Information security is a never-ending game of cat and mouse. No two days look the same in the constantly evolving world of technology and digital security, with new threats coming and going all the time. Old and unsupported tech routinely gets targeted by cybercriminals, while new and unproven tech also introduces unique risks of its own. Moreover, every business and individual is a potential target, and cybercriminals are constantly stepping up their attacks against poorly prepared victims.
The first computer viruses started appearing in the 1980s, quickly driving specialized software designed to counter these threats. While today’s antivirus solutions are far more sophisticated than earlier ones, their primary function and purpose remain the same – to prevent, detect, and remove all the common types of malicious software. Antivirus software works by scanning your computer and incoming network traffic for malicious lines of code, the goal being to quarantine potential threats before they can do any damage.
In this guide, we’ll explore the various ways how antivirus software works to keep you safe.
As the name suggests, antivirus software was originally developed to protect against computer viruses. Computer viruses are characterized by their abilities to attach themselves to files of certain types and replicate, much like biological viruses. However, viruses are just one of many types of malware, and they’re not even nearly the most common.
Fortunately, most antivirus software now provides comprehensive protection against all types of malicious software. This includes things like browser hijackers, malicious browser plugins, keyloggers, ransomware, and trojan horses. If any known malicious code is detected on your computer or network, the antivirus software should intervene.
That said, it’s important to remember that many cyberattacks don’t involve malicious software at all. Hence, it’s vital to protect against things like online identity theft, spam email, and social engineering attacks. Another increasingly common threat is fileless attacks, which can often evade most antivirus software because they exclusively exploit legitimate files in your operating system, effectively turning it against itself.
Many paid antivirus solutions offer some protection against these sorts of threats, but this shouldn’t be taken for granted. The best antivirus software should protect against most threats of the following categories:
While proactive, real-time protection is essential for defending your computer and network, it may sometimes be necessary to run a manual scan or schedule one to run later. A manual scan should pick up any malicious code that it may have missed before due to the virus definition database being updated. It’s also a good idea to launch a manual scan if you have just updated your antivirus software or installed a new antivirus product for the first time.
There are various types of manual scans. The quickest ones only scan certain filetypes, such as executable (.EXE) files, which are more likely to contain malicious code. Others might only scan files that are currently open or those that have recently been modified. However, the most comprehensive method is a full system scan, which can be especially useful if there is already an infection on the computer. Full system scans can take a long time though, so it’s usually best to schedule them to run when you’re not using the computer.
Real-time protection is the pillar of any comprehensive antivirus software since it aims to prevent your computer from becoming infected in the first place. The best antivirus solutions constantly scan all incoming traffic in the background to detect potentially malicious programs or lines of code. If it detects something, it will quarantine the threat and send you an alert. For example, if you’re visiting a website that tries to install a malicious browser plugin, the antivirus software should prevent it from happening. Real-time protection should also kick in when you attempt to download a file or email attachment or connect an external storage device.
Both manual scanning and real-time protection rely on something called a malware definition database. This is a comprehensive library of known malware signatures that effectively tells the antivirus software what to look out for when scanning your computer or network activity. Most internet security systems automatically update these databases daily or even every hour.
That said, regardless of how quick definition updates come through, new malware that hasn’t been seen before appears all the time. In other words, conventional antivirus works somewhat like a vaccine in that it doesn’t work until someone has already been infected or a cybersecurity professional has discovered the threat first.
This is also why any comprehensive antivirus suite will also support heuristic scanning, which looks for suspicious behavior rather than known malware signatures alone. This allows it to catch threats that haven’t yet made it into the virus definition databases. For example, suppose your antivirus notices a program running on your system trying to open an unrelated executable file on your computer. In that case, it might detect the offending file as a new potential virus.
Any decent antivirus software will act if it detects any suspicious files or code. This should happen before the malware ends up on your device. This is particularly important since some malware is designed to deliberately disable your defenses and proliferate very quickly. For example, ransomware must be stopped immediately before it causes severe damage to your computer.
A common way to neutralize any detected threats is to ruthlessly delete the offending files so that there’s no trace of them anywhere on your device. However, there is no such thing as a perfect antivirus solution, and even the best programs may yield occasional false positives. This is especially likely to be the case with heuristic scanning.
Antivirus quarantine typically comes into play in these cases. Rather than being deleted, a quarantined file is placed in a special folder where it cannot interact with anything else on your computer. This gives you a chance to review the file in question manually and, if no infection is discovered, put it back into service. Some software automatically deletes quarantined files after a certain amount of time has passed.
Different antivirus programs offer different levels of detection and prevention, but none of them protect against every possible malware threat out there. The most effective solutions provide multiple layers of defense – specifically real-time protection and heuristic scanning.
Every computer should have antivirus software installed. While the basic offering included in Windows is good enough for most casual users, opting for a paid platform can offer much better protection. For example, Bitdefender, Kaspersky, and Norton all scored 100% in recent tests by the Independent IT-Security Institute.
Even then, none of these solutions are bullet-proof. After all, most cybercriminals rely on social engineering tactics to manipulate their targets into taking the desired action. Ironically, this might even involve compelling a would-be victim to disable their antivirus software to receive a malicious payload.
Because of the overwhelming human element to information security, the most important thing is staying vigilant and not taking technical defense measures for granted.