How an antivirus works
10:12:00 PM vikas 0 Comments Category : TIPS
How an antivirus works?
An antivirus software typically use
to detect and remove the virus, worms and malware program present in our pc.
The most used identification methods:
1. signature-based detection{directory approach}
This is the most commonly employed
method which involves searching for known pattern of virus within a given file.
An antivirus do nothing it just match the malware code called signature present in his dictionary with the code find at the time of scan in data base….
if the signature match with the database than the defined action is applied by the antivirus setting. Means it stop further working and may choose to repair the file, quarantine or delete it permanently based on It’s potential risk…
But a new malwares and virus released and created every day, this method of detection cannot defend against new malware and virus unless there samples
are not present on the antivirus database so for this we need to update the antivirus day by day or on the base of condition apply.
Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
An antivirus do nothing it just match the malware code called signature present in his dictionary with the code find at the time of scan in data base….
if the signature match with the database than the defined action is applied by the antivirus setting. Means it stop further working and may choose to repair the file, quarantine or delete it permanently based on It’s potential risk…
But a new malwares and virus released and created every day, this method of detection cannot defend against new malware and virus unless there samples
are not present on the antivirus database so for this we need to update the antivirus day by day or on the base of condition apply.
Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.
2. . Heuristic-based
detection (Suspicious behaviour approach)
Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behaviours of all programs.
For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.
Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.
Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus software to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behaviours of all programs.
For example, malicious behaviours like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.
Most commercial antivirus software use a combination of both signature-based and heuristic-based approaches to combat malware.