2. What is Anti Virus Software?
What are the ways do Anti Virus Software
combats viruses?
Today we are going to:
Learning intentions
3. Anti Virus Software
Antivirus software is a program or set of programs that are designed to
prevent, search for, detect, and remove software viruses, and other
malicious software.
Most computer systems come with an already installed anti-virus
software, but users have a choice from many free programs and some
commercial version, which cost money but have extra features.
Anti virus software detects malware by utilising a number of the
following techniques.
4. Memory Resident Monitoring
Some software sit consistently in memory and actively monitors the
system for viruses while the computer is running.
It regularly scans programs and files as they are opened.
This however can lower system performance as it places a lot of
demand on system resources especially the processor.
5. Heuristic Detection
This is a technique of applying previous experience to a problem.
Detecting malware using heuristics works by monitoring the behaviour
of programs for suspicious activity.
For example, if a program attempts to access the internet in the
background, or check the system clock. These actions that a virus
might perform and therefore, would arose suspicion. If enough
suspicious actions were detected from a particular program, a warning
would be given to the user.
6. Virus Signature Detection
Anti-Virus companies hold a database of known viruses which is
constantly being updated. When scanning the system, the anti-virus
software compares the patterns against the ones stored in the
database. This is called a virus signature.
If it finds a match then it will alert the user.
7. Checksum (Hash)
Virus often attach themselves to program files, so that when the
program is launched, the virus is launched along with it. To detect
changes in programs, each time a program is installed, the anti virus
software carries out a mathematical function on the raw binary data of
the program file, and get a resulting number which is called a hash or
a checksum. This is stored safely.
Each time the user order the program to start, the computer will carry
out the same calculation on the raw binary and compare it with the
original checksum. If it’s changed, the program has changed.