Posted on

How Does Antivirus Software Identify Potential Viruses?

When choosing an antivirus program for your home or workplace you must consider more than the rate of detection of a product in controlled tests. You must also ensure that it is able to detect new malware and viruses. Virus writers work hard to come up with methods to defeat antivirus programs. They create viruses in order to disable them, hide themselves from detection methods and even evade anti-virus software.

One of the first types of antivirus programs operated by comparing files arriving on devices against their databases of known malware signatures. This type of signature detection works well for malware that is older. However, virus makers can develop new signatures at any moment for new malware types.

Modern versions of antivirus software employ heuristic detection in order to identify threats that could be present. Instead of searching for exact matches, heuristics analyze tendencies in incoming files and programs to see whether they are similar to known malware. This method is further enhanced by behavior-based detection that analyzes the way in which a software or program behaves in order to determine if it’s malicious.

Certain viruses attempt to block anti-virus programs by hiding from detection, blocking access to the update system of antivirus programs and causing corruption to library or code files that a virus scanner needs to function. More sophisticated viruses can attack the antivirus program itself by directly altering or deactivating parts of it. These types of virus are becoming more frequent and often include features like the worm component, which spreads from computer to computer.