AntiVirus Software

Antivirus (anti-virus) software is used to prevent, detect, and remove malware, including computer vira, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware. This page talks about the software used for the prevention and removal of such threats, rather than computer security implemented by software methods.

A variety of strategies are typically employed. Signature-based detection involves searching for known patterns of data within executable code. It is possible for a user to be infected with new malware for which no signature exists yet. To counter such so-called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify new vira or variants of existing viruses by looking for known malicious code in files. Some antivira software can also predict what a file will do if opened/run by emulating it in a sandbox and analyzing what it does to see if it performs any malicious actions. If it does, this could mean the file is malicious.

No matter how useful antivirus software is, it can sometimes have drawbacks. Antivirus software can degrade computer performance. Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. If the antivirus software employs heuristic detection, success depends on achieving the right balance between false positives and false negatives. False positives can be as destructive as false negatives. Antivirus software runs at the highly trusted kernel level of the operating system, creating a potential avenue of attack.

In addition to the drawbacks mentioned above, the effectiveness of antivirus software has also been researched and debated. One study found that the detection success of major antivirus software dropped over a one-year period.