Litle about Antivirus
September 25, 2009Antivirus is a type of software that is used to detect and remove computer viruses from computer systems. Also called Virus Protection Software. This application can determine whether a computer system has been infected with a virus or not. Generally, this software running in the background (background) and scanning of all files that are accessed (opened, modified, or when stored). Most antivirus works with several methods such as below:
Detection by using virus signature database (virus signature database): How to work this antivirus is the approach used by many traditional antivirus, which looked for signs of the presence of the virus by using a fraction of the virus code that has been analyzed by antivirus vendors, and has cataloging accordance with the type, size, power and the destruction of several other categories. In this way fairly quickly and reliably to detect viruses that have been analyzed by antivirus vendors, but can not detect the new virus until the virus signature database newly installed into the system. Virus signature database is available from antivirus vendors and generally can be obtained for free via download or by subscription (subscription)
Detection by looking at how the virus works: How it works like this antivirus is a new approach borrowed from the technology applied in the Intrusion Detection System (IDS). This method is often referred to as Behavior-blocking detection. This way of using policy (policies) that must be applied to detect the presence of a virus. If there is software behavior “unnatural” according to the applicable policy, as well as software that tries to access the address book to send e-mails in bulk to an e-mail lists that are in the address book (this way is often used by virus to transmit the virus through e-mail), then the antivirus will stop the process undertaken by the software. Antivirus also able to isolate the code that is suspected as a virus until administrators decide what to do next. The advantage of this method is the antivirus can detect new viruses that have not been recognized by the virus signature database. The downside, obviously because of the antivirus monitor the workings of the software as a whole (not monitor the file), then the antivirus makes frequent false alarms or “false alarm” (if the antivirus configuration is too “loud”), or even allow the virus to multiply in the system (if antivirus configuration too “soft”), false positive occurred. Some manufacturers call this technique as a heuristic scanning.
Antivirus software which uses behavior-blocking detection are still few in number, but in the future, chances are all the antivirus will use this way. Some antivirus also uses two methods above as well.