These days, if you use a computer regularly like most of us do, you will be familiar with the terms "anti-virus software" or anti-malware software". As you're browsing this site, you are very likely familiar with the dire consequences of your PC being infected by a virus or by spyware, but have you ever thought of how anti-virus software works? Knowing how these software programs operate can help you to make the right choice when it comes to getting protection for your computer.
In the beginning, anti-virus software was developed to fight and eliminate computer viruses, but over time, as the hackers have become more sophisticated, so have the software protection programs. Nowadays, most anti-virus software will protect against spyware, adware, worms, trojans and a host of other kinds of attacks and infections which could harm your PC.
There are basically two methods used by anti-virus software to protect your system: scanning files and investigating suspicious behaviour (also known as the Heuristic Approach).
Scanning Files When anti-virus software uses a scanning method, it employs a database of known virus code and uses it to compare the files on your computer to this known malicious code. This is why it is so important to keep your anti-virus's database up-to-date, because it can only compare malicious code which it knows about against our files. New malware is constantly appearing on the Internet and only a constant updating process will help to protect your system.
Once a match has been found between a known virus (or trojan or spyware, or worm, etc.), your anti-virus program can take action against the intruder, and that action can take one of three different forms:
- Repair the affected file. Your anti-virus program will try to repair the infected file by removing the virus.
- Quarantine the file. The anti-virus program will stop the virus from spreading by making the infected file inaccessible to other programs.
- Delete the file. The anti-virus program will remove the affected file and the virus with it.
The above approach requires computer users to constantly download updated versions of their virus protection software. This is because new entries (i.e. viruses, malware, etc.) are constantly being added to the database.
Scanning is usually initiated when the operating system receives or sends and email or opens and closes a file, or launches a new program.. It is strongly recommended, however, that a regular schedule of scanning your entire system be set up at a pre-defined time. This need not interrupt your work on your PC, as you can schedule the system scan to begin in the middle of the night, when you're asleep.
The Heuristic Approach The heuristic approach to virus detection is different in that, instead of comparing files to known viruses, it monitors the behavior of programs and executables on a PC. If a suspicious activity is detected (and these sophisticated anti-virus programs can distinguish between ordinary behavior and potentially damaging behavior), then a pre-defined range of responses is activated. The response can range from asking the PC owner how to proceed, all the way up to automatically deleting the offending code.
The advantage of heuristic anti-virus programs is that they can protect against new malware which may not yet have been identified and registered on an anti-virus database. Heuristic-based programs can neutralize malware before it can cause any destructive activity.
Both methods are effective and some anti-malware programs are combining these approaches so that you, the user, can benefit from the best of both worlds.
Don Cummings has been in the Computer business for over 30 years. His website at http://www.pcmalwareshield.com provides information, articles and reviews of anti malware programs.
Article Source: http://EzineArticles.com/?expert=Don_Cummings
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment