iFocus.Life News News - Breaking News & Top Stories - Latest World, US & Local News,Get the latest news, exclusives, sport, celebrities, showbiz, politics, business and lifestyle from The iFocus.Life,

How Does Antivirus Software Work?

Technology Computer & Networking security
By Technology
104 28

    Signature Checking

    • Signature checking is by far the most common method used by antivirus programs to detect malicious threats. The software has an extensive database of known viruses and malware, and each time it scans a file it compares the results to the information contained in its database. If the software finds a "signature" match, it will either warn the user or remove it right away, mostly depending on the seriousness of the threat. Some threats can be quarantined by the antivirus program, as well. Basically, it encrypts the file with different code to render it useless instead of removing it altogether. Of course, with new viruses coming out every day, the database must be kept completely up to date for the software to detect incoming threats.

    Behavior Monitoring

    • Another way to detect malicious files or programs on a computer is through monitoring its behavior. Programs that attempt to access certain parts of the rootkey registry or modify an existing executable file (*.exe) for instance, will send a red flag up, and the software will take action against the threat if necessary. This approach is a good one to use because it can then detect malicious software that has not yet been added to the database simply by the way it is acting. However, this can also lead to the program warning the user about every single thing it finds, which may get irritating over time. Antivirus software is becoming more advanced by the second, though, and these false warnings are being lessened every day.

    Emulation

    • The third common way for antivirus programs to pick out threats is to emulate the file in a safe environment created by the software itself. For instance, if a suspicious file or files has entered the computer, the program will take the executable files of the program and run them behind the scenes in a simulated setting to see what it does. If the software finds it is indeed malicious and a threat, it will then either quarantine or delete the harmful material before real damage can be done. This method can also trigger false warnings, and at that point it usually leaves it up to the user what to do with the file. If the user recognizes and trusts the program, the antivirus software will let it remain. If the user chooses for the program to take action against it, the perceived threat will be removed.

Technology14 posts0 comments

Technology

Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
You might also like on "Technology"

Leave A Reply

Your email address will not be published.