Thursday , 27 October 2016

How Antivirus Software Works

how antivirus software works

How Antivirus Software Works ?

Antivirus programs are powerful pieces of software that are essential on Windows computers. If you have ever wondered how antivirus programs detect viruses.

Today i am going to show you How Antivirus Software works. Antivirus software work are based on :-

Signature based detection :- 

How Antivirus Software Works

Signature based detection is the most common method that antivirus software uses to identify malware. This method is somewhat limited by the fact that it can only identify a limited amount of emerging threats, e.g. generic, or extremely broad, signatures.

When antivirus software scans a file for viruses, it checks the contents of a file against a dictionary of virus signatures. A virus signature is the viral code. Finding a virus signature in a file is the same as saying you found the virus itself. If a virus signature is found in a file, the antivirus software can take action to remove the virus. Antivirus software will usually perform one or more of the following actions; quarantining, repairing, or deleting. Quarantining a file will make it inaccessible, and is usually the first action antivirus software will take if a malicious file is found. Encrypting the file is a good quarantining technique because it renders the file useless.
Suspicious behavior monitoring :- 
How Antivirus Software Works

The suspicious behavior approach, by contrast, does not attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, the antivirus software can flag this suspicious behavior, alert a user, and ask what to do.

 Heuristics ( Anomaly Detection ) :-

How Antivirus Software Works

Some more sophisticated antivirus software uses heuristic analysis to identify new malware.

Two methods are used; file analysis and file emulation.

 As described above, file analysis is the process by which antivirus software will analyze the instructions of a program. Based on the instructions, the software can determine whether or not the program is malicious. For example, if the file contains instructions to delete important system files, the file might be flagged as a virus. While this method is useful for identifying new viruses and variants, it can trigger many false alarms.

The second heuristic approach is file emulation. By the this approach, the target file is run in a virtual system environment, separate from the real system environment. The antivirus software would then log what actions the file takes in the virtual environment. If the actions are found to be damaging, the file will be marked a virus. But again, this method can trigger false alarms.

 Protocol Based Analysis :-

How Antivirus Software Works

Protocol based analysis engine provides a framework for sophisticated inspection and analysis capabilities that, unlike hardware-based engines, can be dynamically updated to reflect changes and enhancements to network protocols as easily as a signature update.

Hope you like my post How Antivirus Software Works, Please Share with others.

Use Facebook to Comment on this Post

About Syed Balal Rumy

A 27 year Tech Geek and a blogger from India ( Bihar ) , live in New Delhi. I am MCITP , CEHv8 , CCNA , CCNA Security , CCNP Security , Security + and CCSA certified. Loves to write tech articles based on my real experiences.

Powered by