Definition

antivirus software (antivirus program)

This definition is part of our Essential Guide: Secure Web gateways, from evaluation to sealed deal

Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

Antivirus software, originally designed to detect and remove viruses from computers, can also protect against a wide variety of threats, including other types of malicious software, such as  keyloggers, browser hijackers, Trojan horses, worms, rootkits, spyware, adware, botnets and ransomware.

How antivirus software works

Antivirus software typically runs as a background process, scanning computers, servers or mobile devices to detect and restrict the spread of malware. Many antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.

Antivirus software usually performs these basic functions:

  • Scanning directories or specific files for known malicious patterns indicating the presence of malicious software;
  • Allowing users to schedule scans so they run automatically;
  • Allowing users to initiate new scans at any time; and
  • Removing any malicious software it detects. Some antivirus software programs do this automatically in the background, while others notify users of infections and ask them if they want to clean the files.

In order to scan systems comprehensively, antivirus software must generally be given privileged access to the entire system. This makes antivirus software itself a common target for attackers, and researchers have discovered remote code execution and other serious vulnerabilities in antivirus software products in recent years.

Types of antivirus programs

Antivirus software is distributed in a number of forms, including stand-alone antivirus scanners and internet security suites that offer antivirus protection, along with firewalls, privacy controls and other security protections.

Some antivirus software vendors offer basic versions of their products at no charge. These free versions generally offer basic antivirus and spyware protection, but more advanced features and protections are usually available only to paying customers.

While some operating systems are targeted more frequently by virus developers, antivirus software is available for most OSes:

  • Windows antivirus software. Most antivirus software vendors offer several levels of Windows products at different price points, starting with free versions offering only basic protection. Users must start scans and updates manually and typically free versions of antivirus software won't protect against links to malicious websites or malicious attachments in emails. Premium versions of antivirus software often include suites of endpoint security tools that may provide secure online storage, ad blockers and file encryption. Since 2004, Microsoft has been offering some kind of free antivirus software as part of the Windows operating system itself, generally under the name Windows Defender, though the software was mostly limited to detecting spyware prior to 2006.
  • macOS antivirus software. Although macOS viruses exist, they're less common than Windows viruses, so antivirus products for macOS are less standardized than those for Windows. There are a number of free and paid products  available, providing  on-demand tools to protect against potential malware threats through full-system malware scans and the ability to sift through specific email threads, attachments and various web activities.
  • Android antivirus software. Android is the world's most popular mobile operating system and is installed on more mobile devices than any other OS. Because most mobile malware targets Android, experts recommend all Android device users install antivirus software on their devices. Vendors offer a variety of basic free and paid premium versions of their Android antivirus software including anti-theft and remote-locating features. Some run automatic scans and actively try to stop malicious web pages and files from being opened or downloaded.

Virus detection techniques

Antivirus software uses a variety of virus detection techniques.

Originally, antivirus software depended on signature-based detection to flag malicious software. Antivirus programs depend on stored virus signatures -- unique strings of data that are characteristic of known malware. The antivirus software uses these signatures to identify when it encounters viruses that have already been identified and analyzed by security experts.

Signature-based malware cannot detect new malware, including variants of existing malware. Signature-based detection can only detect new viruses when the definition file is updated with information about the new virus. With the number of new malware signatures increasing at around 10 million per year as long ago as 2011, modern signature databases may contain hundreds of millions, or even billions, of entries, making antivirus software based solely on signatures impractical. However, signature-based detection does not usually produce false positive matches.

Heuristic-based detection uses an algorithm to compare the signatures of known viruses against potential threats. With heuristic-based detection, antivirus software can detect viruses that haven't been discovered yet, as well as already existing viruses that have been disguised or modified and released as new viruses. However, this method can also generate false-positive matches when antivirus software detects a program behaving similarly to a malicious program and incorrectly identifies it as a virus.

Antivirus software may also use behavior-based detection to analyze an object's behavior or potential behavior for suspicious activities and infers malicious intent based on those observations. For example, code that attempts to perform unauthorized or abnormal actions would indicate the object is malicious, or at least suspicious. Some examples of behaviors that potentially signal danger include modifying or deleting large numbers of files, monitoring keystrokes, changing settings of other programs and remotely connecting to computers.

This was last updated in August 2017

Continue Reading About antivirus software (antivirus program)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

7 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your long-term strategy for managing antivirus software deployment?
Cancel
Programs to detect and remove computer viruses designed to combat malware running in the background searches, detects and removes quarantines viruses and other dangerous malicious software or malware such as Trojans, worms and spyware that may infect a computer
Cancel
Defining antivirus software is fine, but the bigger discussion is whether it's important to have it at all. For the number of false positives I used to get vs. the real threats, it sometimes is a major time suck. A better strategy is to start at the beginning and make sure ANYTHING you load on your system is secure and approved.

Make IT directly responsible for any breaches. Then you'd have systems that were secure and sandboxed.

It's time we started working a little more thoughtfully and securely, not relying on software virus protection as the $49 solution to protect our entire enterprise.
Cancel
Kaspersky "Total Protection" is awful.

I've had it 24 hours, and tried to install FIlezilla, which now comes with malware that prevents you from using Google!!

I spent over an hour with 3 incompetent Kaspersky support techs on the phone, and they finally said to send them a log from one of their programs, and they'd get back to me in 24-48 hours.

UN-BE-LIEV-A-BLE.
Cancel
I always run anti-virus software. I have been in the IT field for 30+ years and have learned the hard way over the years. Even though I am extremely careful about what I download or connect to my computers, there is still a chance I can get infected. I have had maybe 1 notification of a virus in the last 2 years. With the free versions out there, better safe than sorry.
Cancel
I want to know the types of protections which a antivirus software can provide.
Cancel
@osmanmd : As mentioned earlier in the article 
"antivirus programs are useful for preventing infections caused by many types of malware, including wormsTrojan horsesrootkitsspywarekeyloggersransomware and adware " 
Each of the free antivirus products may cover many of these if you upgrade to a premium or full version you may get an additional one or two.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close