What is antivirus
Antivirus is a type of computer software or a set of program which detect harmful malware and removes them from the computer software. Antivirus software prevents malicious threats like viruses, worms, Trojan, ransomware, spyware, etc. to enter into the computer system.
Such malware generally attacks the software system like operating system and try to spread to all the system files and directories. Once, the malware been infected in the system, the system behaves abnormally, it gets slower and hangs and becomes difficult to operate by the user.
If antivirus installed in the system, it thoroughly scans the system files and other files and checks and detects for any virus infection.
The main purpose of antivirus software is to scan the storage drives to detect malicious files which may be in the form of viruses, Trojan, worms, etc. The different antivirus software incorporates different types of virus detection techniques:
- Signature-based detection
- Heuristic-based detection
- Behavior-based detection
- Sandbox detection
- Cloud-based detection
Signature-based detection (Virus dictionary-based)
Every antivirus software maintains a database or a dictionary of thousands of virus definition files or virus signature. When antivirus is run, it scans the infected drives and checks for known virus signatures in the drives. It then compares scanned known virus signatures with its database. If the file matches with virus definition, it then triggers an alert to the system.
Signature-based detection is the most common method to detect the known virus and gives almost accurate results. But it cannot detect a new virus which doesn’t match with the virus signature database.
It is also one of the most common ways to detect the unknown virus. It uses an algorithm to compare the known virus signature against a threat. It is the best method to detect suspicious characteristics that are found in the unknown new viruses. It can also detect the threats which are modified from the earlier known threats called a polymorphic virus.
Behavior-based detection is one of the most efficient technique to protect the computer or the network from ransomware, file-less malware and zero-day malware. This type of virus analyses the behavioral pattern of the program on the system. As soon as a program performs an unusual and strange action, it triggers a warning to the system. Such unusual behavior of the program may be due to:-
- Modifying or deleting multiple files.
- Someone has gained remote access to the system.
- The program setting has been changed.
- Keystrokes are recorded.
Behavior detection is good for detecting such malware that tries to steal the login access and other information form the system. A key logger attack can be prevented by this method.
In sandbox detection, suspicious program or code are allowed to run on an emulated or virtual environment and then, its behavioral pattern is analyzed to detect any suspicious or abnormal behavior like overwriting files, self-replication or other abnormal actions usually performed by the malware threats. If such a pattern is detected, it thereby alerts the user before running it on the computer.
Cloud antivirus detection
Cloud antivirus detection is another type of antivirus protection method. It uses a small client on the computer to gather information from the cloud and processes all types of virus detection methods that are discussed above in the cloud. By running all detection in such a cloud environment, the computer requires very little processing as compared to a full antivirus program running on the computer. However, it always requires an uninterrupted Internet connection for the task to be executed.