Skip main navigation

How Does an Antivirus Software Work?

Learn more about an antivirus software and how it detects and removes a malware.
A computer holds up a shield to deflect incoming viruses

 In this article, you will learn about a major defence against malware — antivirus software. More specifically, you will learn what it is and how it detects and removes malware.

What is Antivirus Software?

Antivirus software, also referred to as anti-malware software, is a type of software designed to identify and remove malware from your computer. It can scan a computer for suspicious files and activity, and it can scan specific files or programs, attachments, and downloads. Some programs can also give updates on a computer’s performance.

Most antivirus software can be set up to scan a computer regularly, but it is a good idea to scan for malware if you notice a reduction in your computer’s performance, for example, if it is running slower than usual or is unable to run particular programs, or if it is showing pop-ups when you’re offline.

How Does Antivirus Software Detect Malware?

Antivirus software uses lots of different approaches to detect malware. The first is a dictionary approach, which involves comparing files on your computer with a list of known malware signatures in order to find matches. A malware signature is a unique string of code in the malware that identifies it.

Attackers know that this is how antivirus software works, so they adapt their malware by slightly altering the code that runs it, in order to make it undetectable. Antivirus software, therefore, searches for similarities between the code in a suspicious file and the known malware in the dictionary, instead of making direct comparisons.

Antivirus software can only be effective if it has encountered malware or a variant of it before. Therefore, it is important to keep your antivirus software up-to-date, so that it can learn about new strains of malware.

To identify new types of malware, antivirus software also takes a heuristic approach. This involves monitoring files for suspicious activity (for instance, if a program asks to change settings in your OS). The software might even run suspicious files or programs in a quarantined setting to see how they behave, without endangering the computer.

How Does Antivirus Software Remove Malware?

When antivirus programs identify malware, they generally present three options: clean, quarantine, or delete. The most appropriate approach to take is usually determined by the type of malware and the type of file or program that has been infected.

You can clean the file/program if you still need the file/program that has been infected. If you were to delete it, then you could lose the file, or if the malware has infected a program in your OS, your computer’s ability to function could be impaired.

You can delete the file/program if the malware is in the form of a worm or a Trojan because these types of malware are contained in a separate file/program (as you learned earlier).

You can quarantine the file/program if you are unsure, and don’t want to risk deleting an important file. As the term suggests, this isolates the malware so that it can’t infect any other files or programs. This allows you to check that your computer can run without the file/program before it is deleted. It also allows you to keep malware until your antivirus software has the tools to destroy it.


This article is from the free online

Introduction to Cybersecurity for Teachers

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now