How Antivirus works
An antivirus is a software that prevents, detects and removes malicious software programs like computer virus, worms, Trojan horses, spywares, etc. that are harmful for the computer systems. Plenty of antiviruses are available in the market which uses different approaches to detect and remove viruses. Broadly these approaches can be distinguished into these two categories – 1) Signature based detection, 2) Suspicious behavior based detection.
In the first approach an antivirus has a library of signatures of all popular viruses. During the scanning process, it compares content of all computer programs with the library of viruses. If there is such a program found that matches with a signature that is defined as virus, an alert is made to the user about this program and further actions are taken as per the user’s choice. For example a program 10235 is considered as virus and stored in the library of antivirus as a virus signature then if the computer finds a program 10235 in the computer while scanning then it considers it as a virus and alerts the user to choose the required action on the virus (like remove, repair or no action). This is a very effective approach as it prevents from all existing viruses but as it works only on the stored definitions of viruses, it is not effective for new virus (or that are not stored in the library) so a regular updation is required for such antiviruses.
The other type of antivirus identifies suspicious behavior of programs (like modification of critical files/programs) and alerts the user about the suspicious program or stop the program from running. These types of antivirus software may be effective for the new viruses but the accuracy or these softwares are less as they may identify legitimate files as virus.