-
An anti-virus program works as the computer's defense from viruses and other malicious software. The program's job is to scan the computer to identify and then eliminate any threats. Not only that, but anti-virus protection also means that new files containing viruses will be combated before they are downloaded on the computer. The program can either identify viruses in files on the computer or in software that threatens to plant infectious files on the system.
There are two approaches that the anti-virus software can use in order to protect your computer: the virus dictionary approach and the suspicious behavior approach. -
As new virus and malicious threats are discovered, they are added to a virus dictionary. The virus, its behavior, the threat that it causes, and the author are the different type of information that is held in the dictionary. Some anti-virus programs uses this dictionary as a guide to identify any suspicious and threatening software or files.
Once a file is created, opened, emailed or downloaded to a computer, the anti-virus software checks it against the dictionary. If it is deemed a possible threat, the software will delete it, quarantine it (to stop it from spreading to other non-infected files) or repair it by removing any of the malicious code.
To stay up-to-date with any new viruses, the anti-virus software must regularly download updates to its dictionary. When new viruses appear on the internet, users are encouraged to send the infected files to the makers of the anti-virus software so that the main virus dictionary can be updated.
The dictionary approach has been deemed quite effective. However, it is not without its pitfalls. Hackers and virus creators have found a way around it by developing polymorphic viruses. This means that they encrypt part of the malicious software as a form of disguise so that the anti-virus software will not recognize it as a virus. -
The suspicious behavior approach monitors the behavior of all software programs running on the computer. This approach doesn't identify or look for known viruses. It flags suspicious behavior such as a program trying to write to an executable program. The suspected program is flagged and a warning message is issued to the user for their plan of action for the program.
The suspicious behavior approach is more effective in stopping new viruses since it doesn't rely on a dictionary, which may not be regularly updated, for reference. However, this approach can be annoying because of all of the false positives that it gives. After a while a user can become desensitized with the overwhelming amount of false warnings and inadvertently let a virus through. For this reason, the amount of anti-virus software that uses this approach is become almost nonexistent.
There isn't any 100 percent effective way to guard the user against virus attacks. Some believe that Microsoft can do more with their security fixes in the popular programs such as Outlook and Windows. Anti-virus software and user carefulness are the best form of protection that is out there now.
