Heuristics
Antivirus software
identifies, prevents, and removes malware from a
computer system. Malware is any number of viruses and software
bits that intend to harm the computer or steal information, such
as viruses, adware, rootkits, backdoors, hijackers, keyloggers,
spyware, trojans, and worms. Modern antivirus software employs
several methods to detect and remove malware. However, no
antivirus software can detect and prevent all possible malware.
Kinds of Antivirus Software
Signature Based Detection
Nearly all antivirus software uses signature-based
detection as part of its virus detection process. Each virus has a
digital signature; a code that causes the virus to perform the
functions it was designed to perform. On a regular schedule, or at
the user's instruction, antivirus software downloads an updated
database of known virus signatures. The antivirus software can
then scan each file on the computer's hardware and memory and
compare the entire file, as well as small sections of each file,
against the virus signature database.This method is very effective
against preventing infection from known viruses. However, it
cannot identify new viruses that are not located in its database.
Additionally, virus authors have begun writing oligomorphic,
polymorphic, and metamorphic viruses, which contain algorithms
to randomly encrypt or alter part of their own code. This provides
the virus an effective disguise by changing its virus signature.
To help protect computers against new and unknown
malware, heuristic detection algorithms were created. Heuristic
methods allow antivirus software to detect variants of existing
malware and new, never before seen malware. Heuristics use virus
signature databases to find viruses, but do not require an exact
match to identify a virus. Heuristic detection algorithms scan files
for random combinations of signatures to detect malware.
Rootkit Detection
Rootkits are a particularly nasty form of malware. This
type of malware is stealthy and evades standard signature-based
and heuristic detection methods. Rootkits can alter the operating
system of a computer to change how it works and even alter
antivirus software itself to make it inoperable. In some extreme
cases, rootkits can destroy an operating system, making it
completely unrecoverable. This requires a complete system
reinstallation and usually results in a total loss of data. Top of
the line antivirus software often has the ability to scan for
rootkits, but with limited success.
Real Time Protection
Most antivirus software provides real-time protection,
often under any number of clever synonyms such as resident
shield, background guard, autoprotect, and so on. The real-time
protection feature of these antivirus programs monitors all
activity in a computer for processes and activities that appear
suspicious. This is done at all load and read times; any time a file
is accessed, loaded, or downloaded. This feature helps protect
against malware that has made it onto the computer system but
has not yet been activated.