Friday, 25 October 2013

How Does Computer Anti-virus Software Work?




A computer anti-virus is a computer program that protecting you in real time not just from viruses, but Trojans, root kits, and all other forms of malicious software (malware). It detect virus and infected files and try to remove, repair or quarantine them.Now how computer anti-virus software does works?Normally computer anti-virus software uses two different techniques to accomplish this:    (1) Scanning files to investigate for known viruses by means of a virus dictionary (Virus dictionary approach)   (2) Identifying suspicious behavior (Suspicious behavior approachNearly all commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.Virus dictionary approachIn the virus dictionary approach, when the anti-virus software scans a file, it refers to a dictionary of known viruses that have been identified by the developer of the anti-virus software.To be successful in the medium and long term, the virus dictionary approach needs periodical online virus dictionary updating, to identify new viruses and protect your computer from them.Dictionary-based anti-virus software typically scans files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.Suspicious behavior approachThis approach, doesn't scan files to identify known viruses, but as an alternative monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.In contrast to dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries.Other ways to detect virusesSome antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immediately tries to find other executable), one could assume that the executable has been infected with a virus.



Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has ended, the sandbox is analyzed for changes which might point out a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.Deans Techno has a verity of most advance software and also develops software’s & sites on demand. Deans Techno is also providing other services in the field of programming efficiently and effectively.

No comments:

Post a Comment