SuperTips
SuperTips Categories

Share This:

Antivirus-Software

Computer and Internet Services

Antivirus-software also known as AV software has been a required element of computing since the first floppy disk made it possible to share data and programs between multiple computers. In the early days, it was possible to compile an AV solution on a single floppy disk and use that disk to clean computers without actually having to install the software. However, modern antivirus software has, by necessity evolved into a major application of its own.

Modern AV software has three primary functions

The first is to detect the presence of malicious code. AV software uses two methods to accomplish this task. The first is to use what could be termed “Signature detection” and the second is using “Heuristics”. Signature detection works on the principle that once a virus program has been identified and analyzed, a set of parameters can be established to define that particular virus. These signature identities are then put into a database and an index is created so that the antivirus software can quickly compare each file it scans against the database of known virus programs.

Heuristic identification on the other hand, uses some basic logic to deduce the functions of a program and identify potential harmful effects. Of the two detection methods, signature detection is the more accurate and also benefits from the speed of having these signatures indexed in a database. Heuristic detection however has the benefit of sometimes being able to identify virus programs that have not yet been added to the signature database. It is however, prone to false positive identification and requires more human interaction to aid in the identification process.

The second primary function of antivirus-software is removal or “cleanup” as it is sometimes called. There is something of a misconception associated with this process. It is often difficult, if not impossible to remove modern virus programs once a system has become compromised to the point where the basic functions of a computer are being attacked. Most AV software programs will do an adequate job of removing files that are added by the virus program but are limited in what they can do for original files that have been corrupted by the virus program.

For this reason, once a computer reaches a certain level of infection, it may become necessary to have that system repaired by a qualified technician. However, if a computer is not yet compromised to that extent, AV software can very often completely remove all traces of the offending virus program and restore full functionality to the system.

The third basic function of an antivirus-software program is prevention. This is where these programs shine. AV software programs use three basic methods to prevent infection. The first two are dependent upon the detection processes detailed above. However, in order for the virus identification database (Signature Files) to remain current, the AV software program regularly updates itself from the main database maintained by the developer. It also sometimes updates its program to enable better heuristic evaluation. Finally, the modern AV software program uses a series of event notifications to inform the user of threats that have been identified. It is imperative that the end user read these notices, confirm they are coming from the antivirus software program and follow the instructions they are provided.

Find local Computer Service Resources

: