Antivirus Detection Methods and Antivirus Scanners
The most common method of detection for real-time and manual Scanning is signature-based. This means that the program will connect to the server of the antivirus vendor to download the latest or updated detection signatures. Antivirus will use the signatures, which snippets of known virus files or templates that represent their shapes in memory, to try to detect malware by checking files and processes against the virus signatures installed as a normal part of the antivirus program’s updates.
A heuristic analysis is also available in antivirus programs to protect against zero-day malware and malware with the same behavior that is known to antivirus detection database. Heuristic analysis is an attempt to detect malware that is not yet included in the virus signatures because it's new or a variant of previously known malware that is in the wild. Zero-day malware means many computer users are reporting the infection or there are people who are seeing the attack, but not all antivirus will detect it unless the heuristic detection of antivirus program is very effective.
Another detection method by antivirus program is by using cloud-based detection or scanning. The scanning is not done using the user’s machine but using a remote server, which means to be protected from new malware, the PC must be connected to the internet or online. The scanner will only use the cached definitions or its detection signatures if the end-user’s machine is not online.
An online virus scan is one popular type of virus scan that is offered by antivirus vendors themselves or by another company or group that collects the malware samples with a goal to distribute the collected samples to several antivirus vendors. Online virus scan is not part of installed antivirus program.
Note: It is not recommended to run two antivirus programs for it will conflict or interfere with one another. Not to mention the performance issue on a computer when more than one antivirus program is installed. Understanding what your personal antivirus program can do is important before installing another protection tool that could be redundant. Adding extra layers of protection is a must, but make sure that it is not incompatible or interfering to the protection offered by on-access protection of antivirus program.
In the next article, the second part of “Understanding Antivirus Programs," we will discuss how antivirus programs work.