What is Antivirus Software + How It Works

Computer viruses have been around since the earliest days of personal computing in the 1970s.  However, it wasn't until the late 1980s and early 1990s (coincidentally, the time period during which the World Wide Web and commercial Internet were being developed) that computer viruses became more numerous and easy-to-spread, to the point where a whole industry dedicated to stopping them was created.

Several organizations and companies were set up to study computer viruses and how they behave.  They found that, like other computer programs, viruses have a set of predictable elements and behaviours that give them away.  Based on this information, numerous counter-programs were created to identify, block, isolate, and delete computer virus programs.  These counter-programs are collectively known as antivirus software

Over time, antivirus software has advanced to the point where many forms of it can handle not only computer viruses, but also spyware and other malicious programs, including some hacking tricks.  You may hear this new class of antivirus software referred to as "antimalware", but it basically serves the same function.  For the sake of simplicity, throughout these tutorials, we will refer to antivirus and antimalware programs collectively as "antivirus software" (since most modern antivirus software contains both types of programs).

As you will read in our upcoming Best Antivirus Software article, some of the most popular solutions include:

How does antivirus software work?

(NOTE: this information about how antivirus software finds and deletes viruses and other malicious programs is somewhat technical in nature.  We largely put it here just for interest's sake, so don't worry if it doesn't completely make sense to you.)

Antivirus software is generally able to identify and block, isolate, repair, and/or delete virus-infected files using three different detection methods: signature, heuristic, and behavioural.

  • Signature detection involves studying the "digital signature" of a computer virus.  This refers to a part of computer code that uniquely identifies a computer element (such as a program, message, or document).  It's often used in more legitimate online transactions to ensure a user that a message, program, or document has been sent from a trusted person with their consent, and has not been tampered with along the way.  However, many computer viruses use these signatures, too.   This means that antivirus software can check an incoming program's signature against its list of known virus signatures to know if a program contains a virus, and take appropriate action based on the result.

  • Heuristic detection involves a sort of "shortcut" whereby antivirus software will look for certain patterns of code within a computer program and try to match it to patterns of code found in certain computer viruses.  It is often used as a supplement to signature-based detection, which may have trouble detecting new modifications of existing computer viruses.  Heuristic detection may be able to catch these variant viruses by detecting code patterns found in their related "families" of computer viruses, even if the full digital signatures of these variant viruses aren't on the books yet.

  • Behavioural detection involves studying a program's behaviour after it runs to see if it's doing anything bad or not.  For example, a common thing that computer virus programs will do when they are run is copy themselves.  Unfortunately, this style of detection usually means that a program, if it is a virus, will have already caused some damage before it is identified as a virus and neutralized.

    However, there are some advanced behavioural antivirus techniques being developed that will be able to determine whether a program does anything bad by looking at patterns of code within the program itself.  This means that antivirus software won't need a virus program to run in order to know that it's malicious, and it won't need to match external clues like digital signatures in order to know that a program contains a virus.

Well, now that you know a bit about what antivirus programs are, where they came from, and how they work to keep your computer safe, it's time to pick the one that's right for you!

Mark_complete_lg

Mark_complete_sm Back_to_course Go to Internet 101 Courses

More Introduction to Internet Safety Tutorials

See all 17 Introduction to Internet Safety tutorials

Did you learn what you wanted to?

Was something in this tutorial missing, confusing, or out of date? Or did it give you all the information you needed, and you just want to say "thanks"? We'd love to hear what you thought!