Antivirus software is one of the most important programs on modern computers. This is because there is an ever-increasing number of security threats against digital targets, many of which are used for banking, making purchases, and in other financially-sensitive situations. Without antivirus software, your computer would be vulnerable to many of these attacks.
Despite the fact that most computers have antivirus programs, many people do not know how the programs work. In technical detail the tasks that antivirus programs perform are quite complicated, but they all work on a few basic principles. In an era where every computer now comes with an antivirus program, wanting to know how they work just makes sense.
There are two basic approaches to finding viruses and malware on computers. A single program may use only one approach, but most modern offerings use both. The more types of detection employed, the more viruses will be caught.
Signature or Dictionary Based Methods
These use information that is available from a database, usually supplied by the antivirus program manufacturer. They simply match pieces of code in the malware against known samples in the database. When a string of code is recognized as belonging to a virus or piece of malware, the program flags it.
This method of detection is very effective, but has a few major flaws. It relies on the virus being in the database, which requires frequent samples and updates. If a string of code does not match anything in the database, the antivirus program won’t flag it, no matter how potentially damaging it is.
Heuristic or Suspicious Behavior Methods
These methods involve looking for programs doing strange things, thus the term suspicious behavior. Just as it might be unusual to see a person doing certain things, computer programs can also be classed as ‘behaving’ oddly. Heuristic antivirus detection works by looking for shifty programs.
Often, antivirus software does not know if a program is behaving appropriately or might do damage to the computer. In these cases, it either alerts the user, or allows the program to continue in a virtual environment where the results have no real consequences. This way, the antivirus software can see if the program is malicious or not before making any further moves.
Potential Problems with Antivirus Programs
Antivirus programs face problems such as shifting codes and zero-day attacks which cannot be completely avoided. The latter refers to malware programs that are not yet in any database, and are thus on day zero of their deployment. Most only function for a day or two before the major antivirus companies include them in their directories, but this can be long enough to do a fair amount of damage.
Shifting code refers to programs that are designed to actually rewrite themselves. This makes the original sequence of code that the antivirus program tries to match to a directory unrecognizable because it has been scrambled. This and zero-day attacks are the major reasons that signature-based detection is not enough, and why it must be combined with heuristic methods.
The Importance of Updates
Antivirus software is updated more often than most other programs, and it needs to be in order to be effective. Without these updates, the program will miss newer viruses that have been recently released and could be a threat to Kaspersky distributor systems. Most programs are designed to automatically update when connected to the internet, and this feature should not be turned off without careful consideration.