Antivirus software

Antivirus software is designed to prevent, detect and destroy computer viruses. The methods of detecting and treating infected files may vary. In any case, when an infection of a file is detected, the antivirus tries to remove the malicious code from it and, if this is impossible, deletes the file completely.

Types of antivirus software

• Scanners. Once started, they scan the file system and RAM (RAM) of the PC and neutralize any viruses found.
• Monitors (watchdogs). Monitor the processes running on the computer in real time.
• Polyphages. The most effective, universal solutions. Scan running files and boot sectors of hard disks for new viruses.
• Blockers. Can detect a computer virus at an early stage of PC infection (when it is written to the boot sector of the hard disk).
• Auditors. Create a database of information about file parameters and control their changes. Cannot find viruses in new files because they have no data about them in their database.

Blockers are often part of the BIOS (Basic Input-Output system, which is stored on the motherboard chip). Polyfags are the most “heavy”, they occupy a lot of disk space and “eat” a large amount of RAM.

Varieties of defenses

Depending on the type of threat (known or unknown to a particular software), an antivirus can implement proactive or reactive protection:

• Proactive protection (heuristics). Protection against unknown viruses based on the study of code and program behavior typical of malware. This type of defense shows the best result when fighting modified viruses. Data about already existing threats is taken as a basis.Heuristics in the antivirus context is a set of rules that are used to detect the actions of malicious programs without the need to identify a specific threat.
• Reactive defense (virus signature). Protection against already known viruses based on information about the code and other features of the malware. To be as effective as possible, such antiviruses must constantly update their virus signature databases.Protection based on virus signatures involves referring to a dictionary of already known viruses that have been compiled by antivirus software developers.

The main disadvantage of proactive protection is the so-called “false positives”, frequent blocking of uninfected software. The disadvantage of reactive defense is the inability to defend against new threats. Modern antivirus software uses both proactive and reactive protection.

Once an antivirus detects a malicious code, it can perform the following actions (depending on the user’s settings):

• Attempt to “cure” the infected file by removing the malicious code from it.
• Quarantine the infected file. Relevant for files that are valuable to the user. While in quarantine, the infected file will not be able to harm the PC; later it can be cured by yourself or with the help of third-party specialists.
• Delete the infected file. If the code cannot be fixed, the file can be irrevocably deleted from the hard disk.
• Do not perform any actions. If it is suspected that the file was marked as “malicious” by mistake, you can add the file to the antivirus exclusion list.

Full-fledged antivirus software protects your computer in real time all the time. That is, antivirus is loaded together with the OS, always keeps under control the RAM and file system of the PC, and monitors all running and downloaded programs. Antivirus software significantly reduces the risk of losing valuable data and prevents malware from entering your PC.