How An Antivirus Works

Almost all computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer system. Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works and updates.An antivirus software typically uses a number of strategies in detecting and removing viruses, worms and other malware programs. e.g. 1. Signature-based detection – Dictionary based 2. Heuristic-based detection – Suspicious behavior based 1. Signature-based detection – Dictionary based ...This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every file matches with the one in it’s dictionary then it is marked and proper action is taken immediately so as to stop the virus from further duplicating. The antivirus may choose to repair the file or delete it permanently based on it’s efficiency risk.As new viruses and malwares are created and released every day,this method of detection cannot defend against new malwares created unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to their software dictionary.More and regular the updates more secure we become. 2. Heuristic-based detection is Suspicious behavior based. Heuristic-based detection involves identifying suspicious behavior from any given program which might indicate a potential risk.This technic is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus does not attempt to identify known viruses, but instead monitors the behavior of all programs. File emulation- This is another type of heuristic-based technic where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and take necessary actions to clean the infection. How to check your anti virus weather it does the work you hired it for? European Institute of Computer Antivirus Research – EICAR Test made it easy. It is a common test and most of us can perform it right now! 1. Open a notepad (New Text Document.TXT) and copy the following code exactly onto it, and save the notepad. EICARTest Code:1. X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 2. Rename the file from New Text Document.TXT to mynewfile.com 3. Now run the antivirus scan on this mynewfile.comfile.If your antivirus is functioning properly on your computer, then it should generate a warning and immediately delete the file upon scanning. Otherwise find a new antivirus software.