antivirus

How does an antivirus work?

Spread the knowledge

Does an Antivirus actually protect your computer/mobile phone? How does an antivirus detect a virus as a threat to your device?

The vast majority of the people who own a desktop pc these days also have an antivirus program installed on it. In fact, Windows devices comes with a built-in antivirus called Windows Defender. But have you ever wondered how does an antivirus actually work? How does it detect and identify a virus on your device and flag it as a potential threat? Well, let us  first look at the 3 of the most popular antivirus softwares that are available on the market.

Windows Defender :

windows defender antivirus

Windows Defender is an antivirus software that is built into Windows Devices. The defender software started rolling out with Windows 7 operating systems way back in 2009 and is still being used in Windows 10 and the upcoming Windows 11 as well. It offers a decent level of protection to Windows devices but does not have much features when compared to some of the other antivirus softwares that are available on the market. Windows defender is available on all Windows machines and can also be downloaded from Microsoft’s website on Windows XP and earlier versions of Windows. Click here to know more about Windows Defender.

 

Kaspersky Internet Security :

kaspersky internet security

Kaspersky is another immensely popular antivirus program that is used by people throughout the world. Kaspersky provide a few different softwares with wide range of functionalities. The basic antivirus software is capable of scanning your pc and detecting malicious files and programs and preventing them from executing. The internet security gives the added functionality of securing your online browsing. Kaspersky Internet security scans the websites that you visit and prevents you from accessing websites and web applications that may contain malware or viruses. This software is available for all popular operating systems such as Windows, MacOS, Android and iOS and has few different pricing tiers. Click here to know more about the features and pricing for Kaspersky’s antivirus.

 

Avast Antivirus :

avast antivirus

Similar to Kaspersky, Avast is also an extremely popular antivirus program that provides virus protection to all of your devices. Unlike Kaspersky, Avast offers free antivirus software that can be downloaded from their website. The free versions provides virus and malware detection capabilities along with internet safety by preventing you from opening malicious websites. The paid version of Avast provides protection from Ransomware too! Avast is available on all popular operating systems such as Windows, MacOS, iOS and Android. To know more about the software, to download the software or to see the pricing details, you can click here.

How do these antivirus programs actually detect a virus?

Every virus or malware that is created has its own unique digital signature that helps in identifying the creator of the malicious program. Most hackers prefer generating a virus through tools without the need for extensive scripting and coding. Such kind of tools also include their signature in each and every malicious program that they create. This digital signature helps in identifying what type of virus or malware a particular program is and which tool created it.

When hackers create a malicious program, they upload it to websites and run it against antivirus scanners to see if any of the antivirus programs detects if the file is malicious or not. More often than not, these websites which perform the scans also share the signature of the virus to all major antivirus providers. Antivirus providers as the ones mentioned above, update their database regularly by adding newly identified signatures. One of the most popular website called VirusTotal is used by hackers to scan their malicious programs. VirusTotal is a company owned by Google.

When the files are uploaded to the VirusTotal website,  it performs scans against numerous antivirus programs including the ones mentioned above and checks whether these programs are able to detect any malicious signatures. If the digital signature is unique, it will be not be detected by most to the antivirus programs and says that the file is “clean” or safe. The company will later verify the file once again by running it and if any suspicious activity is detected, it will record the digital signature of that program.

This is then sent to all other antivirus providers and they update their database with this signature. Thus in a matter of few hours, all major antivirus softwares will detect this as a potential threat and prevent that any files containing that particular signature from executing. This is how softwares are capable of detecting viruses and malware. Ensure that the antivirus program that you have installed on your device is up-to-date and the databases of those are also up-to-date. This will stop a great number of viruses and malware from entering your devices.

Can Antivirus detect any virus which hasn’t been scanned online?

The answer to that question is Yes, in some cases. If a virus or malicious program that hasn’t been uploaded online and has been specially programmed to target you (without using tools to create the virus), then there is a good chance that your anti-virus software will not recognise it as a malicious program. But there are exceptions. Some of the anti-virus programs are starting to implement something called Behavioural Analysis. This means that the software will learn and understand how you use your systems, what programs you executes and what processes are running everyday.

If an unusual activity (behaviour)  is recorded over a period of few days, the anti-virus software will find the source of that activity and flag it as a potential threat. It will then analyse the behaviour of that program and classify it as a virus if any suspicious activity is found. The problem with this technique is that you will get to know that your device is infected, only after a few days. Not all anti-virus providers have implemented this functionality into their program as of now. But as time goes on, more and more providers will incorporate this feature into their softwares.

Conclusion :

It is absolutely essential to have an anti-virus program installed on all your devices, be it a Windows or a Mac. This prevents unwanted programs from being executed and stealing private information or corrupting your valuable data. If you find this article useful, be sure to share it with everyone you know and help them remain safe too. You can also consider subscribing to our newsletter so that you can get the latest articles delivered straight to your email inbox.To read my previous article on how to identify spam emails, click here. And to know about the importance of privacy, click here.

One Response

Leave A Comment

Your email address will not be published. Required fields are marked *