What is Antivirus Software + How Does it Work?
By Corbin HartwickUpdated on March 15, 2022
Computer viruses have been around since the earliest days of personal computing in the 1970s. However, it wasn’t until the late 1980s and early 1990s (coincidentally, the time period during which the World Wide Web and commercial Internet were being developed) that computer viruses became more numerous and easy-to-spread, to the point where a whole industry dedicated to stopping them was created.
Several organizations and companies were set up to study computer viruses and how they behave. They found that, like other computer programs, viruses have a set of predictable elements and behaviors that give them away. Based on this information, numerous counter-programs were created to identify, block, isolate, and delete computer virus programs. These counter-programs are collectively known as antivirus software.
Over time, antivirus software has advanced to the point where many forms of it can handle not only computer viruses, but also spyware and other malicious programs, including some hacking tricks. You may hear this new class of antivirus software referred to as “anti-malware”, but it basically serves the same function. For the sake of simplicity, throughout these tutorials, we will refer to antivirus and anti-malware programs collectively as “antivirus software” (since most modern antivirus software contains both types of programs).
As you will read in our upcoming Best Antivirus Software article, some of the most popular solutions include:
- Avast (www.avast.com)
- Avira (www.avira.com)
- Kaspersky (www.kaspersky.com)
- BitDefender (www.bitdefender.com)
- Trend Micro (www.trendmicro.com)
How does antivirus software work?
Did You Know
This information about how antivirus software finds and deletes viruses and other malicious programs is somewhat technical in nature. We largely put it here just for interest’s sake, so don’t worry if it doesn’t completely make sense to you.
Antivirus software is generally able to identify and block, isolate, repair, and/or delete virus-infected files using three different detection methods: signature, heuristic, and behavioral.
- Signature detection involves studying the “digital signature” of a computer virus. This refers to a part of computer code that uniquely identifies a computer element (such as a program, message, or document). It’s often used in more legitimate online transactions to ensure a user that a message, program, or document has been sent from a trusted person with their consent, and has not been tampered with along the way. However, many computer viruses use these signatures, too. This means that antivirus software can check an incoming program’s signature against its list of known virus signatures to know if a program contains a virus, and take appropriate action based on the result.
- Heuristic detection involves a sort of “shortcut” whereby antivirus software will look for certain patterns of code within a computer program and try to match it to patterns of code found in certain computer viruses. It is often used as a supplement to signature-based detection, which may have trouble detecting new modifications of existing computer viruses. Heuristic detection may be able to catch these variant viruses by detecting code patterns found in their related “families” of computer viruses, even if the full digital signatures of these variant viruses aren’t on the books yet.
- Behavioral detection involves studying a program’s behavior after it runs to see if it’s doing anything bad or not. For example, a common thing that computer virus programs will do when they are run is copy themselves. Unfortunately, this style of detection usually means that a program, if it is a virus, will have already caused some damage before it is identified as a virus and neutralized. However, there are some advanced behavioral antivirus techniques being developed that will be able to determine whether a program does anything bad by looking at patterns of code within the program itself. This means that antivirus software won’t need a virus program to run in order to know that it’s malicious, and it won’t need to match external clues like digital signatures in order to know that a program contains a virus.
Well, now that you know a bit about what antivirus programs are, where they came from, and how they work to keep your computer safe, it’s time to pick the one that’s right for you!