We protect the computer: on what is the antivirus program based?
Antivirus users increasingly preferput out of habit, or even not put at all, considering that it is still not needed. In this article, we will figure out what the action of the antivirus program is based on and why it is still needed.
How antivirus software works
Antivirus programs work on the principle -detect and remove malicious code. To do this, a set of technologies is used. As malicious files develop, anti-virus programs are improved.
While scanning the computer, yoususpicious files and sent to "quarantine". "Quarantine" is an isolated place in the system where they can not perform any actions. From the isolated files, the malicious code is removed. If this is not possible, the entire file is deleted.
Classification of the action of antiviruses
What is based on the action of the anti-virus program, directly depends on the threat, which it neutralizes.
There are two types of protection:
- Reactive protection - is directed at knownThe threats that the software recognizes from the built-in database. For successful anti-virus protection, all types of anti-virus programs must be updated regularly, so that the database has the latest information about viruses. During the update, the software connects to the server and receives information. Thus, data on viruses - that is the basis for the action of the antivirus program with reactive protection.
- Proactive protection is protection against new threats, owhich little or nothing is known. What is the basis of the antivirus program, if it, in fact, does not know anything? Proactive defense is imperfect, but it's better than nothing. It is based on the knowledge of the features that any virus possesses.
Classification by analysis method:
- code analysis - the source code of the suspicious object is scanned;
- behavior analysis - the software monitors what a suspicious object is doing;
- analysis of file changes on the device - if the changes seem to the software to be suspicious, then it notifies the user about it.
Typically, anti-virus software includes all types of protection and analysis, on which the action of the antivirus program is based.
Types of antivirus
The differences between the anti-viruses are determined by the components (or modules) that are included in the software.
Modules are divided into the following groups:
- the detector is responsible for the search for viruses;
- Doctor - heals viruses, removing the original virus code from infected files;
- the auditor - remembers the state of the computer and compares them: checks the size and checksums of the files; the increase in size may indicate the addition of a virus code to the file;
- filter - passes through itself all the actions of the program, when suspicious asks the user, allow them or prohibit.
While the first antiviruses consisted of one module, modern software contains several components of different groups.
So whether to put the antivirus?
Antivirus is an automatic system. If you are able to perform all of the above actions manually yourself, you can not set. In all other cases, hoping that you do not download anything from the Internet and catch the virus, it makes no sense. Provide yourself protection in advance.