Term of the Moment

libre software


Look Up Another Term


Redirected from: antiviral program

Definition: antivirus program


Software that searches for viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns and behaviors are added to a database that is downloaded periodically to the user's antivirus program via the Web. Popular antivirus programs are Norton, McAfee, Sophos, Bitdefender, AVG and Kaspersky. Microsoft Defender is Microsoft's own antivirus software that comes with Windows, starting with Windows 8.

Antivirus programs are used on all Windows machines, but most Mac users do not install them. However, as more Macs are acquired, the Mac has slowly but surely become a target of attacks, and Mac antivirus programs are being installed at a more rapid rate than in the past. See virus, quarantine, disinfect and scareware.

Multiple Detection Approaches
Early antivirus scanning matched the binary signature (pattern) of executable files against a database of known malware signatures before they were allowed to run. This "scanning" process was vastly speeded up by doing a one-time scan of all the executables in the computer and also when a new one is installed. If the executable is virus free, a checksum (hash) of its binary pattern is computed and stored in a checksum database. The next time the executable is launched by the user, its checksum is recomputed and compared with the virus-free checksum. If they match, the file was not adulterated.

Because malware may generate a unique signature each time it is downloaded to an unsuspecting user, antivirus programs also use behavior detection, which looks for suspicious activities such as copying and deleting files when launched (see behavior detection). See Symantec, McAfee, Sophos, Bitdefender, AVG, checksum, virus, polymorphic virus and Reputation-based Security.




Scan and Create a Checksum (Hash)
This is commonly used to speed up antivirus scanning, because computing and comparing an executable's checksum is considerably faster than analyzing the file each time it is loaded.