How Does AntiVirus Work

The Antivirus is a Software that detect harmful Software’s or programs  like Computer Virus, Computer Worms, Trojan Horses, Spyware, Ad-ware. Antivirus are one of the most important part of a computer and save us from many dangers every day. But the Question arises that how do they work?

 The Antivirus Work in two main Ways:
  • Signature based detection
  • Checking for Suspicious Behaviour
Signature Based Detection

The Signature Based Detection is the way in which the antivirus compare the content of the file to the dictionary of the viruses. This is a very effective way because it is able to identify all the viruses that are publicly known. The example of it is like this: If the file is like this 10101010 then the antivirus will compare it with dictionary, if it match’s the 10101010 in dictionary than it will be considered as virus. The effectiveness of this method depends on that the virus or Trojan is public if it is not that it may not be able to detect it. Some hacker uses Crypter software to hide the content of the file e.g 10101010 would become 12121212 now antivirus would not find it in Dictionary because it seems another file to dictionary but in reality the file would still be virus. To encounter with this problem Antivirus Dictionaries also include the entries to identify the Crypted Virus. For Example they would also keep 12121212 in Virus Signature and identify that as virus also.

Suspicious Behaviour
This type include the antivirus running in the real time and observing the behaviour of the the files running. It sees that if the files are overwriting the data without users permission or notification. If this kind of behaviour is observed by the antivirus it will suddenly stop the program and ask the user about the reliability of the file. So User can choose the is it All right to let the program work or if it is a virus s(he) can stop it.

p { margin-bottom: 0.08in; }

Point To Be Consider

p { margin-bottom: 0.08in; }

  • As you have seen that normally the antivirus take the content or signature of a file or program to compare it with its database, now what if the database of an antivirus is not updated and if any new malware try to exploit your computer and your antivirus don’t identify it because it has no information about. So the new threat can easily bypass your antivirus and will cause a harm to your computer, this is called Zero-day threats.
  • Awareness among the user(s) is/are very important rather than antivirus software’s, you should teach your self on how to be safe on the jungle of web where every day, is the day of new threat.
  • You must be aware about the viruses and their effects and how they spread.
  • Do not download and run the unknown programs from Internet.
  • You should know how to secure yourself from malware.
  • You must know about the latest antivirus software for your operating system.

So these are two main ways employed by the antivirus to detect the unwanted files. So now always when you run a scan you would know what is happening.

About The Author
This Article was written by Muhammad Haseeb Javed. He Blogs at http://hackthepc.blogspot.com/

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...