INTERRISK ASIA
(THAILAND) CO., LTD.
SURVEY
TRAINING & SEMINAR
CONSULTING
An antivirus is a software that prevents, detects and removes malicious software programs like computer viruses, worms, Trojan horses, spyware, etc. that are harmful to the computer systems. If you’ve ever wondered how antivirus programs detect viruses, what they’re doing on your computer, and whether you need to perform regular system scans yourself. There are answers in this article but first, taking a look at what are the virus and malicious code might help you get a better picture on the further topics.
The malicious code refers to a broad category of programs that can cause damage or undesirable effects to computers or networks. Possible damage can include modifying, destroying or stealing sensitive data, gaining or allowing unauthorized access to a system and executing functions that a user never intended.
So computer viruses are the most common form of malicious code. A virus is a program that infects a computer by attaching itself to another program and propagating itself when that program is executed. It should be noted that some malicious programs are able to exhibit the behaviors of more than one type of malicious code. For example, certain programs may be both a virus and a Trojan horse at the same time. Thus there are plenty of antiviruses are available in the market which uses different approaches to detect and remove viruses. Generally, these approaches can be distinguished into three categories 1) Signature-based detection 2) Heuristic-based detection and 3) Behavioral-based detection
In the first approach, an antivirus has a library of signatures of all popular viruses as a virus definition. The definition files contain signatures for viruses and other malware that have been encountered in the wild. During the scanning process, it compares the content of all computer programs with the library of viruses. If there is such a program found that matches with a signature that is defined as a virus, an alert is made to the user about this program and the antivirus program stops the file from running, putting it into “quarantine.”
This type of detection is most commonly used in combination with signature-based detection. Heuristic technology is deployed in most of the antivirus programs. This helps the antivirus software to detect new or a variant or an altered version of the malware, even in the absence of the latest virus definitions.
Antivirus programs use heuristics, by running susceptible programs or applications with a suspicious code on it, within a runtime virtual environment. This keeps the vulnerable code from infecting the real world environment.
This type of detection is used in Intrusion Detection mechanism. This concentrates more in detecting the characteristics of the malware during execution. This mechanism detects malware only while the malware performs malware actions.
So different antivirus programs have different detection rates, which both virus definitions and heuristics are involved in. Some antivirus companies may have more effective heuristics and release more virus definitions than their competitors, resulting in a higher detection rate.
Antivirus software scan is a very important task to undertake for the safety of your computer. Because viruses can damage the data on your computer and can even leave openings for hackers. Depending on the situation, you may face identity theft, problems with the device, lost data or even a computer crash. Scanning your computer for viruses should be a regular task to undertake since it gives you a chance to remove and reduce a risk from malware that may hinder the activities of your system.
Normally, your security software already gives real-time protection against threats as they emerge, but regular system scans are vital. Antivirus programs often offer two types of scan: a ‘quick’ scan and a ‘deep’ or ‘full’ scan. Although there is no specific set amount time between scans, it is recommended to do a manual ‘quick’ scan whenever you suspect any traces of viruses in your system and/or any time that your computer suddenly slows down, starts creating problems or is simply not working as effectively as it did previously. You can also further set your software to do a full scan once a week using appropriate antivirus software that suits your preferences and goals. You can usually customize the schedule, although scanning your entire PC every day is probably too much but leaving more than a week between scans is not safe.
