We protect the computer: on what is the antivirus program based?

Antivirus users increasingly prefer to put it out of habit, or even not put at all, considering that it is still not needed. In this article, we'll figure out what the action of the antivirus program is based on and why it is still needed.

How antivirus software works

Antivirus programs work by the principle of detecting and removing malicious code. To do this, a set of technologies is used. As malicious files evolve, anti-virus programs are improved.

When scanning a computer, suspicious files are located and sent to "quarantine". "Quarantine" is an isolated place in the system where they can not perform any actions. From the isolated files, the malicious code is deleted. If this is not possible, the entire file is deleted.

Classification of the action of antiviruses

What is based on the action of the anti-virus program, directly depends on the threat, which it neutralizes.

There are two types of protection:

• Reactive protection - is aimed at known threats, which the software recognizes from the built-in database. For successful anti-virus protection, all types of anti-virus software must be updated regularly, so that the database has the latest information about viruses. During the update, the software connects to the server and receives information. Thus, data on viruses - this is the basis for the action of the anti-virus program with reactive protection.
• Proactive protection is protection against new threats, about which little or nothing is known. What is the basis for the action of the antivirus program, if it, in fact, does not know anything? Proactive defense is imperfect, but it's better than nothing. It is based on the knowledge of the features that any virus possesses.

Classification by analysis method:

• Code analysis - the source code of the suspicious object is scanned;
• Behavior analysis - the software monitors what a suspicious object is doing;
• Analysis of file changes on the device - if the changes seem to the software to be suspicious, then it notifies the user about it.

Typically, anti-virus software includes all types of protection and analysis, on which the action of the antivirus program is based.

Types of antivirus

The differences between anti-viruses are determined by the components (or modules) that are included in the software.

Modules are divided into the following groups:

• The detector is responsible for the search for viruses;
• Doctor - heals viruses, removing the original virus code from infected files;
• Auditor - remembers the computer's status and compares them: checks the size and checksums of the files; The increase in size may indicate the addition of the virus code to the file;
• Filter - passes through itself all the actions of the program, when suspicious asks the user, allow them or prohibit.

While the first antiviruses consisted of one module, modern software contains several components of different groups.

So should I put the antivirus?

Antivirus is an automatic system. If you are able to perform all of the above actions manually yourself, you can not set. In all other cases, hoping that you do not download anything from the Internet and do not pick up the virus, it makes no sense. Provide yourself protection in advance.