Antivirus is a type of software used to detect and remove computer viruses from computer systems. Also called Virus Protection Software. This application can determine whether a computer system has been infected with a virus or not. Generally, this software runs in the background (background) and do a scan of all files that are accessed (opened, modified, or when saved).

Antivirus is based on types of users can be divided into two, namely for the Home User and Network (Corporate User). For home users, antivirus running as usual. For the network version, antivirus scans on a computer - the client computer and network drives. In addition, the update client computers in the network do not have to directly from the Internet. Client computer can do upate directly from a network server.

Most of the antivirus worked with some of the methods as below:

- The detection by using virus signature database (virus signature database): The workings of this antivirus is an approach that is widely used by traditional antivirus, seeking signs of the virus by using a fraction of the virus code that has been analyzed by antivirus vendors, and has dikatalogisasi according to the type, size, power and destruction of several other categories. This method is particularly fast and reliable way to detect viruses that have been analyzed by antivirus vendors, but can not detect new viruses until the virus signature database into the newly installed system. Virus signature database can be obtained from the antivirus vendor and can generally be obtained free of charge via download or by subscription (subscription).

- Detection by the way how the virus works: How it works like this antivirus is a new approach borrowed from the technology applied in the Intrusion Detection System (IDS). This method is often referred to as Behavior-blocking detection. This method uses policy (policies) that must be applied to detect the presence of a virus. If any software behavior that is "not fair" according to the policy being applied, as well as software that tries to access the address book to send out mass e-mails to e-mail list within the address book (this way is often used by virus to transmit the virus through e-mail), then the antivirus will stop the process performed by the software. Antivirus also can isolate the code that is suspected as a virus until the administrator determines what to do next. The advantage of this method is an antivirus can detect new viruses that have not been recognized by the virus signature database. The drawback, obviously because of the antivirus software to monitor the workings of a whole (rather than monitor the file), then the antivirus often create a false alarm or "False Alarm" (if the configuration of the antivirus too "hard"), or even allow the virus to multiply in the system (if antivirus configuration is too "soft"), false positives occur. Some manufacturers call this technique as a heuristic scanning. Heuristic Scanning technology has progressed so far that now. Some anti-virus check on a file with the usual definition. If the usual escape detection, then the file is run in a virtual environment. All changes made file is like a virus, then the user will be warned. Antivirus that uses behavior-blocking detection are still few in number, but in the foreseeable future, most likely all antivirus will use this way. Some antivirus also uses the above two methods simultaneously.

Do you like this article? Share It!