More and more often users prefer to install antivirus out of habit, or even not to install it at all, believing that it is still not needed. In this article, we will understand what the action of the antivirus program is based on and why it is still needed.
How antivirus programs work
Antivirus programs work on the principle of detecting and removing malicious code. For this, a set of necessary technologies is used. As malware develops, antivirus programs improve.
Suspicious files are found during the computer scan and sent to quarantine. Quarantine is an isolated place in the system where they cannot perform any actions. Malicious code is removed from isolated files. If this is not possible, the entire file is deleted.
Classification of antivirus actions
What the antivirus program is based on depends on the threat that it neutralizes.
There are two types of protection:
- Reactive protection - aimed at known threats that the software learns from the built-in database. For successful anti-virus protection, all types of anti-virus programs need to be regularly updated so that the database contains the latest information about viruses. During the update, the software connects to the server and receives information. Thus, virus data is what the reactive antivirus program is based on.
- Proactive defense is protection against new threats about which little or nothing is known. What is the basis of an antivirus program if it essentially does not know anything? Proactive defense is imperfect, but it's better than nothing. It is based on knowledge of the features that any virus has.
Classification by analysis method:
- code analysis - the source code of a suspicious object is viewed;
- behavior analysis - the software monitors what the suspicious object does;
- analysis of file changes on the device - if the changes seem to be suspicious, then it notifies the user.
Typically, antivirus software includes all types of protection and analysis, on which the action of the antivirus program is based.
Types of Antiviruses
Antivirus differences are determined by the components (or modules) that are part of the software.
Modules are divided into the following groups:
- detector - responsible for the search for viruses;
- doctor - cures viruses by removing the source virus code from infected files;
- Auditor - remembers the status of the computer and compares them: checks the size and checksums of the files; an increase in size may indicate the addition of virus code to the file;
- filter - passes through itself all the actions of the program, when suspicious asks the user whether to allow them or to prohibit.
While the first antiviruses consisted of one module, modern software contains several components of different groups at once.
So whether to put an antivirus?
Antivirus is an automatic system. If you are able to perform all of the above actions manually yourself, you can not set. In all other cases, itβs pointless to hope that you donβt download anything from the Internet and catch a virus. Protect yourself in advance.