For some of you who have a good knowledge about systems this topic will be not so important but if you are a novice and fundamentals interests you then you will certainly appreciate this effort.
What is anti-virus? A very basic definition for anti-virus can be something like this – A computer program which scan files in order to identify and eliminate computer viruses and malware (malicious software). There may be many more definitions in this context but this is one of the most basic and easiest one.
Some of our novice readers will not be knowing what virus is. Virus in computers is a program or just a code which gets loaded in your computer without your knowledge. It can be harmful or playful by intention. Some viruses are so harmful that they can erase data. Some viruses have been made by programmers that can replicate themselves which means they can make a copy of itself again and again. This is a simple yet dangerous programs as it can use all of your available memory and bring the system to halt.
There is one virus which can transmit itself across networks giving dodge to security systems.
Programmers have created viruses that can be transmitted as an attachment to an e-mail or in a downloaded file. They can also be present on a diskette or CD.
Main classes of viruses:
Generally, there can be three classes of computers.
Those which infect files: These file infect-or viruses attach themselves to program files like .COM and .EXE. In this case when program is loaded – the virus gets loaded as well.
Those which infect system files or boot-record. And the third ones are the Macro viruses which are most common. One of its examples is the virus which insert unwanted words or phrases in a word processor application.
Enough about viruses! Coming back to anti-virus again.
The anti-virus examines the files by using a virus dictionary. The objective here is to find out the known viruses.
In the second technique it identifies the suspicious behaviour of any computer program that indicate infection of computer virus.
Virus dictionary approach
A dictionary of known viruses has been created by the author of anti-virus software. When anti-virus software examines a file it refers to this dictionary. In case a piece of code in the file matches with the virus identified in the dictionary then anti-virus either deletes that file or quarantine it so that this infected file becomes inaccessible to other programs.
It requires periodic downloads of updated virus dictionary entries done though internet in order to be successful. You can also send your infected files to the authors of anti-virus software who will include the information about the new viruses in their dictionaries.
Suspicious behavior approach
As it is self-understood by the word “suspicious” itself if anything unusual or suspicious happens to the program – this is called Suspicious behavior approach. For example, if one program tries to write data to an executable program then it is flagged as suspicious. It provides protection against brand new viruses by monitoring the behavior of all programs.