Users increasingly prefer to install anti-virus out of habit, or even not to install it at all, believing that it is not needed anyway. In this article, we will understand what the action of the anti-virus program is based on and why it is still needed.
How antivirus programs work
Anti-virus programs work on the principle of detecting and removing malicious code. For this, a complex of necessary technologies is used. As malware evolves, so does antivirus software.
During a computer scan, suspicious files are found and sent to "quarantine". "Quarantine" is an isolated place in the system where they cannot perform any action. Malicious code is removed from isolated files. If this is not possible, the entire file is deleted.
Classification of the action of antiviruses
What the action of an anti-virus program is based on depends directly on the threat that it neutralizes.
There are two types of protection:
- Reactive protection - is aimed at known threats, which the software learns about from the built-in database. For successful anti-virus protection, all types of anti-virus programs need to be updated regularly so that the database contains the latest information about viruses. During the update, the software connects to the server and receives information. Thus, virus data is what a reactive antivirus program is based on.
- Proactive defense is protection against new threats about which little or nothing is known. What is the action of the anti-virus program based on, if it, in fact, knows nothing? Proactive defense isn't perfect, but it's better than nothing. It is based on the knowledge of the features that any virus has.
Classification by analysis method:
- code analysis - looking at the source code of a suspicious object;
- behavior analysis - software monitors what a suspicious object is doing;
- analysis of file changes on the device - if the changes seem suspicious to the software, it notifies the user about it.
Usually anti-virus software includes all kinds of protection and analysis, on which the anti-virus program is based.
Types of antiviruses
The differences between antiviruses are determined by the components (or modules) that are included in the software.
Modules are divided into the following groups:
- detector - responsible for finding viruses;
- doctor - treats viruses by removing the original virus code from infected files;
- auditor - rememberscomputer states and compares them: checks the size and checksums of files; an increase in size may indicate the addition of virus code to the file;
- filter - passes through all the actions of the program, in case of suspicious ones it asks the user whether to allow them or prohibit them.
While the first antiviruses consisted of a single module, modern software contains several components of different groups at once.
So should I install an antivirus?
Antivirus is an automatic system. If you are able to perform all the above actions manually yourself, you can not bet. In all other cases, it makes no sense to hope that you do not download anything from the Internet and do not catch a virus. Protect yourself early.