Skip main navigation

How Does an Antivirus Software Work?

Learn more about an antivirus software and how it detects and removes a malware.
A computer holds up a shield to deflect incoming viruses
 In this article, you will learn about a major defence against malware — antivirus software. More specifically, you will learn what it is and how it detects and removes malware.

What is Antivirus Software?

Antivirus software, also referred to as anti-malware software, is a type of software designed to identify and remove malware from your computer. It can scan a computer for suspicious files and activity, and it can scan specific files or programs, attachments, and downloads. Some programs can also give updates on a computer’s performance.

Most antivirus software can be set up to scan a computer regularly, but it is a good idea to scan for malware if you notice a reduction in your computer’s performance, for example, if it is running slower than usual or is unable to run particular programs, or if it is showing pop-ups when you’re offline.

How Does Antivirus Software Detect Malware?

Antivirus software uses lots of different approaches to detect malware. The first is a dictionary approach, which involves comparing files on your computer with a list of known malware signatures in order to find matches. A malware signature is a unique string of code in the malware that identifies it.

Attackers know that this is how antivirus software works, so they adapt their malware by slightly altering the code that runs it, in order to make it undetectable. Antivirus software, therefore, searches for similarities between the code in a suspicious file and the known malware in the dictionary, instead of making direct comparisons.

Antivirus software can only be effective if it has encountered malware or a variant of it before. Therefore, it is important to keep your antivirus software up-to-date, so that it can learn about new strains of malware.

To identify new types of malware, antivirus software also takes a heuristic approach. This involves monitoring files for suspicious activity (for instance, if a program asks to change settings in your OS). The software might even run suspicious files or programs in a quarantined setting to see how they behave, without endangering the computer.

How Does Antivirus Software Remove Malware?

When antivirus programs identify malware, they generally present three options: clean, quarantine, or delete. The most appropriate approach to take is usually determined by the type of malware and the type of file or program that has been infected.

You can clean the file/program if you still need the file/program that has been infected. If you were to delete it, then you could lose the file, or if the malware has infected a program in your OS, your computer’s ability to function could be impaired.

You can delete the file/program if the malware is in the form of a worm or a Trojan because these types of malware are contained in a separate file/program (as you learned earlier).

You can quarantine the file/program if you are unsure, and don’t want to risk deleting an important file. As the term suggests, this isolates the malware so that it can’t infect any other files or programs. This allows you to check that your computer can run without the file/program before it is deleted. It also allows you to keep malware until your antivirus software has the tools to destroy it.


This article is from the free online

Introduction to Cybersecurity for Teachers

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education