levels of Windows products at various price points, starting with free versions providing only basic protection. Free anti – Virus software typically will not protect against links to malicious sites or attachments in emails, and users must perform scans and updates manually.
Premium antivirus products often come with endpoint security tools like file encryption, ad blockers and secure online storage. Microsoft has been offering some free anti – Virus software as part of the Windows operating system since 2004 under the name Windows Defender, although the software was mainly limited to detecting spyware before 2006.
MacOS antivirus software.
Although MacOS viruses are less common than Windows viruses, anti – Virus products for MacOS are less standardized than for Windows.
There are various products available, both free and paid, that provide comprehensive protection against potential malware threats, including full system malware scans as well as the ability to sort through email threads, attachments and other web content.
Android antivirus program.
Android is the mobile operating system that is the most popular and has been installed on more mobile phones than any other operating system. Experts recommend that all Android users set up anti – Virus software on their devices because most mobile malware targets Android.
Vendors provide a number of standard free and paid premium versions of their Android antivirus software which includes anti – theft and remote-locating features. Some run automatic scans and actively make an effort to stop harmful web pages and documents from being opened or downloaded.
Techniques for detecting viruses
There are several different methods that an antivirus program uses to detect viruses.
Antivirus software originally relied on signature-based detection to detect malicious software. Antivirus programs rely on stored virus signatures, which are characteristic of known malware, and are unique strings of data. Antivirus uses these signatures to identify viruses that have been identified and analyzed by experts in the field.
Signature-based malware can not detect new malware, such as variants of existing malware. Signature-based detection is only able to identify new viruses when the definition file is updated with new virus information.
With the amount of different malware signatures increasing at around ten million each year as long ago as 2011, modern signature databases may contain hundreds of millions, as well as billions, of entries, making antivirus software based solely on signatures impractical. Signature-based detection, however, does not typically produce false positive matches.
Heuristic detection utilizes an algorithm to compare the signatures of recognized viruses against possible threats. Antivirus software is able to detect viruses that have not been discovered yet, along with existing viruses that have been disguised or modified and published as new viruses, with heuristic based detection.
This method can, however, produce false – positive matches when an antivirus program detects a program acting in a similar way to a malicious program and incorrectly identifies it as a virus.
Also, antivirus software is able to use behavior-based detection to assess an object’s behavior or possible behavior for suspicious activities and infers malicious intent based on those observations. Code that tries to perform unauthorized or unusual actions would indicate that the object is malicious or more than suspicious, for example.
Examples of behaviors that potentially indicate danger include modifying or deleting a lot of files, remotely controlling keystrokes, setting up other programs and monitoring keystrokes.