Home :: Tips and Tricks :: Antivirus Software

Antivirus Software

Q: What is Antivirus Software and why do I need it?

A: Antivirus software is a computer program that attempts to identify, block and eliminate computer viruses and other malicious software. Antivirus software typically uses two different techniques to accomplish this:

  • Examining (scanning) files to look for known viruses matching definitions in a virus dictionary.
  • Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.

Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Q: How Do I know if I have a virus?

A: The reality is that you may not know until your computer drastically looses performance. Many viruses are designed to be completely invisible to the user. There are many applications that can help you determine if you are infected. Along with a good antivirus application you should be aware of Spyware/Malware.

Q: How Do antivirus applications work?

A: There are many good ways to detect viruses; however none of them are %100 reliable.

Most use a database maintained by the antivirus company that contains patterns that can be recognized on your computer.

Another method is a heuristic approach:

Some antivirus-software uses types of heuristic analysis. For example, it could try to emulate the beginning of the code of each new Executable Program (EP) that the system invokes before transferring control to that program. If the program seems to use self-modifying code or otherwise appears as a virus (if it immediately tries to find other EP's, for example), one could assume that a virus has infected the program. However, this method could result in a lot of false positives.

Yet another detection method involves using a sandbox. A sandbox emulates the operating system and runs the EP in this simulation. After the program has terminated, software analyzes the sandbox for any changes which might indicate a virus. Because of performance issues, this type of detection normally only takes place during on-demand scans like incoming emails. Also this method may fail as viruses can be disguised and result in different actions or no actions at all when run - so it will be impossible to detect it from the first run.

Q: If I install 2 antivirus applications will I be safer than one?

A: The short and dirty is probably not. Two different antivirus softwares may interfer with each other degrading the performance of you computer.

Q: What are my choices for antiviruses?

A: There are many applications that work quite well. However some will use more system resources than others and it really is just finding the happy medium of protection vs. performance.

Note: Noblenetworks recommends Avast!

By Chris Wilkinson © 2008