In the last step, you learned about how malware can access computers. In this step, you will learn about a major defence against malware — antivirus software. More specifically, you will learn what it is and how it detects and removes malware.
What is antivirus software?
Antivirus software, also referred to as anti-malware software, is a type of software designed to identify and remove malware from your computer. It can scan a computer for suspicious files and activity, and it can scan specific files or programs, attachments, and downloads. Some programs can also give updates on a computer’s performance.
Most antivirus software can be set up to scan a computer regularly, but it is a good idea to scan for malware if you notice a reduction in your computer’s performance, for example, if it is running slower than usual or is unable to run particular programs, or if it is showing pop-ups when you’re offline.
How does it detect malware?
Antivirus software uses lots of different approaches to detect malware. The first is a dictionary approach, which involves comparing files on your computer with a list of known malware signatures in order to find matches. A malware signature is a unique string of code in the malware that identifies it.
Attackers know that this is how antivirus software works, so they adapt their malware by slightly altering the code that runs it, in order to make it undetectable. Antivirus software therefore searches for similarities between the code in a suspicious file and the known malware in the dictionary, instead of making direct comparisons.
Antivirus software can only be effective if it has encountered the malware or a variant of it before. Therefore, it is important to keep your antivirus software up-to-date, so that it can learn about new strains of malware.
To identify new types of malware, antivirus software also takes a heuristic approach. This involves monitoring files for suspicious activity (for instance, if a program asks to change settings in your OS). The software might even run suspicious files or programs in a quarantined setting to see how they behave, without endangering the computer.
How does it remove malware?
When antivirus programs identify malware, they generally present three options: clean, quarantine, or delete. The most appropriate approach to take is usually determined by the type of malware and the type of file or program that has been infected.
You can clean the file/program if you still need the file/program that has been infected. If you were to delete it, then you could lose the file, or if the malware has infected a program in your OS, your computer’s ability to function could be impaired.
You can delete the file/program if the malware is in the form of a worm or a Trojan, because these types of malware are contained in a separate file/program (as you learned earlier).
You can quarantine the file/program if you are unsure, and don’t want to risk deleting an important file. As the term suggests, this isolates the malware so that it can’t infect any other files or programs. This allows you to check that your computer can run without the file/program, before it is deleted. It also allows you to keep malware until your antivirus software has the tools to destroy it.
In this step, you learned how antivirus software defends against malware. In the next step, you will learn about preventing attacks.
- How regularly should you run your antivirus software?
- If a friend sends you an email with an attachment that your antivirus software flags as suspicious, would you clean, quarantine, or delete it?
- Do you have any recommendations for antivirus software?
Share your answers in the comments