How Anti-Virus Softwares work
Anti Virus Software Working
Many of you reading this article already (may) possess an Anti-Virus (AV) Software , but may also be curious as to how it works.
Here is a brief and simple explanation to the mechanisms that your AV uses inorder to protect you.
Out of the many AV that exists many of them use these common mechanisms to fish out Spywares , viruses , etc.
- Signature based Detection
This mechanism requires the presence of an extensive and up-to-date database on popular viruses observed. The AV compares the signature of a program from its database and checks if a particular sequence matches that of Virus.Its like searching of a particular part of the code as used by a virus.
Many Scipt kiddies simply embed the virus and call upon it as per some action performed by the user , it simply disguises it from the user.
So most of the virus are caught in this manner , but an update AV is needed.
Although useful , it cannot solve all problems the Zero Day Attack or highly complex viruses like Stuxnet are examples that such mechanism dont always work.
- Heuristic based Detection
The AV will analyse the behaviour of a program and then determine whether it is malicious or not.
The program is run in a virtual environment and its every action is logged . This way it determines whether to warn the user or not.
Although an effective technique , it has a predetermined criteria of tests it conducts , anyone with this knowledge can program improved viruses to circumvent the tests.
Keyloggers for example are detected by their behaviour and hence newer ones are difficult to detect while older one are easily caught by an updated AV.
But , even the best AV can’t save you from a defect they don’t anticipate , a Zero Day Attack will exploit a vulnerability yet not anticipated.
Then we are….