How AntiVirus Programs Work
Anti virus programs are designed to protect computer systems from viruses. These programs provide two levels of functionality when protecting against viruses:
- Real time protection
- Scaning of files stored on computer drives or disks.
Anti-virus programs can detect viruses two ways:
- Footprint of virus program – This method is the most common method used to identify viruses and false positives are extremely rare. It compares the virus footprint against a library of known footprints which match viruses. A footprint is a pattern in the data included in a file. Using this method, viruses must be identified as viruses, then added to the library of footprints. The advantage to this method lies in the fact that false positives are extremely rare. The disadvantage to this method is the fact that there is a time period between when the virus is released to when the library of known footprints is updated. During this time period, the virus will not be recognized and could infect a computer.
- Characteristics of program – This is called heuristic scanning and examines the actions that the program attempts to take or may attempt to take. It looks at the type of system function calls included in the executable code and if it looks too suspicious, it may flag the program as a possible virus and ask for user intervention. The advantage to this method is the fact that there is no time period when the computer is not protected after specific viruses are released. The disadvantages include the fact that false positives may occur and some viruses may not be identified.
I recommend a product that uses both of the above methods to scan for viruses. When viruses are identified with a library of footprints, the anti-virus program can usually be configured to automatically download the latest library of footprints periodically. I recommend that this be no less than once per day since a delay would increase the chance of unrecognized viruses infecting the computer system being protected.
There are several actions that anti-virus programs take or may take when a virus is found. Usually options are configured in the program to attempt one action first, then if that fails try a second action, etc.
- Repair the file that has the virus. Usually this is attempted first.
- Quarantine the file that has the virus so no program can access it but it could be restored. Usually this is done when a virus laden file cannot be repaired.
- Delete the file that has the virus.
- If you do not have an anti-virus product, purchase one. Check the anti-virus products section to see a variety of anti-virus products. Read the reviews on these products where they are available.
- Update the virus list database in your anti-virus product at least once per day. Most products have an automatic update feature which allows you to set when it will check for updates and do them automatically. The updates should be done often since not all products can filter against unrecognized viruses. Delaying the update time for your anti-virus product virus library will increase the chance of your system getting an unrecognized virus.
- A full virus scan should be done at least once per week.