Definition: antivirus program

Software that searches for viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns and behaviors are added to a database that is downloaded periodically to the user's antivirus program via the Web. Popular antivirus programs are Norton, McAfee, Sophos, Bitdefender, AVG and Kaspersky. Microsoft Defender is Microsoft's own antivirus software that comes with Windows, starting with Windows 8.

Windows, Mac and Linux
Antivirus programs are used on all Windows machines because they are the target of most attacks. However, the Mac has slowly but surely become a target because malware threats are growing more rapidly than in the past. Linux PC users also employ antivirus software. See virus, quarantine, disinfect and scareware.

Multiple Detection Approaches
Early antivirus scanning matched the binary signature (pattern) of executable files against a database of known malware signatures before they were allowed to run. This "scanning" process was vastly speeded up by doing a one-time scan of all the executables in the computer and also when a new one is installed. If the executable is virus free, a checksum (hash) of its binary pattern is computed and stored in a checksum database. The next time the executable is launched by the user, its checksum is recomputed and compared with the virus-free checksum. If they match, the file was not adulterated.

Because malware may generate a unique signature each time it is downloaded to an unsuspecting user, antivirus programs also use behavior detection, which looks for suspicious activities such as copying and deleting files when launched (see behavior detection). See Symantec, McAfee, Sophos, Bitdefender, AVG, checksum, virus, polymorphic virus and Reputation-based Security.

Scan and Create a Checksum (Hash)

This is commonly used to speed up antivirus scanning, because computing and comparing an executable's checksum is considerably faster than analyzing the file each time it is loaded.