Skip to main content

Antivirus Programs

Antivirus programs, often referred to as virus scanners, can greatly reduce the risk of virus infections and can often be used to remove viruses if you are unfortunate enough to become infected. Modern antivirus software carries out a number of distinct functions:

Disk scanners can be scheduled to run automatically or run or request and scans the contents of the specified disks, directories or files for any boot sectors and/or files which contain viruses it recognises, based on the virus description information in its virus definition files.

Memory-Resident Scanners sit in the background and scan automatically scans for viruses. They can often be configured to scan files automatically as they are loaded or scan floppy disks when they are inserted. This is an effective means of protection but can lead to performance degradation.

Some programs watch for suspicious activities that might indicate the presence of a virus, eg: attempts to write to the boot sector of hard or floppy disks, attempts to format the hard disk or attempts to write to an existing executable file. These programs can be very effective, but they can be subject to "false positives" if perfectly legitimate behaviour is wrongly interpreted as virus activity.

Startup Scanners carry out a quick scan of the disk's boot sectors and critical system files every time the PC is booted up. This is much quicker than a full disk scan, but can catch critical viruses, especially boot sector viruses, before the PC boots up.

Inoculation is a different approach to virus detection. Rather than looking for the viruses themselves, it looks for the changes that the viruses make to files and boot sectors. The software starts with a clean system and inoculates each boot sector and executable file by storing a snapshot based on its content and size. New files must be inoculated as soon as they are stored on the system. The snapshots are examined periodically to see if anything has changed.

The advantage of this approach is that it can detect totally new types of virus, since it is looking for the effect of the virus, rather than the virus itself. Unfortunately, it can generate a lot of false positives, since there are many legitimate reasons for files being modified.

Virus scanners rely on virus definition files to perform their work. This allows them to be updated more easily than programs which have the virus information embedded in the software. The virus definition files contain the patterns used to identify viruses and tell the scanner what to look for to spot viruses in infected files.

Most virus scanners update their virus definition files regularly, as new viruses are found. Updates are generally downloaded automatically from the vendor's web site. It is important to ensure that your virus definition files are updated regularly as failure to do so will leave you vulnerable to new viruses.

Next: Antivirus Suppliers