How Antivirus Programs Work to Protect Your Computer
by Robert McNicholas on May, 25 2017
Last week we talked about what makes a firewall an effective guard against computer problems. This week, we’ll discuss the antivirus component of a good Internet security program. How does an antivirus program work? What options are available, and which type of antivirus program (also called an AV) is good for you?
Basically, any antivirus program will protect your computer against all kinds of malware. We’re talking about more than just viruses (unwanted, harmful programs).
Spyware (programs that track your activity and send data to another computer), Trojans (malicious programs designed to look harmless), rootkits (applications that hide viruses and allow them to access the innermost parts of your PC), and ransomware (programs that require you to pay a “ransom” to get your computer back to working order) are all on the antivirus version of the no-fly list. Other programs, like adware, are flagged as untrustworthy even if they’re not actively harmful. Your antivirus may see them as a nuisance and treat them accordingly.
True or False: You Only Need AV for WindowsThis would be false. Although Windows is the most popular operating system—and thus a large, juicy target for cyber criminals—it’s not the only one. While the majority of viruses are written for Windows and Windows-based programs, like MS Office, all operating systems can “catch” a virus. Mac and Linux users should have AV protection too.Are antivirus apps 100% effective? No, but they’re pretty good. Most stop at least 90% of the malware they encounter. Whatever isn’t immediately detected is often (but not always) removed during a scan. Especially stubborn viruses can be removed with a super-duty program, like Norton’s Power Eraser. If that fails, virus-specific removal programs may need to be used. As a last resort, IT professionals can be called in to wipe a computer clean.An antivirus program has three ways of keeping your PC in working order: by constant background monitoring, by scanning your system, and by segregating, quarantining, or removing certain programs.
How Your Antivirus Scans Your ComputerYour AV has a couple different ways of scanning your computer. Traditional AV programs, like Norton, keep a comprehensive database of virus signatures and compare suspect files against it. (A virus signature or definition is a set of characteristics in the program’s code that matches up to a known virus.) They may also keep a list of safe or reputable files that are allowed without scanning. These types of programs need to be regularly updated to be effective, but they don’t need an active Internet connection to scan.Another type of scanning is known as heuristics. This is used to block relatively new viruses and other types of malware. Heuristic scans look at the behavior of programs. If they start some type of questionable activity, like opening a lot of outside connections from your computer, the antivirus will either let you know or stop the suspect program.There are two main types of antivirus programs—traditional and cloud-based. Both function in very similar ways, but cloud-based programs (like Webroot and Panda) rely on a constant connection to an online database. Unlike traditional programs, these don’t slow your computer down much, and they don’t need to download regular updates.
Prevention vs. Cure, or How to Stop A Problem Before It StartsYour antivirus would rather stop a malicious program before it starts than clean up the aftermath. To that end, most AV programs will constantly scan in the background, looking for questionable activity. They may also examine new files as you run or download them, or they may scan your computer when it starts up.You can also have your antivirus scan your PC on demand. It’s a good idea to run a full scan weekly, even if your computer is monitored 24/7 by your AV. For the most part, this is just an extra precaution, but better safe than sorry.Some antivirus programs use a technique called sandboxing when a new program first runs. Basically, the program is not allowed to communicate with the core of your computer or with other programs. This allows the AV to decide if a program is safe before it does any major damage to your system.
How Your Antivirus Cleans Your ComputerShould your antivirus notice a problem, it will do one of three things:
- It will quarantine the file(s)—keep the file in your computer, but forbid it to access any other programs or data. The file’s name may also be altered so that other malicious programs can’t find it.
- It will sandbox the file(s)—isolate the file, as described above, to prevent any further access to other areas of your computer.
- Delete the file(s).