Viruses, worms and Trojan horses are all examples of malicious software, or Malware for short. Special so-called anti-malware tools are used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worms, trojan horses, spyware and adware. Virus protection software is packaged with most computers and can counter most virus threats if the software is regularly updated and correctly maintained, otherwise it will fail to give protection against new viruses.
The anti-virus industry relies on a vast network of users to provide early warnings of new viruses, so that antidotes can be developed and distributed quickly. With thousands of new viruses being generated every month, it is essential that the virus database is kept up to date. The virus database is the record held by the anti-virus package that helps it to identify known viruses when they attempt to strike. Reputable antivirus software vendors will publish the latest antidotes on their Web sites, and the software can prompt users to periodically collect new data. Network security policy should stipulate that all computers on the network are kept up to date and, ideally, are all protected by the same anti-virus package —if only to keep maintenance and update costs to a minimum. It is also essential to update the software itself on a regular basis. Virus authors often make getting past the anti-virus packages their first priority.
No matter how useful antivirus software is, it can sometimes have drawbacks. Antivirus software can impair the performance of a computer. Inexperienced users may also have trouble understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach.
Eradicating a virus is the term used for cleaning out a computer. There are several methods of eradication: removing the code in the infected file which corresponds to the virus; removing the infected file or quarantining the infected file, which involves moving it to a location where it cannot be run.
A variety of strategies are typically employed.
Signature-based detection involves searching for known patterns of data within executable code. Viruses reproduce by infecting "host applications," meaning that they copy a portion of executable code into an existing program. So to ensure that they work as planned, viruses are programmed to not infect the same file multiple times. To do so, they include a series of bytes in the infected application to check if it has already been infected- this is called a virus signature. Antivirus programs rely on this signature, which is unique to each virus, in order to detect them. This method is called signature based detection, the oldest method used by antivirus software.
However, this method cannot detect viruses which have not been archived by the publishers of the antivirus software. Moreover, virus programmers have often given them camouflage features, making their signature hard to detect, if not undetectable. To counter such threats, heuristics detection approach can be used.
One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses by looking for known malicious code, or slight variations of such code, in files. The heuristic method involves analysing the behaviour of applications in order to detect activity similar to that of a known virus.
This kind of antivirus program can therefore detect viruses even when the antivirus database has not been updated.
On the other hand, they are prone to triggering false alarms.