How Antivirus Software Works In Computer
How Antivirus Software Works – Working of antivirus in PC. Due
to ever increasing threat from virus and other malicious
programs, almost every computer today comes with a pre-installed
antivirus software on it. In fact, an antivirus has become one of the
most essential software package for every computer.Even though every one
of us have an antivirus software installed on our computers, only a
few really bother to understand how it actually works! Well, if you are
one among those few who would really bother to understand how an
antivirus works, then this article is for you.
How Antivirus Software Works
How Antivirus Works:An
antivirus software typically uses a variety of strategies in detecting
and removing viruses, worms and other malware programs. The following
are the two most widely employed identification methods:
Working Of Antivirus Program In Computer
1. Signature-based dectection (Dictionary approach)
This is the most commonly employed
method which involves searching for known patterns of virus within a
given file. Every antivirus software will have a dictionary of
sample malware codes called signatures in it’s database. Whenever a file
is examined, the antivirus refers to the dictionary of sample codes
present within it’s database and compares the same with the current
file. If the piece of code within the file matches with the one in it’s
dictionary then it is flagged and proper action is taken immediately so
as to stop the virus from further replicating. The antivirus may choose
to repair the file, quarantine or delete it permanently based on it’s
potential risk.As new viruses and malwares are created and released
every day, this method of detection cannot defend against new malwares
unless their samples are collected and signatures are released by the
antivirus software company. Some companies may also encourage the users
to upload new viruses or variants so that, the virus can be analyzed and
the signature can be added to the dictionary.Signature based detection
can be very effective, but requires frequent updates of the virus
signature dictionary. Hence, the users must update their
antivirus software on a regular basis so as to defend against new
threats that are released daily.
2. Heuristic-based detection (Suspicious behaviour approach)
Heuristic-based detection involves
identifying suspicious behaviour from any given program which might
indicate a potential risk. This approach is used by some of the
sophisticated antivirus software to identify new malware and variants
of known malware.Unlike the signature based approach, here the antivirus
doesn’t attempt to identify known viruses, but instead monitors the
behavior of all programs.For example, malicious behaviours like a
program trying to write data to an executable program is flagged and the
user is alerted about this action. This method of detection gives an
additional level of security from unidentified threats.
File emulation:
This is another type of heuristic-based approach where a given program
is executed in a virtual environment and the actions performed by it are
logged. Based on the actions logged, the antivirus software can
determine if the program is malicious or not and carry out necessary
actions in order to clean the infection.Most commercial antivirus
software use a combination of both signature-based and heuristic-based
approaches to combat malware.
Issues of Concern: Zero-day threats:
A zero-day (zero-hour ) threat or attack is where a malware tries to
exploit computer application vulnerabilities that are
yet unidentified by the antivirus software companies. These attacks are
used to cause damage to the computer even before they are identified.
Since patches are not yet released for these kind of new threats, they
can easily manage to bypass the antivirus software and carry out
malicious actions. However, most of the threats are identified after a
day or two of it’s release, but damage caused by them before
identification is quite inevitable.
Daily Updates: Since
new viruses and threats are released every day, it is most essential to
update the antivirus software so that the virus definitions are kept
up-to-date. Most software will have an auto-update feature so that, the
virus definitions are updated whenever the computer is connected to the
Internet.
Effectiveness: Even
though an antivirus software can catch almost every malware, it is still
not 100% foolproof against all kinds of threats. As explained earlier, a
zero-day threat can easily bypass the protective shield of the
antivirus software. Also virus authors have tried to stay a step
ahead by writing “oligomorphic“, “polymorphic” and, more recently,
“metamorphic” virus codes, which will encrypt parts of themselves or
otherwise modify themselves as a method of disguise, so as to not match
virus signatures in the dictionary.Thus user awareness is as important
as antivirus software; users must be trained to practice safe surfing
habits such as downloading files only from trusted websites and not
blindly executing a program that is unknown or obtained from an
untrusted source. I hope this article will help you understand the
working of an antivirus software
Hii guys, My name is Ganeshkumar and I’m a Computer Hardware Engineer and I proudly love to teach about computer software and hardware repairing stuffs. My hobby is blogging about computer problems solutions
ConversionConversion EmoticonEmoticon