What is Anti-Virus Software?

What is Anti-Virus Software?

Anti-virus software, also referred to as antivirus or simply AV, is a computer program, or collection of programs working together, designed to constantly monitor a computer system and detect and prevent malicious computer programs entering and running on the system. Anti-virus software is also used to remove, or disinfect, malicious or intrusive computer programs that are already present on a computer.

Anti-virus software is efficient at detecting known threats that have been analysed and can sometimes detect unknown threats based on the behaviour of new and potentially malicious software. However, due to the nature of the threat and the constant stream of malicious software produced on a daily basis, protection is never 100% guaranteed.

It is essential to keep antivirus software updated to deal with new threats as they emerge. The anti-virus vendors release updates at least on a daily basis and most anti-virus software is designed to automatically update without human intervention. Failure to update gradually reduces the effectiveness of anti-virus software and the protection it affords.

Different Types of Anti-Virus Software

Antivirus software ranges from free and open source, to expensive and specialised. There are variants for different operating systems such as Windows, Mac OS, Linux and mobile platforms. Some products are simple and offer basic file scanning services, others are collections of programs that defend against a wide variety of threat types and also help secure outgoing data such as form submissions, credit card information and other personal data.

The better packages will detect against a range of malicious programs, or malware, including computer worms and viruses, trojans, rootkits, ransomeware, spyware and other privacy invading software, unwanted advertising spam and browser hijackers. They monitor incoming and outgoing email and email attachments. They also install firewalls that check incoming and outgoing Internet and network traffic and allow or deny that traffic based on customisable rule sets. Some offer secure data input services, parental controls, data encryption and other security related tools such as secure password generators or lists of web sites that have been reported for suspicious activity.

Premium anti-virus software monitors a system in real time and detects and deals with threats as they occur. Free or cheaper products may require the user to manually initiate file scans, by which time infections may have already occurred.

For the typical home user, a good anti-virus and security package purchased from one of the key vendors will cost between $20 and $50 per year per computer and provides a year of free updates. Most vendors offer discounts for multi-computer and mobile device protection. Free products tend to offer less in terms of security add-ons, but there are decent products available that provide the critical basics at not cost. Often free products are limited, or “lite”, versions of a more capable premium product. Paid products tend to offer better technical support and wider or 24/7 coverage.

Other forms of anti-virus software might not be installed on the computer and are instead installed as a filter on a network, possibly maintained by an Internet service provider or other third party. These systems scan Internet traffic before it ever reaches your computer, or blocks traffic send from your computer if it is infected or compromised. Major email service providers, such as Gmail and Microsoft, scan all incoming and outgoing mail in this way. However, these systems should be viewed as an additional layer of security and a good anti-virus package should still be maintained on the local system.

How Does a Computer Virus Work and How Does Anti-Virus Software Prevent It?

Computer viruses and other malware do most damage when they are able to spread from computer to computer and across a network. The terminology used in the antivirus industry mirrors that used in the medical profession – virus, infection, outbreaks, disinfection, immunisation, quarantine. It’s a useful analogy. Computer viruses, like biological viruses, are built to spread from host to host. They tend to damage when they infect the host, or they open up the host to other forms of infection. Anti-virus software is like an immunisation shot for a computer. Once installed it prevents a computer being infected and then transmitting that infection.

Computer viruses and malware spread and do damage using malicious code embedded in their programs. Sometimes they can masquerade as benign software. In the main these malicious programs exist as computer files that are stored to a hard drive or loaded into computer memory. The key to activating a virus is opening the infected file in which the virus is contained, or allowing infected data transmitted over the Internet to be stored in the computer memory or to the hand drive. Once that happens, and if unchecked, the malicious computer code executes its instructions (or payload) and performs whatever malicious actions it has been designed to achieve.

Examples of malicious activity include:

  • Deleting data files;
  • Encrypting files and demanding payment to unlock them (ransomware);
  • Causing unwanted advertising to display in web browsers;
  • Scanning the computer for confidential information and transmitting it to third parties;
  • Opening a connection on the computer to allow security to be bypassed or other malware to enter the system;
  • Stealing contact lists and sending spam to recipients in that list;
  • Hijacking computer resources to be used in a coordinated attack against other computer systems;
  • Defacing or manipulating web sites;
  • Redirecting web and network traffic from the intended destination to elsewhere, usually a spam web site or site that distributes additional malware.

Anti-virus companies are on constant watch for these types of activities and the damage they cause. They analyse the malicious computer programs and they way they work and then produce “signatures” that identify the malware in a unique manner, perhaps by sections of the program code itself, lists of files that are targeted by the malware, sequences of events that are triggered when the malware runs, or a combination of all these and other factors. These signatures are like a fingerprint for the particular malware program.

Anti-virus software monitors a computer system by filtering all incoming and outgoing traffic, scanning existing files on the computer and tracking the operation of running computer programs to detect instances of virus and malware signatures. When these signatures are detected the antivirus package will block the traffic entering or leaving the system, or prevent a file being saved to the hard drive, or prevent an email attachment being opened.

Infected files are often saved to a special location on the hard drive that is locked by the anti-virus software to prevent files stored there from being run. This is known as placing a file in quarantine. The anti-virus software will try to repair the file and remove the malicious code, returning the file to a safe state. This is termed as disinfection. If disinfection cannot be performed the file will either remain locked in quarantine or will be deleted, usually the software leaves it to the user to decide which course of action to take. Regardless, the file has been prevented from opening, the virus has not been triggered and the infection cannot spread. This is the main and most important function of antivirus software.

The problem with signature based scanning arises when new viruses are released. If the virus is new and hasn’t been seen by the anti-virus vendors then no signature exists to detect. So brand new viruses and malware will not be detected and will pass right through a supposedly protected system. Anti-virus companies tend to react very quickly when new threats emerge, but there will always be at least some delay between discovery and prevention and many users do not update their anti-virus packages automatically so a new virus can spread very quickly in the first few hours or even days after release. This is known as an outbreak. The first day of an outbreak is termed “Day Zero”, the day on which most infections are likely to occur as there is no immediate protection available.

In recent years, anti-virus software has become more sophisticated, in line with an increase in sophistication of malware, and has added additional detection methods and techniques to traditional signature scanning. A vast knowledge base of previous threats and analysis of countless lines of computer code has helped in developing advanced systems that can scan files and behaviour and detect similarities with the behaviour of already know malware. This is called heuristic detection and allows anti-virus packages to detect new viruses and malware that has not been officially analysed. This type of detection is not foolproof. By its nature it is less reliable than signature detection and it can also throw false positives where legitimate activity is flagged as suspicious. But it does add to the anti-virus arsenal and gives a degree of protection against new and emerging threats.

Advanced behavioural detection is now also used to monitor activity on the system in an effort to detect operations that are suspicious or abnormal and then relate those activities to a potential threat or unwanted program. Examples include watching for programs that do not required elevated system privileges nevertheless trying to access protected resources, or programs that try to mass delete files, or programs that send traffic to known suspicious locations.

The Future of Anti-Virus

Taking the various protection techniques together, the anti-virus vendors do a very good job of detecting most threats and preventing the spread of those threats. Detection levels in the high 90% range are not uncommon and the additional set of security and protection tools that are provided with the better packages can prevent damage even when threats get through.

Modern anti-virus and security suites are an essential requirement for any computer connected to a network or the Internet. However, the operating system vendors are starting to build advanced detection and protection features directly into the operating systems themselves, potentially bypassing the need for a third party package. Whether Microsoft, Apple and the other OS vendors can do as good a job as the long established anti-virus vendors remains to be seen. Regardless of whether protection is build right into the operating system or provided by a third party, it will always be necessary to monitor computer systems against malicious activity.

Anti-virus is one weapon in the security battle. Common sense computing, being vigilant and keeping regular backups of all your vital data all supplement and are just as important as a good antivirus package.

Most Popular Anti-Virus Providers

The following list is far from exhaustive, there are many anti-virus and cybersecurity vendors and packages available. But it does include most of the well known and reputable providers of personal and home computer anti-virus products.

Related Links

photo credit: Christoph Scholz Hacker am PC-Arbeitsplatz, Password mit Lupe, rot via photopin (license)

Katie Wright

I've been with My Fast PC for over a year now and I love it here. I try to find the most interesting and useful topics to write about for our customers and readers. Let me know if there is any topic that you want to hear about. @KatieWright1993