Friday, 12 April 2013

Antivirus Detection Techniques

The most Common ways that antivirus software detects potential malware threats are by:
  • Signature-based detection
  • Heuristic-based detection
  • Rootkit detection
  • Real-time protection
  • Sandbox

  • Signature-based detection - The antivirus software scans your files and compares their source code to a list of known malware which the antivirus vendors are aware of. Virus signatures are strings of computer code that are used to identify viruses.
  • Heuristic-based detection – Similar to signature based detection, the antivirus software scans your file for the generic source code which is common to more than one type of malware. This process helps detect new variations of known malware which has not been added to the signature –based list.
  • Rootkit detection – Rootkits are a type of malware which is designed to gain access to your computer system at an administrative level. They are difficult to remove from your system and can cause complete system failure resulting in the need for your entire operating system to be re-installed.
  • Real-time protection – Also known as “on-access scanning”, “background guard”, “resident shield” and “autoprotect.” The antivirus monitors your system for suspicious processes in “real time.” In other words when data is loaded into active memory e.g. when you insert a CD, open an email, webpage or file, the antivirus program can block the malware before damage is done to your electronic device.
  • Sandbox – Some higher-end antivirus programs allow you to open untested files or untrusted websites in a “sandbox.” A sandbox is an area of disk memory that is separate from the core operating procedures so that if the user does come across malware, the malware is isolated from the user’s files and can’t infect the electronic device.
Derivative Source – Wikipedia Creative Commons License The above text is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

The above article is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

You are free to republish a modified or "as is" version of the above work as long as you include the following attribution on the same page as the article and allow the users of your webpage to republish this work the same way. 


  1. Thanks Ernst Sigl, I have read about Antivirus. Good information on "How Antivirus Works."

  2. This comment has been removed by a blog administrator.