|
In this article:
- What is antivirus software
- Types of antivirus software
- History of antivirus software
What is Antivirus Software
Antivirus software is a collection or set of computer programs that are used to detect and eliminate computer viruses and other malicious software or malware from a computer system. Antivirus software is also used to prevent the computer system from getting infected from a virus in the first place.
All antivirus software try to detect such malicious programs by using two methods:
- Examination
Commonly called scanning, antivirus software scan files and try to find a match between the code in the program with the virus definitions that they hold in their ‘dictionary’ of viruses.
- Identification
Antivirus software may also detect suspicious behavior demonstrated by a program which may imply that the computer system is infected.
In the real world, antivirus software usually use a combination of both these techniques though the virus dictionary technique is more superior to the other one.
Methods used by antivirus software
- Dictionary
This is the most popular method used by antivirus software. Under this method of virus detection, the antivirus software inspects a file and while doing so, it takes the help of a dictionary that stores the definitions of known viruses. If a match is found between the virus definition and the file, the viruses is said to be detected and the file is said to be infected. Once this has been done, the antivirus will try to repair the file by removing the code belonging to the virus from the file. If this fails, then the file is made inaccessible to any programs hence keeping the virus limited to the file only. This is commonly called as quarantining a file. As a last resort, the antivirus would delete the infected file.
This technique of virus detection is characterized by what are called updates. Updates are additions to the virus dictionary maintained by the antivirus software which need to be made periodically so as to make the software capable of detecting newer viruses. These updates are usually done over an internet connection and are usually automatic. The updates are results of some users of the antivirus software to report a new kind of virus as and when they appear to the manufacturing company which then provides an update for all the other users. The updates may also be the result of the programmers or developers of software finding about a new kind of virus threat.
An important feature of this type of scanning is that files are scanned every time they are opened, closed or processed in some way by the Operating System of the computer. This way, it becomes possible to detect computer viruses as soon as they infect a particular file. Such dictionary- based may also be scheduled to be performed at a particular time by the user, say, on a particular date and time or at regular intervals.
- Suspicious behavior
The suspicious behavior method is unique in the sense that it can help detect viruses even if they are not present in the virus dictionary of the software. Under this method, all programs are constantly observed for suspicious behavior. This includes writing data to an executable file. If this happens, the program is marked as being a virus (or the file being marked as infected) and the necessary action is taken after the user’s consent.
- Other approaches
Some antivirus-software may use heuristic analysis for virus detections. Under this, a part of the code of a program is first emulated, that is, given a test run before by the antivirus system before the control is given to the program itself. At this stage, if the behavior of the program seems to be suspicious, it can be detected as being a virus. However, this approach is quite inefficient.
History of antivirus software
Peter Tippett arguably made the first anti-virus software of the world in the year 1981. Tippett was inspired to make the antivirus software after reading about some of the world’s early viruses and determining how they affected a computer system. Later on, Tippet joined Symantec and his software was incorporated into what is now known as the Norton Antivirus program.
|
