How Antivirus Software is Able to Detect Viruses

Eric C.
BY: Eric C.
Posted: September 13, 2018

Do you actually know how your antivirus program works? You click scan, it investigates your files, and you get a detailed report. And while that’s good, it’s important to understand how the process works.

Let’s look at one user’s case.

Robert* (*names have been changed) purchased a computer one week ago. He downloaded all his favorite programs from the web, his cloud storage, and even a few torrent websites. When running his antivirus software, however, Robert discovered a Trojan. He quickly ran a scan using Windows Defender and found more infected files. At the end of the scan, Bob quarantined and cleaned all of the infected files.

This is usually how a typical antivirus scan goes for most people. But how does it work?

What is Antivirus Software?

Antivirus software, at its most basic, helps you detect and manage infected files on your computer. More advanced versions of antivirus will help you uncover infections before they occur, from email scanning to scanning online files and more.

A few common types of infections that a file can have are:

Antivirus software helps you “quarantine” infected files, which means they are sent to a dedicated place on your computer. There, these files can be cleaned and then placed back in their original locations or deleted.

Don’t worry if you have an infection. The more digitally connected we are, the more vulnerable we are. Infected files can usually be cleaned, and you can continue your business online and offline like nothing ever happened…if you’ve installed an antivirus program.

What is a Virus?

A computer virus is a type of software that replicates itself. To remove a computer virus, run a scan through your antivirus software. Once the scan is done, any infected files can be cleaned and removed. In the worst case scenario, you will need to back-up your data and perform a factory (hard) reset on your system.

Common Symptoms of an Infected Computer

If you really want to understand computer viruses, it helps to know what to look for. Here are a few common symptoms related to viruses:

  • Slower speeds on your computer
  • Random error codes popping up
  • Popups ads, warnings, and other unwanted material
  • Browser pages redirecting to a website you’ve never interacted with
  • Password locked out of important files or the system itself
  • Delayed network speeds

The Basics of Your Antivirus

Antivirus programs aren’t perfect. With viruses constantly evolving, development teams have to always be ready to solve the next virus.

When your antivirus program scans your files, it compares them to known viruses or malware. There are three types of detection that are used:

  • Specific Detection – looking for known viruses using a set of characteristics that are specific to a type of virus.
  • Generic Detection – looking for viruses based on variants assigned to a typical virus family.
  • Heuristic Detection – searching for odd file structures and behaviors. These types of viruses are usually unknown and identified by the strange behavior they showcase.

Most antivirus programs come with several scanning options. A full-system scan will take the longest to complete, but it will scan every single file on your computer. This scan is best completed when you don’t need your computer as it will require extensive system resources.

In contrast, partial system scans are great if you want to scan a specific section of your computer, but they are less thorough.

False Positives

Any antivirus software title is bound to make a few mistakes. Usually, these false positives are nothing more than an annoyance, but in rare cases, they can actually damage system files. For example, AVG once damaged vital system files in 64-bit Windows 7 and Microsoft Security Essentials by classifying Google Chrome as a virus.

The heuristic detection method tends to cause the most false positives because it is a pro-active scanning method. It compares the characteristics of malicious programs to existing programs on your computer to look for a match.

If the results of a virus scan report are confusing, check online to see if other users have had the same problem.

How Updates Work for Antivirus Programs

Antivirus programs rely on updates about the latest threats. Just like any software, your antivirus program needs to be updated regularly.

Updates for antivirus programs are typically called “definitions.” These definitions include new information discovered by an antivirus. Once the information is verified for accuracy, these definitions are downloadable across the platform.

The definition system lets antiviruses detect new viruses with reliable accuracy. Antivirus programs are “trained” by the millions of computers that run the software, allowing it to collect new information, improve its efficiency against known viruses, and more.

Do All Antiviruses Software Detect All Viruses?

There are many different types of antivirus software, just like there are many different types of computer viruses. Both are improving every day. Depending on your antivirus software and the scans, you may find different infected files on your system than another computer.

Computer viruses are often tailored to their victims. Hackers might target Windows over Mac, or Mac over Linux, or online users over offline users. You cannot predict when or where you will get a virus. The best solution is to have an updated antivirus active on your computer.

Some software will only scan files on your computer, while other options will scan the cloud. Your AV software might exist in the cloud; this may not be ideal if you are a majority-offline user, while cloud-based antivirus is perfect for a Chromebook user. Some AV software work both ways: it’s installed, but receives regular updates from an online company server, which routinely improves the virus definitions that it looks for.

What is the Simplest Way to Protect My Computer and My Data?

To protect your computer, never download files that you are unsure of. If you are downloading a file from the Internet or accessing a file from a flash drive, make sure that you scan the file before opening it and accessing its contents. A virus can be hiding in any type of file, from an .exe file, to a .docx file, to a .pdf file.

It’s always easier to stop a virus before it’s embedded in your system. A quick scan can detect the virus and snuff it out before it becomes a serious problem.

This doesn’t mean that you should avoid sharing and receiving information online or offline, just that you should understand the risks of doing so and make sure you have the right virus program in place.

And as an added security measure, you should always back up your data. Whether you use an external hard drive or the cloud, make sure you can access a copy of your data should a file become infected.

Also, do your research regarding antivirus software. Make a list of your priorities concerning your computer usage. Find an antivirus software that works for you and your goals. Some prefer additional premium features, while others love basic, straightforward titles.

I Have a Virus. Now What?

Don’t panic. If your antivirus software reported the issue to you, it has most likely quarantined the file. Quarantined files cannot harm your data or your system.

Simply access the quarantine location where your file is located, clean the file, and purge the infection. Your file should be good to use again.

Here’s my take on it.

I’ve been using computers for decades. In that time, the only malware that wouldn’t leave my computer was a browser cookie that was, for some reason, classified as malware. I had accessed a reputable news website that installed this browser cookie to use my computer resources (i.e. CPU) to mine for Bitcoin while I was accessing the site. After running a few antivirus scans and tracing the location of this “malware,” I simply deleted my cookies and never accessed the site again. Problem solved.

What did I learn from this?

Even the most innocent websites can be threats. In this case, a reputable news site was the target. That experience taught me to never take anything for granted. Hackers have their own motives and they will accomplish them however they see fit.

Should I Have Multiple Antivirus Programs on My Computer?

There is no limit to the amount of antivirus software programs that you can have on your computer. However, for the sake of hard drive space and sanity, you should limit the number of antivirus software you use to no more than two. Typically, this means running Windows Defender with at least one other program. Running scans once per week is more than enough for most people.

When running multiple antivirus programs, you may have conflicting scans and certain programs can hog vital system resources.

Will My Antivirus Work Forever?

Whether your antivirus will work forever is a whole different matter. Free antivirus may not expire, but you will need a regular Internet connection to install patches and updates. The same applies to cloud software. Like any virus (real or digital), computer viruses evolve over time and you’ll need an updated antivirus.

If you pay for your antivirus, you may be able to install a complete program, either for a restricted amount of time (like a one-year subscription) or for life. Keep in mind, you will need to keep the program updated.

Malware, Antivirus, and the Cloud

Antivirus now exists in the cloud in order to combat malware it finds there. Like most computing networks, the cloud was built with a focus on access, not security. As such, while the cloud is incredibly freeing in terms of what we can do from anywhere, a virus could appear on our computers. You don’t have to panic if you keep your antivirus up to date.

Updates will provide your antivirus software with the tools it needs to discover infected files and clean them properly.

Being Prepared Is Half the Battle

The key to dealing with an infected file is having reliable antivirus software and understanding how it works. Scan your system regularly and practice good end-user security measures. Antivirus is simple to use, and thanks to the many options and configurations available, protecting your data has never been easier.

About the Author

Eric C.
Eric C.

Eric is a professional copywriter with over 7 years of experience writing on marketing and tech topics. In recent years, he has focused heavily on the rapidly developing security, fintech, and cryptocurrency industries.