How Does Antivirus Software Identify Potential Viruses?


When you are choosing an antivirus program for your home or office you must consider more than the rate of detection of a program during controlled tests. It is important to make sure that it can detect new malware and viruses. The virus writers work hard to create methods of defeating antivirus programs. They create viruses that block them, hide from the detection techniques, or overcome the antivirus software itself.

One of the first types of antivirus programs compared files received by devices to their database of malware that they have identified. This is a kind of signature detection and works quite well for older malware, however the problem is that virus authors can create signatures for different types of viruses at any moment, meaning the antivirus protection would always be catching up.

The most recent versions of antivirus protection employ heuristic detection to find possible threats. Instead of searching for exact matches, heuristics examine tendencies in incoming software and files to determine if they match those of known malware. This method is further enhanced by behavior-based detection, which examines the way a program or file behaves to determine if it’s infected.

Some viruses attempt to stop antivirus programs by evading detection, blocking access to the antivirus program’s update system and causing corruption to library or code files that a virus scanner requires to function. Some viruses are more sophisticated and will directly alter or disable components of the antivirus software. These kinds of viruses are becoming more prevalent and usually include features such as the worm component which spreads from computer to computer.