How Does Antivirus Software Work

How Antivirus Works

Scanning files, identifying and eliminating computer viruses and other malicious software’s are what an antivirus software program does.It is a computer program.

There are mainly two techniques in which the antivirus program accomplishes this process.

1. We need to examine files with the help of virus dictionary in order to look for known viruses so that we can remove them and save all your files and documents from getting deleted.

2. It is also very necessary to identify suspicious behavior from a computer program which can make some kinds of infections.
With an emphasis on the virus dictionary approach, most commercial anti-virus software uses both of these approaches as they are good techniques and can make your computer virus free thereby keeping you tension free..


When the anti-virus software examines a file in the virus dictionary file, it refers to the dictionary of some kind of known viruses that must have been identified by the author of the antivirus software. If a virus identified in the dictionary matches with a piece of code in the file, the antivirus software will either make the file inaccessible to other programs or will completely delete it. It also attempts to repair the file by removing the virus itself from the file and makes the virus unable to spread.

The virus dictionary approach requires periodic online downloads of updated virus dictionary entries in order to be successful in the medium and remain in it for a long term. Infected files or the new antivirus that are found can be sent to the author of the antivirus software who will include all the information of the viruses in their dictionaries.

When the computer’s operating system creates, opens, and closes the files, Dictionary-based anti-virus software typically examines. Accordingly a known virus can be detected immediately upon receipt. The software also schedules itself to examine the file on a regular basis.

In order to not match the virus signatures in the dictionary, the authors modify themselves as a method of disguise. Virus authors have tried to stay a step ahead of such polymorphic viruses even though the dictionary approach is considered effective.


The suspicious behavior approach, by contrast monitors the behavior of all programs. suspicious behavior approach therefore provides protection against new viruses which do not exist in the dictionary as yet.

Sometimes the users probably become desensitized to all the warnings because of some false positives. The antivirus software becomes useless to the user if the user keeps on clicking ACCEPT whenever there is any kind of warning.


If any program uses self modifying code or appears as a virus, it becomes obvious that the file is infected by virus. Sometimes it does results in false positives. Using sandbox is another method for detection of virus. Sandbox emulates the operating system. Sandbox is analyzed for changes which might indicate a virus. It is usually performed only on demands. Some of the software’s will try emulating the beginning of the code of each new executable which may somehow be a good way to detect any kind of threats that can be present in your computer.


Macro virus is the most destructive computer virus without the need of all users to buy anti-virus software it could be prevented far more inexpensively and effectively. Like the antivirus software, user education is also equally important.

If the computer users would simply run in user mode then some types of viruses would not be able to spread. Due to the continual creation of new viruses, the dictionary approach to detecting viruses is often insufficient. It requires an unpacking engine to detect these viruses. But there are many programs that do not have such engines which make them unable to detect any kind of dangerous viruses considering all viruses to be dangerous.

There are many methods of packing malicious software’s which can make known viruses not being able to detect by the antivirus software’s.
Companies which sell antivirus software’s have a very good financial race when the public starts to panic with virus threats in the computer because that is when they can sell their antivirus and help the people to make their computers threat free.


by Enetfix (Pairsys, Inc.)


☻ Leave Comment Here ↓

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s