Subscribe by Email

Saturday, March 6, 2010

How does an anti-virus work ?

An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware).

Approaches used by anti-virus are

- Virus dictionary : It has a big dictionary of viruses, allowing it to scan files and flag any that are known to be viral. As new virus and malicious threats are discovered, they are added to a virus dictionary. Every detail of the virus is held in the dictionary. Some anti-virus programs uses this dictionary as a guide to identify any suspicious and threatening software or files. To stay up-to-date with any new viruses, the anti-virus software must regularly download updates to its dictionary. The dictionary approach has been deemed quite effective but hackers and virus creators have found a way around it by developing polymorphic viruses.

- Suspicious behavior : It monitors the behavior of all programs. If one program tries to write data to an executable program, for example, the anti-virus software can flag this suspicious behavior, alert a user and ask what to do. The suspicious behavior approach is more effective in stopping new viruses since it doesn't rely on a dictionary, which may not be regularly updated, for reference. This approach could be annoying as it can give lots of false positives.

Anti-virus software and user carefulness are the best form of protection that is out there now.

No comments:

Facebook activity