Because of all the threats that exist from computer viruses today, most computer users have antivirus software running on their computers at all times. They check to make sure no viruses are affecting the computer at any time, and when a virus is found the software attempts to neutralize and delete it. The following takes a look at how that antivirus software actually works.
Identify a virus:
Obviously, before any virus can be dealt with it has to be identified. How does a software application do this though? With all the code that's shooting through a computer at any given time, how does it know which is and isn't harmful? Well there are ways to make this work, the simplest of them being by identifying signatures.
What a virus signature actually is:
All viruses have what is known as a signature. These are ways that a string of malware code can be identified. When viruses are discovered for the first time, the antivirus software maker can analyze it, find that signature, and then send it as an update to all the people who are using that application. The signatures are stored in a directory of sorts and when the software does a scan, it checks all of the code it comes across against that directory.
The whistling method:
Those who make viruses have been getting better at it and signatures aren't always the best way to track them down. Not only are they creating ways to avoid detection, but it's also not possible to identify a virus that way until it's already struck. A new method has emerged recently for protecting against viruses that's known as whistling. In this method, the software tracks executable code that's been deemed safe and whenever something that's not on the safe list tries to launch, the user is asked for permission.
Here, the antivirus software looks for executable files that are operating in a suspicious manner. This way they don't need to rely solely on signatures of known viruses but they can identify unknown ones as well. A problem with this is that viruses have been finding ways around this tactic, and worse, users have become trained to ignore the warnings because they can happen a lot of the time during false positives.
The heuristic approach:
This approach is taken by the more advanced types of antivirus software at times. It analyzes code and discovers what it is designed to do. Much like searching for suspicious behaviours, this method searches for suspicious intent. This method can also involve running a certain piece of code on a virtual system so as to see what it actually does, thereby taking it away from the target at that moment.
Because the world of viruses is evolving so fast, it's important for antivirus applications to keep up. To ensure every computer user has the maximum and most recent protection, most applications of this type are designed to update themselves as often as every day.