Different approaches are followed by different types of antivirus software downloads to identify and destroy the viruses in individual PCs. The two most popular approaches are the database or dictionary scanning and suspicious behavior scanning. In the first approach new files are matched with virus affected files installed. And in the second approach the program file is monitored for a pattern, which generally turns out to be a virus. I am going to discuss both in this article and then go on to describe some less obvious methods.



Database scanning

Database or dictionary scanning involves an antivirus application comparing files with already known viruses to find a code match. The antivirus software has a database of known viruses which should be updated on a regular basis to keep on to of virus changes. Any infected files are then either quarantined as the software tries to recover the infected file or they are deleted altogether. To keep up with the work of identifying newer viruses spread the antivirus download software should be updated one a day or at least one a week. It is imperative that the antivirus software is upgraded regularly to keep up with the newer and more malicious viruses that might attack the system. The database of known viruses is expanding rapidly and automatic communication between locally installed software and the database network means the global sharing of information.

The antivirus software assists the operating system and safeguards files when they opened, closed or mailed. Every attachment is checked before opening and every file is scanned before being uploaded or downloaded into the system. But this approach is only suitable for known viruses but it can not cope with polymorphic viruses which are capable of masking the code in a cryptic form. Hence is left undetected and the virus never shows up in a scan. However, another methodology used by good antivirus software may be able to detect it. This is described below.

Suspicious behavior scanning

As the name suggests this also involves the antivirus program monitoring every single file for viruses. However, unlike the previous method which matched viruses against those in a database, this process involves flagging files whose code or behavior has altered in some way. If it find any irregularities with any file it immediately gives out a warning message to the user. This approach can identify new viruses or any possible future virus attacks. But the program becomes desensitized to false warnings when the user starts clicking on every false positive message.

Sand box detection

In this approach the sand box mimics the operating system and running executable files within it. Files are then examined and any infections analyzed. Therefore, virus detection can take place in a controlled environment with infecting the operating system. This approach is used as on demand scans.