Software that searches for viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns and behaviors are added to a database that is downloaded periodically to the user's antivirus program via the Web. Popular antivirus programs are Norton, McAfee, Sophos, Bitdefender, AVG and Kaspersky. Windows Defender is Microsoft's own antivirus software that comes with Windows, starting with Windows 8.
Antivirus programs are used on all Windows machines, but most Mac users do not install them. However, as more Macs are acquired, the Mac has slowly but surely become a target of attacks, and Mac antivirus programs are being installed at a more rapid rate than in the past. See virus
Multiple Detection Approaches
Early antivirus scanning matched the binary signature (pattern) of executable files against a database of known malware signatures before they were allowed to run. This "scanning" process was vastly speeded up by doing a one-time scan of all the executables in the computer and also when a new one is installed. If the executable is virus free, a checksum (hash) of its binary pattern is computed and stored in a checksum database. The next time the executable is launched by the user, its checksum is recomputed and compared with the virus-free checksum. If they match, the file was not adulterated.
Because malware may generate a unique signature each time it is downloaded to an unsuspecting user, antivirus programs also use behavior detection, which looks for suspicious activities such as copying and deleting files when launched (see behavior detection
). See Symantec
, polymorphic virus
and Reputation-based Security
Scan and Create a Checksum (Hash)
This is commonly used to speed up antivirus scanning, because computing and comparing an executable's checksum is considerably faster than analyzing the file each time it is loaded.