Principle of Antivirus Work
The main task of all antivirus programs is detection and removal of viruses. Of course, this has to do with a malicious code got into the system. The antivirus uses a whole set of new technologies for this task.
Each antivirus works on two basic principles:
1. Using the database of existing viruses. At every check the antivirus addresses this database to compare with it each file existing in the system. In order to make this principle of your antivirus operation efficient, you should update your virus databases as often as possible.
2. Searching for activity typical for viruses. When the antivirus detects them, it immediately blocks the program performing this activity. Sometimes this action helps to detect the virus, which wasn't included to the database.
As a rule, up-to-date antivirus software combines both principles in its operation.
Having detected the virus, the program can offer to complete various actions. These actions partially depend on what has been damaged because of the malware impact, since it can be a separate file, as well as the whole drive or database.
The antivirus can perform the following actions dealing with the infected file:
- Cure (delete the virus).
- Quarantine (the file remains infected but can be opened only under the user's control). In this case there remains a possibility to find the ways to cure the infected file.
- Delete the infected file (the antivirus takes this action when it doesn't have enough information to restore it).
Technologies implementing the principles of antivirus software operation
All technologies, implementing the principle of antivirus protection, can be classified in various ways.
The first type of technologies is based on what features of potentially infected objects are analyzed by the antivirus in the process of detection.
This can be:
1. Analysis of object code.
2. Tracking the changes of the file.
3. Analysis of suspicious objects behavior.
The second type of technologies is classified by the protection mode:
1. Constant monitoring.
2. The computer monitoring due to timetable or upon the user's request.
The third type of antivirus technologies is classified by the type of threats:
1. Reactive protection (requires constant update of antivirus database, since it uses the knowledge of familiar viruses to detect the malware).
2. Proactive protection (protects from new malware on the basis of the virus behaviour).
Why should the user know the principles of antivirus software work? This knowledge will help you to choose the right antivirus that'll totally protect your computer. A good antivirus includes the whole complex of technologies and neutralizes any threat.