Antivirus software are used to identify and isolate and remove viruses and other malware threats. To do so the software uses several methods to detect viruses including the virus dictionary, sandbox and heurist methods. Of course virus protection is most effective when the antivirus software and virus definitions are kept up-to-date.
To remain relevant and effective, antivirus programs must be robust enough to detect, quarantine, clean and remove a number of different types of viruses, including new threats. As time passes, the number and complexity of malware threats will increase, but in generally, the methods that are used to detect viruses seem destined to remain the same.
Detecting Known Viruses – The Dictionary Approach
This virus detection method works by searching files to see if they contain a signature or code that belongs to a documented computer virus. Typically the antivirus software will examine every file that is opened, created, modified, closed or emailed to see whether it contains a computer security threat. Antivirus software usually cross-reference the contents of files with the virus definition database on an ongoing basis but a more comprehensive check can be done by scheduling a full system scan as well.
If a program or file becomes suspect, the antivirus software will attempt to remove the virus by cleaning the infected file, quarantining or deleting the said file.
The dictionary method is only effective so long as the virus definition files, that it depends, are kept up-to-date. The dictionary method is usually ineffectively against new viruses until the virus definition file is updated. This method is also less effective against “polymorphic viruses” (self-modifying viruses) that constantly encrypt or cloak themselves to avoid detection.
Detecting Unknown and New Viruses
Antivirus software can also detect computer viruses by using a method called the heuristic analysis (suspicious behavior approach). This method monitors a computer for suspicious activities such as a program suddenly trying to modify computer settings or a file. Therefore, the suspicious behavior approach is able to protect computers against new viruses that are not yet included in virus dictionaries, even though they sometimes give a large number of false alarms.
Other Ways to Detect Viruses
Another virus detection method is the sandbox approach. It works by emulating the operating system and allows executables to run in a simulated mode. The antivirus software then monitors the executable to see if it starts to act like a virus, such as trying to run self-modifying code. Typically this method is used when it is specifically requested, such as when a full scan is being done, because of its negative impact on performance.
The Best Virus Detection Method
By and large, the most reliable method to detect viruses is the dictionary method. However, for antivirus programs remain effective, antivirus companies have to employ ways and means to updates their virus definition files quickly, including sharing information with their competitors.
According to Wally Wang, in his book “ Steal this computer book4.0: what they won’t tell you about the internet,” antivirus companies find it necessary to share information they have about new programs with their competitors because it is impossible for any one company to compile a comprehensive database on all viruses in existence, especially the new ones.
Since no antivirus software can detect all the threats that exist, Wang also argues that “the best antivirus software is simply the one that you like and find most convenient to use.”
Typically anti-virus software use a combination of the dictionary, heuristic and sandbox approaches to detect and remove viruses. The dictionary method is regarded as being quite reliable in removing known viruses, but falls short in detecting new security threats. To deal with new virus, heuristic and sandbox simulation methods are sometimes used, even though they tend to give false alarms at times.
The best virus detection method will depend, to some extent, on the kind of threat it has to deal with, but based on how dynamic viruses have become, and the fact that one never knows what new security threat will come next, there is no one method that can be said to be perfect for detecting and removing all types of computer viruses.
Sources:
- Holzman, Carey. “The healthy PC: preventive care and home remedies for your computer.” McGraw-Hill Professional, 2003: 26
- Wang, Wally. “Steal this computer book 4.0: what they won't tell you about the Internet.”4th ed. No Starch Press, 2006: 52-56
Steve McFarlane - I am a professional freelance writer who is passionate about bringing quality and relevant content to my audience of readers. I strive to ...
Join the Conversation