How an Antivirus works

The protection of a good antivirus application is essential to maintain the security of any computer system. That is why it is not superfluous to know how an antivirus works, what its functions are and also its limitations.

The antivirus software tries to cover the main forms of attack to your device, whether a computer or a smartphone, and not to count on some type of protection, knowing how an antivirus works, is a foolishness, since there are many threats that you can find surfing the Internet or copying files to your device.

Currently, it is possible to find good free or low-cost antivirus.

The antivirus must be updated frequently to ensure protection against the latest threats. Almost all antivirus can be configured to update automatically, being advisable that this option is enabled.

How an antivirus works

All antivirus programs act in the background, inspecting each file or page that is opened on the device where they are installed.

Antivirus software uses three methods to protect the system:

  • Analyze our files by comparing them to a database of software or malicious programs
  • Monitor computer files as they are opened or created to ensure they are not infected. This is real-time protection against viruses, which can affect system performance.
  • Periodically inspect the entire system to check for corrupt files and remove existing viruses if they may have entered your computer.

The antivirus compares each file on the hard disk with a dictionary of known viruses. If any piece of code in a hard disk file matches the known virus in the dictionary, the antivirus software takes action, performing one of the possible actions.

Antivirus functions

  • Repair the file. The antivirus tries to repair the infected file by removing the virus.
  • Quarantine it. The antivirus will try to provide protection against the virus, making the programs inaccessible to this file, preventing its propagation and execution.
  • Delete the file. The antivirus deletes the file. If it cannot be deleted from the file, it will always ask us first if we want to do this.
  • Analyze the behavior of system files. In this case the antivirus will track all the programs that are running on a system. For example, if a program tries to perform a suspicious activity, such as writing data into an executable program, the antivirus alerts the user of this fact and informs the user about the actions to be taken.

One of the advantages of analyzing suspicious behavior files is that it offers protection against new viruses for which no information is yet available and which are not part of the list of known viruses.

When a new virus is created, antivirus software companies analyze its characteristics, how to remove the virus (if possible) and update the database with this information to make the antivirus can detect new threats.

On the other hand, it is very common for this type of programs to incorporate other types of features that allow them to expand the security they offer, such as:

  • Firewalls. It acts as a barrier between the computer and the Internet. It serves to control who has access to the information stored on the computer and what information goes from it to the outside.
  • Analyze web addresses (URL’s). Allows you to check whether a web address links to a page containing a virus or whether it is safe.
  • Email protection. Scans incoming and outgoing emails for viruses. They usually include an anti-spam filter to prevent “junk mail” from getting into the inbox and an anti-phishing filter to detect attempts to impersonate trustworthy pages, banks, public administrations, prestigious companies, etc.
  • Antispyware. Able to detect and remove spyware, that is, those that are installed on the computer or device in a hidden way in order to know the user’s browsing habits, passwords and other data, which could then be transmitted to some unauthorized entity.
  • Anti pop-ups. Its main objective is to avoid the opening of annoying pop-up windows that may appear while surfing the Internet. In some of these windows can hide various spyware.
  • Backups. Back up the most important documents stored on your computer.

Antivirus Limitations

Antivirus programs, despite being constantly updated and offering more and more functionality, also have certain limitations when it comes to keeping your computer system safe.

Therefore, when selecting an antivirus you should keep in mind some of the tasks that basic antivirus do not perform:

  • They do not avoid Spam, which should be examined with specific Anti-Spam software.
  • They do not prevent direct hacker attacks on the system.
  • They do not prevent online criminal activities. Antivirus alone is not able to prevent these actions.

Despite its limitations, you should never stop the antivirus operation because it will leave your system more exposed to external attacks.

Similarly, if you don’t update your antivirus with the latest virus definitions available on the Internet, the software will become virtually useless, as it won’t be able to detect or remove the latest viruses.

Having an antivirus installed on your computer almost always means that your computer slows down a bit, that is to say that it runs slower than it should. This is mainly because antivirus software uses a lot of system resources.

A general rule in this sense is that the more functions the antivirus provides, the more resources such as RAM and CPU cycles it will use.