BotNet News

Antivirus is a program that prevents malware infections, detects threats and attacks, and eradicates malware from singular computing devices and entire IT systems. It typically scans files, installed programs and apps for signs of malware and identifies them as such if found. Most antivirus programs also monitor day-to-day program behavior to flag any anomalies. Antivirus software may be used to protect against a variety of types of malware including computer viruses, Trojan horses, worms, spyware, rogue security programs and dialers. Some antivirus products also provide protection from malicious Browser Helper Objects (BHOs), ransomware, backdoors, rootkits and other forms of malware.

Antivirus programs use a variety of methods to identify malware, including signature-based detection whereby the antivirus engine compares the file contents against a database of known virus signatures, or heuristic-based detection whereby the antivirus engine looks for characteristics commonly used in known malware code. Some antivirus programs also use sandbox analysis, whereby the antivirus engine executes the program in a virtual environment and logs actions it performs. The program is then permitted into the real environment if sandbox analysis proves it’s safe to do so.

Because hackers constantly produce new malware variants, it’s impossible for any one antivirus program to keep up with them all. To combat this, antivirus vendors often employ cloud analysis, whereby suspicious files or programs are sent to the antivirus vendor’s servers for testing. If confirmed as malicious, the antivirus program can then create a signature for that specific piece of malware and block it from any other devices running that vendor’s software.