How Antivirus Software Works

Due to ever incrsing thrt from virus and other malicious programs,almost every computer todaycomes with a pre-installed antivirus softwareon it.In fact,an antivirushas become one of the most essential software package forevery computer.Even though every one of us havn antivirus software installed on our computers,only a fewrlly bother to understand how it actually works! Well, if you are one among those few who would rlly bother to understandhow antivirus works, thenthis article is for you.How Antivirus Works:An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the twomost widely employed identifiion methods:1. Signature-based dectection(Dictionary approach)This is the most commonly employed method which involves srching for known patterns of virus within a given file. Every antivirus software will have adictionary of samplemalware calledsignaturesin its database. Whenever a file is examined, the antivirus refers to the dictionary of sample present within its database and compares the same with the current file. If the piece of within the file matches with the one in its dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further repliing. The antivirus may choose torepair the file, quarantineor delete it permanently based on its potential risk.As new viruses and mal are crted and relsed every day, this method of detection cannot defend against new mal unless their samples are collected and signatures are relsed by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants so that, the viruscan be analyzed and the signature can be added to the dictionary.Signature based detection can be very effective, but requiresfrequentupdates of the virus signature dictionary. Hence, the users must update their antivirussoftware on aregular basis so as to defend against new thrts that are relsed daily.2. Heuristic-based detection (Suspicious behaviour approach)Heuristic-based detection involves identifyingsuspicious behaviourfrom any given program which might indie a potential risk. This approach is used by some of the sophistied antivirussoftwareto identify new malware and variants ofknown malware.Unlike thesignature based approach, here the antivirus doesn’t attempt to identify known viruses, but instd monitors the behavior of all programs.For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified thrts.File emulation:This is another type ofheuristic-based approachwhere a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to cln the infection.Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.Issues of Concern:Zero-day thrts:A zero-day (zero-hour ) thrt or attack is where a malware tries to computer appliion vulnerabilities that are yetunidentifiedby the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since are not yet relsed for these kind of new thrts, they can sily manage to bypass the antivirus software and carry out malicious actions. However, most of the thrts are identifiedafter a day or twoof its relse, but damage caused by them before identifiion is quite inevitable.Daily Updates:Since new viruses and thrts are relsed every day, it is most essential to update the antivirus software so that the virus definitions are kept up-to-date. Most software will have an auto-update fture so that, the virus definitions are updated whenever the computer is connected to the Internet.Effectiveness:Even though an antivirus software can ch almost everymalware, it is still not 100%foolproof against all kinds of thrts. As explained rlier, a zero-day thrt can sily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahdby writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus , which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.Thus user awareness is as important as antivirus software; users must be trainedto practicesafe surfing habits such asdownloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article has helped you understand the working of an antivirus software
.