Do you know about antivirus working process? An antivirus is a security application that is installed on a computer or mobile device to protect it from malware attacks.
The term “malware” refers to any type of malicious software that is designed to integrate or harm a computer or information system without the approval of its owner.
This type of software includes:
Virus
Its function is to alter the normal functioning of the computer, without the permission or knowledge of the user. Usually, they replace executable files with others infected with the code of this one.
Trojans
The user is presented as a seemingly legitimate and harmless program, but which, when executed, gives an attacker remote access to the infected computer.
Worms
Has the property of duplicating themselves. They expand and copied from pc to pc, but unlike a virus, it has the ability to copy without the help of a person.
Keyloggers
Keyloggers are responsible for recording the keystrokes that are made on the keyboard, to later memorize them in a file or send them through the Internet.
Botnets
Refers to a set or network of computer bots or bots, which run autonomously and automatically. The creator of the botnet can control all infected computers/servers remotely.
Spyware
Gathers detail information from a computer and then sends this details to an outside entity without the knowledge or approval of the owner.
Adware
Shows web advertising to the user during its installation or during its use to generate profit for its authors.
Rootkits
Allows continuous privilege access to a computer but keeps its presence actively hidden from the control of administrators by corrupting the normal operation of the operating system or other applications.
Hijackers
Make changes in the configuration of the web browser. For example, some change the homepage of the browser by web pages of advertising or pornographic page, others redirect the results of the search engines to paid advertisements or banking phishing pages.
Dialers
Take control of the dial-up modem, make a call to a special rate telephone number, often international, and leave the line open by charging the cost of this call to the infected user.
Ransomware
They encrypt the important files for the user, making them inaccessible, and they ask that a “ransom” be paid in order to receive the password that allows recovering the files.
How does an antivirus work?
Basically, there are two ways for antivirus software to identify malware:
- Detection of signatures and
- Behavior detection
Detection by signature works like the human immune system. The team is analyzed in search of characteristics or “signatures” of identifiable malicious programs. For this, it uses a known malware vocabulary, if there is something on the pc which fits a design in the vocabulary, the system tries to reduce the effects of it.
Like the human defense mechanisms, the vocabulary approach needs updates (such as flu vaccines) to secure against new stresses of viruses. An antivirus can only prevent what it identifies as dangerous.
The problem with cyber attackers is that they are developing new malware so fast that antivirus developers can’t keep up.
With behavior detection, the antivirus does not try to recognize known malware but it keeps an eye on the behavior of software installed on your computer. When a program acts suspiciously, such as trying to access a protected file or modifying another program, behavioral-based antivirus software notices suspicious activity and warns you about it.
This approach provides protection against new types of malware that do not yet exist in dictionaries but can generate false warnings too. You as a user may feel insecure about what you should allow or not allow and over time, become insensitive to all those warnings.
You may be tempted to click “OK” on each prompt leaving your computer open to an attack or infection. Also, by the time the behavior is detected, the malware probably already ran on your machine and you could ignore what actions it took before the antivirus software recognized it.