We all know that what is an antivirus , what does Antivirus do. But have you ever wondered that how does antivirus work? How antivirus detect viruses and deletes them?
We know that Antivirus is a Software that detects harmful Softwares and programs like Virus, Worms, Trojan Horses, Spyware, Ad-ware etc and delete them or quarantine. Antivirus are one of the most important part of a computer which protects us from many attacks and dangers every day. But the Question arises that how do they work?
so here we go..
The Antivirus Work in two main Ways:
1) Signature based detection
(i.e. Examining files to look for known viruses by means of a virus dictionary)
2) Checking for Suspicious Behaviour
(i.e. Identifying suspicious behavior from any computer program which might indicate infection )
We know that Antivirus is a Software that detects harmful Softwares and programs like Virus, Worms, Trojan Horses, Spyware, Ad-ware etc and delete them or quarantine. Antivirus are one of the most important part of a computer which protects us from many attacks and dangers every day. But the Question arises that how do they work?
so here we go..
The Antivirus Work in two main Ways:
1) Signature based detection
(i.e. Examining files to look for known viruses by means of a virus dictionary)
2) Checking for Suspicious Behaviour
(i.e. Identifying suspicious behavior from any computer program which might indicate infection )
Signature Based Detection
The Signature Based Detection is the way in which the antivirus compare the content of the file to the dictionary of known viruses. This is a very effective way because it is able to identify all the viruses that are publicly known.
If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.
The example of it is like this: If their is a file named format-virus which formats hardisk and its coding is like "format-hardisk" then the antivirus will compare it with dictionary, now if in the database of dictionary it is written that their is a virus with code "format-hardisk" then the file format-virus will be considered as virus.
The effectiveness of this method depends on that the virus or Trojan is public if it is not that it may not be able to detect it. Some hacker uses Crypter software to hide the content of the file e.g "format-hardisk" would become "antivirus-lover" which actually is a virus. Now antivirus would not find it in Dictionary because it seems another file to dictionary but in reality the file would still be virus. To encounter with this problem Antivirus Dictionaries also include the entries to identify the Crypted Virus. For Example they would also keep "antivirus-lover" in Virus Signature and identify that as virus also.
If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.
The example of it is like this: If their is a file named format-virus which formats hardisk and its coding is like "format-hardisk" then the antivirus will compare it with dictionary, now if in the database of dictionary it is written that their is a virus with code "format-hardisk" then the file format-virus will be considered as virus.
The effectiveness of this method depends on that the virus or Trojan is public if it is not that it may not be able to detect it. Some hacker uses Crypter software to hide the content of the file e.g "format-hardisk" would become "antivirus-lover" which actually is a virus. Now antivirus would not find it in Dictionary because it seems another file to dictionary but in reality the file would still be virus. To encounter with this problem Antivirus Dictionaries also include the entries to identify the Crypted Virus. For Example they would also keep "antivirus-lover" in Virus Signature and identify that as virus also.
Suspicious Behaviour
This type include the antivirus running in the real time and observing the behaviour of the the files running.The suspicious behavior approach, by contrast,it doesn't attempt to identify for known viruses, but instead it monitors the behavior of all programs, It looks if the files are overwriting the data without user's permission or notification or may be sending some data to some remote location via internet or something like this. If this kind of behaviour is observed by the antivirus then in that case Antivirus will suddenly stop the program and ask the user about the reliability of the file , that whether the file is trustworthy or not whether it should send data to that remote place or not.
The suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any antivirus dictionaries.
Note:- If you dont have antivirus in your computer then go and download it as soon as possible and scan your computer with antivirus because your computer is at high risk.
The suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any antivirus dictionaries.
Note:- If you dont have antivirus in your computer then go and download it as soon as possible and scan your computer with antivirus because your computer is at high risk.