advice on the internet
Search our site:
How Antivirus Protects
Antivirus programs and Internet security suites can use the following methods to detect and block malware:
URL blockers
The security program installs an add-in to browsers which checks websites to be visited against a blacklist of known bad sites. If the site the user is intending to visit is blacklisted, the add-in will block the site, thus preventing any possible infection. URL blockers can consult the manufacturer's server in real time in order to obtain the very latest data on dangerous websites, and so can react very fast to new infected sites.
Signatures
This is the oldest method employed by antivirus programs. Signatures are very brief descriptions of known malicious programs, which allow the antivirus software to identify any known-bad programs it encounters. Signatures can be individual, relating to only one specific malware program, or generic, effectively describing a number of similar variants. Signatures represent a slow method of identifying newly emerging malware. When a new threat is identified by an antivirus manufacturer, a signature describing it has to be written and tested, and then made available on the company's server for download by the programs on individual users' PCs. Some time may pass between a threat appearing and its signature being downloaded onto your PC. Some infected websites are designed to foil signature-based detection by creating a slightly different version of the malware for every visitor to the website, meaning no precise signature can ever be produced for the threat. However, signature-based recognition is still an important part of virus protection, and so it is still very important to keep the signatures of your antivirus program up to date.
Heuristics
Heuristics is a means of identifying malware on the basis of suspicion rather than a list of known offenders. Heuristics looks for suspicious elements in program code, which are likely to represent malicious activity. It is an important protection factor, especially with regard to brand-new threats for which the antivirus program does not have signatures.
Behavioural detection
Behavioural detection involves monitoring the behaviour of a program when it executes and warning or terminating the program if it does something suspicious. It may use a whitelist, i.e. list of known good programs which can be trusted, and do not need to be monitored. Behavioural detection is important in preventing new threats, as it does not rely on any type of signature or even code analysis. It is a relatively new feature not yet found in all antivirus programs or security suites.
