If you already know what is antivirus software, you know that it is a program that scans files
to detect and eliminate computer viruses, Trojan, worms and other malware. However,
this knowledge is incomplete if you don’t know how antivirus software works? There are a number of antiviruses
available in the market which uses different techniques to detect and remove
virus from the computer; you can decide which one is to your most liking and
suits your budget as well.
These techniques can be broadly classified into three different categories:
- Signature based detection
- Suspicious behavior based detection
- Sandboxing
Signature based detection:
In this
virus detection technique the
antivirus has a library that contains the signature of all the popular viruses.
When the scanning starts, it compares the content of the entire computer
program with the library of viruses. If a program is found that matches with
the signature which is defined as a virus in the library then the antivirus
software can either repair the file, make it inaccessible to other programs or
can delete it permanently.
Signature based detection scans files when the
computer operating system opens and closes them. In this way a known virus can
be detected immediately.
However,
the major limitation to this approach is its reliance only on the stored
definition of viruses. When a new virus is found, many socially minded users
send their infected files to the authors of antivirus software to be included in
the library. Hence this approach always requires a constant updation for new
viruses.
Another
problem with signature based detection approach
is that it is reactive. By the time a new signature is added to the file, you
are already infected and the damage is already done.
Suspicious behavior based
detection:
In
contrast to the signature based detection approach, it doesn't attempt to
identify known viruses but instead it supervises the behavior of all programs.
If a program tries to write some data in an executable program, a suspicious
behavior is recorded and the user is notified about this to take some necessary
action. Thus it provides security even against the new viruses which are not
even added to any virus dictionary.
This
may be effective for new viruses but the accuracy of these software are less as
they may also identify authorized files as virus. It makes mistakes called the
false positives and requires user involvement to manually approve certain
activities that the antivirus software doesn't realize is correct.
Sandboxing
Yet
another method for virus detection is by using a sandbox. A sandbox imitates
the operating system and runs the files in an isolated environment to not
affect the rest of the files. After the program terminates the sandbox is
analyzed for any changes that might have occurred which could be a virus. But
due to performance issues, this type of detection is performed only on demand.
That’s what antivirus software do to detect
viruses. The above mentioned virus
detection techniques are used in the antivirus software that we use and
these techniques are getting advanced day by day.
You have shared very useful information thorough this post. But everyday hackers are coding new viruses for cyber attacks, therefore these techniques also needs to be improved with time to remove these viruses more efficiently.
ReplyDelete