Professional Documents
Culture Documents
works?
Specific Detection – This works by looking for known malware by a specific set
of characteristics.
Generic Detection – This process looks for malware that are variants of known
“families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by
looking for known suspicious behaviour or file structures.
Although the detection tools are highly effective, no antivirus software is
failsafe. If you suspect your device has been infected, you should take action to
remedy the problem quickly.
On-Access Scanning
Antivirus software runs in the background on your computer, checking every
file you open. This is generally known as on-access scanning, background
scanning, resident scanning, real-time protection, or something else,
depending on your antivirus program.
When you double-click an EXE file, it may seem like the program launches
immediately – but it doesn’t. Your antivirus software checks the program first,
comparing it to known viruses, worms, and other types of malware. Your
antivirus software also does “heuristic” checking, checking programs for types
of bad behaviour that may indicate a new, unknown virus.
Antivirus programs also scan other types of files that can contain viruses. For
example, a .zip archive file may contain compressed viruses, or a Word
document can contain a malicious macro. Files are scanned whenever they’re
used – for example, if you download an EXE file, it will be scanned
immediately, before you even open it.
It’s possible to use an antivirus without on-access scanning, but this generally
isn’t a good idea – viruses that exploit security holes in programs wouldn’t be
caught by the scanner. After a virus has infected your system, it’s much harder
to remove.
If you ever want to test whether an antivirus program is working properly, you
can use the EICAR test file. The EICAR file is a standard way to test antivirus
programs – it isn’t actually dangerous, but antivirus programs behave as if it’s
dangerous, identifying it as a virus. This allows you to test antivirus program
responses without using a live virus.
Antivirus programs are complicated pieces of software, and thick books could
be written about this subject – but hopefully this article brought you up to
speed with the basics.