The most obvious line of defense against viruses is of course a software program aptly called an anti-virus. With computers having become an integral part of our lives, viruses have also become more widespread, thus, more and more anti-virus programs have been created to deal with this omnipresent threat. Unlike their physical counterpart, the antibiotic, anti-virus programs can cure a computer from thousands of different viruses or more. It can cure and detect a virtually limitless number of viruses. Different anti-viruses use different techniques to identify a virus within a computer and destroy or quarantine it. The better anti-viruses combine some or all of these techniques to make a virtually unstoppable defense mechanism for your computer.
A static scan, or better known as a full system scan, involves completely and deeply scanning the computer system on which the anti-virus program resides. After choosing a partition or drive to scan, a user can then let the anti-virus do its work. The anti-virus will then go through each and EVERY file on that partition or drive and scan its contents byte by byte while analyzing whether that file is infected or is the virus itself. If so, the anti-virus will present the user with options, be it to quarantine the file for further deletion, to fix the file or to just delete it from the user’s computer. A static scan can also scan the master boot record of a computer. This is the part of the hard disk where bootable code resides and a virus in the master boot record is very dangerous as that can potentially render a user’s computer unbootable. Static scans can also scan for memory-resident viruses and remove them effectively. Static scans, although highly effective, take a very long time to execute though it is highly recommended to conduct static scans on your system at least once a month.
A dynamic scan, in contrast to a static scan, is done in real-time. What this means is that as a file is being downloaded or right after it is downloaded, the anti-virus program immediately scans it and analyzes its threat risk, before presenting it to the user so that the user can decide whether to keep the file on his or her system. Dynamic scans are also used on incoming and outgoing mail. The anti-virus program scans all the attachments in the email much like the static scan does and if any attachments are found to be infected, the user will be presented on the same options as in the static scan. The option chosen will be operated on that particular file only.
Heuristic Antivirus Programs
From its name we can guess that it’s a much smarter way to scan files. Instead of scanning files based on a known database, heuristic anti-virus programs look at the instructions that make up a program and if they are potentially harmful, it warns the user of the potential threat. It lists all the harmful things the program is capable of doing and asks the user if he or she would still like to keep that program. This is more of a preventive measure by trying to identify a virus from what the program is capable of doing instead of looking at stored patterns of known viruses. This technique means even extremely new or unknown viruses can be detected and removed. However, this technique is not very accurate and can result in some legitimate and uninfected programs being deleted.
.dat-based Anti-virus Programs
The opposite of the heuristic way of scanning files, this technique is the database-based scanning technique. The anti-virus program maintains a database containing the instructions that make up some common viruses and stores them in .dat files. Usually, the anti-virus program needs to download recent versions of this database to ensure that it can detect and remove new viruses. This technique is relatively faster as all the anti-virus program needs to do is scan the file and compare it to its database. If there is a match, then that file must be a virus or it must be virus-infected.
Improving defences by John Moore
How does antivirus software work?