At present every computer user is facing problem of his system being affected by the malware programs. Malware is a term which collectively refers to malicious programs like virus, Trojans, worms and spyware programs. Once your computer has been affected an unauthorized person can track your personal works, modify the contents of your personal document and use your computer to attack other computers. Antivirus softwares are the programs which help in building a shield which protects your computer system from being affected by the malware programs. The antivirus programs detect and blocks the malware programs that tries to infect the system. Modern antivirus works by comparing files to a known set of virus signatures and behavior of the programs. These methodologies used by the modern antivirus for detecting harmful malware programs are as follows:
This method of working of the antivirus program resembles with the working of our immune system. Every antivirus program is provided with a dictionary which contains the signatures of currently known antivirus. Antivirus programs scan your computer for finding patterns for infections and digital disease causing programs. They check the resulted patterns against the patterns (signature) of known malware softwares available in their dictionary if any match is found an antivirus tries to neutralize it. This working procedure of the antivirus is totally dependent on its dictionary, i.e. it can protect only from what it recognizes as harmful. Thus, there exists a problem that new malware programs are developing day to day. In order to keep with these malware programs, antivirus needs to be updated. Your computer is vulnerable in the time period between the identification of new malware program and the updating of your antivirus dictionary. That’s why a new method of behavior analysis has been introduced in modern antivirus programs so that a computer system can be saved from new malware programs until antivirus dictionary got updated successfully.
This method is mainly based on the behavior of the unknown malware programs. When any program acts suspiciously that is trying to change the registry settings, changes to operating system updates, change antivirus protocol, change firewall settings etc a message is presented to the user to allow or deny the program to have access .Computer user always be aware of the software raising these exceptions. The advantage of this method is that it provides the protection against the newest malware programs which cannot trace using its dictionary. Along with this advantage there are also some disadvantages like generation of a large number of false warnings. This approach leaves the user in a state of confusion. The computer system may be unsure about what to allow or not allow and these iterative messages make him desensitized to all these warnings. Resulting in acceptance of every message and leaving his system open to attacks and infections. Due to these reasons the antivirus field is one of the main research areas for computer programmers.
This is used to detect the malware programs which results due to mutation or refinement of existing programs by the other attackers.
Real Time Scanning
This method is provided by modern antivirus to protect the infiltration of malware programs when data is loaded into computer active memory, i.e. during downloading, opening the email or browsing the web, etc. Thus the latest antivirus uses all these scanning methods to give your system the round the clock protection.