most antiviruses work by tracking the systems calls made to the operating system from applications. these AV programs know which applications are allowed what privileges they have been assigned. so when an application which does not have sufficient rights to call a system function, does call a system function, the AV program stops the call and asks the user if this is a legal operation. it also checks the caller with the virus definitions it has.
this is just a layman explanation of the entire process. AV is a very very very complex piece of code.
How does antivirus software work ?anti virus scan
(m)
An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware).
Anti-virus software typically uses two different techniques to accomplish this:
Examining files to look for known viruses by means of a virus dictionary
Identifying suspicious behavior from any computer program which might indicate infection
Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Virus dictionary approach
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.
No comments:
Post a Comment