How Does an Antivirus Program Detect a Virus?

Posted: February 8, 2014 in Articles
Tags: , , , , , ,

Virus DetectedA good antivirus program is an integral part of any computer user’s security strategy.

If you’ve ever wondered how these programs detect malware on your computer, you’re not alone. Let’s look at the various ways that antivirus software keeps your computer safe from viruses, worms, spyware and more.

Background Scanning

Most antivirus programs run in the background on your computer, performing what is known as “on-access scanning”. Behind the scenes, the software is checking every file you open before allowing you to run it. This scanning isn’t limited to executable files: Archive files are checked for compressed viruses, and documents are checked for macros that can cause harm to your computer.

The software uses files containing virus definitions to identify malware. These definition files contain signatures for known viruses and other forms of malware. If a file on your computer matches an entry in the definition file, the antivirus program will “quarantine” the file and prevent it from running. It’s important to choose software from a reputable antivirus company that releases frequent definition updates. Be sure to do your research and compare programs before making your purchase.

Full-System Scanning

As long as your antivirus program is doing on-access scanning, it’s not critical to perform full-system scans. However, there are times when a full-system scan can come in handy. If you’ve just installed an antivirus program, it’s wise to run a full scan to make sure no malware is lurking on your computer. Another good time to run a full-system scan is when you’re repairing your computer, especially if the computer is already infected with a virus.


In addition to checking your files against known virus definitions, antivirus programs also use heuristic detection to identify viruses. This method of detection takes a proactive approach, identifying potential threats based on patterns of behavior. A file that attempts to initiate a download of other files from the Internet, for example, will be flagged as malicious; a file that tries to run other .exe files on your computer will be treated with equal suspicion. Heuristics can allow antivirus programs to detect brand-new malware that doesn’t currently exist in virus definition files; however, the downside of this approach is that it generates a significant number of false positives.


Yet another method of virus detection is called the sandbox approach. This technique creates a virtual machine that emulates your operating system and runs the suspicious executable. After the potentially dangerous file finishes running, the sandbox is analyzed for telltale changes that would confirm the presence of a virus. While sandbox detection is effective, it’s also time-consuming and resource-intensive. Because of these issues, it’s not always the most practical method for identifying malware.

As you can see, antivirus programs are more complicated than they might appear. While you’re performing everyday tasks on your computer, a lot is going on behind the scenes to keep your system safe. Malware threats increase with each passing year; be sure to select a quality antivirus product to protect your computer and your data.

In the infographic below you can see Top 3 Best Antivirus Software 2014 according to the impartial website,

Top 3 Best Antivirus Software 2014

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s