Security from A to Z: Antivirus
The lowdown on how antivirus software works and what it needs to do in the future. A section is a series on security basics.
When installed on a PC, antivirus software monitors and scans inbound, outbound and existing files to check for traces of infection. Traditionally, it does this using what is known as a "signature database," a library of known malicious code used to identify suspicious files.
But since malicious software is ever-evolving, it is vital that the database contains the latest threats--hence, the need to download regular antivirus updates. But signatures are seen as an increasingly outdated defense--by their very nature, they lag behind the threats. For that reason, many antivirus vendors are producing more predictive technologies, based on smarter analysis of data that promises to second-guess potential threats before they strike--an approach known as "heuristics."
Antivirus software also works by analyzing what applications are trying to do. Malicious programs can blow their cover by displaying suspicious patterns of behavior (such as searching out executable or mail box files in order to propagate) or by containing code that sets alarm bells ringing (instructions to format a hard drive, for instance).
Once a virus has been detected, the antivirus software will quarantine it, so it cannot spread. It will then attempt to erase it and repair any file damage caused.
Nowadays, it should be a matter of course for a company whose employees have Web access to have up-to-date antivirus software installed across the network. The global antivirus market reached $3.7 billion in revenue in 2004, according to market researcher IDC, which predicts it will swell to $7.3 billion in 2009.
Natasha Lomas reported for Silicon.com in London.