Antivirus software uses several types of tests during scans and when running in the background.
Known threats are basically identified by a signature that matches an entry in the virus database your antivirus provider maintains on its end.
New threats are found by identifying a behavioral pattern - for example, a malicious software might try to change sensitive files on your computer, but attempts like this will be identified by your AV engine and you will be notified.
Antivirus refers to the traditional means of fighting computer malware. While hackers have become very much skilled and prolific in their spread of malware, conventional antivirus are being augmented with more advanced techniques and features. Antivirus software has become one component of security suites that offers multi-layered protection for computers.
An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware).
ALSO READ: DIFFERENT TYPES OF COMPUTER VIRUSES
Anti-virus software typically uses two different techniques to accomplish this:
Examining files to look for known viruses by means of a virus dictionary .
Identifying suspicious behavior from any computer program which might indicate infection.
Features of Antivirus Software
Antivirus software scans all the files that you open from the back-end; this is also termed as on access scanning.
Full System Scans:
This is done to make sure that there are no viruses present hidden on your system. Full system scans are also useful when you repair your infected computer.
Antivirus software depends on the virus definitions to identify malware. That is the reason it updates on the new viruses definitions.
Ways to get rid of viruses
- Signature-based detection
- Heuristic-based detection
- Behavioural-based detection
- Sandbox detection
- Data mining techniques
Signature-based detection - This is most common in Traditional antivirus software that checks all the .EXE files and validates it with the known list of viruses and other types of malware. or it checks if the unknown executable files shows any misbehaviour as a sign of unknown viruses.
Files, programs and applications are basically scanned when they in use. Once an executable file is downloaded. It is scanned for any malware instantly. Antivirus software can also be used without the background on access scanning, but it is always advisable to use on access scanning because it is complex to remove malware once it infects your system
Heuristic-based detection - This type of detection is most commonly used in combination with signature-based detection. Heuristic technology is deployed in most of the antivirus programs. This helps the antivirus software to detect new or a variant or an altered version of malware, even in the absence of the latest virus definitions.
Antivirus programs use heuristics, by running susceptible programs or applications with suspicious code on it, within a runtime virtual environment. This keeps the vulnerable code from infecting the real world environment.
Behavioural-based detection - This type of detection is used in Intrusion Detection mechanism. This concentrates more in detecting the characteristics of the malware during execution. This mechanism detects malware only while the malware performs malware actions.
Sandbox detection - It functions most likely to that of behavioral based detection method. It executes any applications in the virtual environment to track what kind of actions it performs. Verifying the actions of the program that are logged in, the antivirus software can identify if the program is malicious or not.
Data mining techniques - This is of the latest trends in detecting a malware. With a set of program features, Data mining helps to find if the program is malicious or not.