Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
The most important defence against viruses and malicious code is to use virus scanners. A virus scanner is essentially software that tries to prevent a virus from infecting your system. Most antivirus applications scan incoming emails or incoming network traffic. They are also designed to scan portable media devices such as USB drives and to provide advanced protection. In general, virus scanners work in two ways.
The first method begins by maintaining a list of all known virus files. Generally, one of the services offered by virus scanner vendors is the periodic updating of this file. They discover viruses, keep a list of them, and continuously update that list. This list is typically stored in a small file called a .dat file (short for data). When you update your virus definitions, what actually happens is that your current file is replaced by a newer one from the vendor’s website, updating the antivirus application on your system.
The antivirus programme then scans your computer, your network, and your incoming email for known virus files. It looks for any matches in files on your computer or attached to emails, and compares them against the virus definition file. Email scanning can also be performed by searching for specific subject lines and content. Known virus files typically have specific expressions in the subject lines and bodies of the messages to which they are attached.
Scanning only against a list of known viruses produces many undesirable results — what we call false positives. For this reason, the virus scanner focuses on attachments to see whether they have a specific size and creation date matching a known virus, or whether they contain known viral code. File size, creation date, and location are telltale signs of a virus. Depending on the settings of your virus scanner, you may be prompted to take action, the file may be moved to a quarantined folder, or the file may be deleted directly. This type of virus scanning only works when the virus scanner’s .dat file has been updated and only for known viruses. However, it may miss some real virus infections, or flag some non-virus files as viruses, resulting in what we call false positives.
Another operating principle of a virus scanner is to monitor your system for typical virus behaviours. This focuses on activities such as trying to write to the boot sector of a hard drive, modifying system files, modifying the system registry, automating email software, or attempting to self-replicate. Another technique frequently used by virus scanners is to look for files that remain in memory after being executed. This is called a Terminate and Stay Resident (TSR) programme. Some legitimate programmes also do this, but it is generally a sign of a virus.
Many virus scanners have begun to use additional methods to detect viruses.
These methods include scanning system files and then monitoring programmes that attempt to modify those files. This means the virus scanner first needs to identify certain files that are critical for the system. On Windows systems, these include the registry, boot.ini, and other critical files. Then, if any programme attempts to modify these files, the user is alerted and asked to authorise the change before it proceeds.
It is also important to distinguish between on-demand virus scanning and ongoing scanners. An ongoing virus scanner runs in the background and continuously checks a PC for any signs of a virus. On-demand scanners run only when you initiate them. Most modern antivirus scanners offer both options, aiming to provide comprehensive protection.
Since email is the primary method by which a virus spreads, email and attachment scanning is the most important function of any virus scanner. Some virus scanners scan your emails before they are downloaded to your machine, while others scan them as they arrive. The key is to ensure that no virus-bearing attachment reaches your system without being intercepted.
It is important to bear in mind that virus scanners are not a complete solution in themselves. For the most comprehensive protection, they should be used alongside other security measures such as operating system and application updates, strong password policies, user security awareness training, and firewall devices.
You May Be Interested In These
