Definition under: Definitions

What is Antivirus?

Antivirus software is a type of program designed to prevent, detect, and remove malicious software from a computer system. The software is designed to protect against a wide range of malware, including viruses, worms, Trojan horses, spyware, adware, and other types of malicious software that can cause damage to or acquire sensitive information from a computer system.

The two key functions of antivirus software are to detect and remove malware that has already infected a computer system, as well as prevent future infections from occurring. This is accomplished through the use of signature-based detection, which involves scanning files on the computer system and comparing them to a database of known malware signatures. If a file matches a known malware signature, the antivirus software will quarantine or remove the file from the system.


Dissecting Antivirus

The first antivirus software was called VirusScan, created in 1987 by McAfee Associates. At the time, John McAfee was working as a computer programmer and became increasingly concerned about the emerging threat of computer viruses.

VirusScan was effective at removing and preventing the most prevalent viruses in the late 80s and early 90s. Although the viruses at the time were relatively simple in nature compared to modern malware, the work done by VirusScan helped establish the antivirus software industry and set the stage for the development of more sophisticated tools and techniques to protect against malware.


Antivirus software typically uses a combination of techniques to detect and prevent malware from infecting computer systems, which can include:

  • Scanning: The antivirus scans files on the computer system to identify known malware signatures. This process is called signature-based detection. Antivirus software typically has a database of known malware signatures that it compares files to determine if a file is infected. If the scan detects the file as infected, the antivirus software will either quarantine or remove the file from the system.
  • Behavioral Analysis: Behavioral analysis involves monitoring the behavior of programs on the computer system to identify any suspicious activity that may indicate the presence of malware. For example, suppose a program is trying to access sensitive system files or attempting to connect to a suspicious IP address. In that case, the antivirus software may identify it as malware and take appropriate action.
  • Heuristic Analysis: Heuristic analysis is looking for behavior patterns that may indicate malware's presence. For example, suppose a program uses an unusual amount of system resources or modifies system settings in an atypical way. In that case, the antivirus software may identify it as malware and take appropriate action.
  • Real-Time Scanning: Antivirus software may also use real-time scanning to monitor files and web pages as they are accessed or downloaded. Real-time scanning can be done by monitoring file access, network traffic, and system processes to identify any suspicious activity that may indicate the presence of malware. Real-time scanning helps to prevent malware from infecting the system in the first place.
  • Email Scanning: The antivirus may also scan email attachments for malware before they are opened. Email scanning can be done by analyzing email attachments for known malware signatures or using behavioral analysis to identify any suspicious activity. Pre-emptive scanning helps to prevent malware from being delivered to the system through email.
  • Firewall Protection: Some antivirus software includes a firewall to monitor network traffic and prevent unauthorized access to the system. The firewall can block traffic from suspicious IP addresses or allow traffic only from trusted sources, as well as prevent malware from gaining access to the system through the network.


How Antivirus Removes Viruses

The antivirus process typically starts when a user initiates a scan of their computer system or when the antivirus software detects a potential threat on the system. This can happen when a file is downloaded or when an email is opened, for example. The antivirus software will then initiate a series of steps to isolate and remove the virus:

  1. Quarantine - The first step is to quarantine the infected file, which involves moving it to a secure folder to prevent it from spreading and causing further damage to the system. This step is crucial in containing the virus and preventing it from infecting other files on the system.
  2. Removal - Once the infected file has been quarantined, the antivirus software will attempt to remove the virus from the system. This step may involve cleaning the infected file or, in some cases, deleting it and replacing it with a clean version. The severity of the infection will determine the course of action, and the antivirus software will take measures to ensure that the virus is completely removed from the system.
  3. Repair - In cases where the virus has caused damage to system files or the registry, the antivirus software may attempt to repair the damage. This step is important in restoring the affected files to their original state and ensuring that the system is fully functional.
  4. Verification - After the software has removed the virus and repaired the system, it will then perform a final scan to verify that the system is clean and free of any remaining malware. This step is crucial in ensuring that the system is fully secured and that no traces of the virus remain on the system.


It's important to keep in mind that not all viruses can be removed by antivirus software, particularly if the virus is new and unknown to the software. In such cases, manual removal may be necessary, and the user may need to seek the assistance of a cybersecurity professional to remove the virus manually.

Recently Added Definitions