Thursday, 14 August 2014

How Does Antivirus Work?

Nowadays Antivirus companies are increasing at a rapid rate because every day hundreds of new viruses are generated and every hour new virus definitions are defined. So in order to make our computer virus free we need an Antivirus. So an antivirus can be defined as the software that takes care of the computer by removing any kind of threats as soon as possible. So the job of antivirus is to eradicate the virus before they can actually infect our files and data. So, for this happening the antivirus should be very responsive and active. An antivirus eliminates the nasty and malicious computer virus.

Viruses are very dangerous. They not only degrade the performance of the computer but they also infect the data and files that are stored in it. Some virus deletes all the data that promotes the automatic shutdown of computer again and again. Some try to hide and corrupt the files and some viruses delete the data permanently. There are also some viruses that enter into our web browser and try to steal our personal details and passwords. So, one should avoid downloading any items from untrusted websites that hold fake certificates. So always try scan the downloaded item immediately so that if ant threat is there it can be fixed as soon as possible.

Viruses can enter to your system in many ways like during internet browsing you may click on some suspicious ads or they can also enter through the data cable that is connecting your phone to PC. The main source of the viruses is the pen drive of your friend. Seriously, it contains lot of viruses because it has already been used in so many other computers. So always scan the pen drive before you open it to view its content. Always keep you virus definition update because every day new viruses are created, so updating antivirus is really very important.

So the working of antivirus is really amazing to understand. So let us see that how does it actually works. All the antiviruses use two basic approaches to remove the virus: first is Signature based detection and second one is suspicious behavior based detection. So let us discuss them one by one in more detail:

Signature based detection

This approach is mostly used by most of the antiviruses available in the market and is also very effective. In this approach a library is created that contains the definitions of all the viruses present in the form of code. So when you scan the file it compares all the programs with the available library of viruses and if the definitions match then a virus is caught and then based upon the user action the virus is removed and eradicated from the computer. For example: if there is a virus with definition code “3t5y” so the antivirus will try to match this definition with the available library and if the code matches it is a virus which has to be removed. So this is the logic of this approach. But the library has to be updated from time to time because new viruses are generated every day.
Suspicious behavior based detection

In this approach the behavior of the program is identified. If the program is suspicious and is preventing another program from running then such files are removed. Such kinds of antivirus software may be in effect for the fresh viruses but the precision is not there or such software are less as they may recognize genuine files as virus. So many times this approach fails to give accurate result.
So these are some basic methods that are used by antivirus to detect the malicious computer program. But still many much complex algorithms are designed these days but they are also based on this approach only. In later posts we will also discuss about some most dangerous viruses like malware, Trojan horse and many more, so stay connected.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.