Virus Scan: How it Works

Virus Scan: How it Works

Virus Scan: How it Works

What is a Computer Virus?

A computer virus is a disruptive computer program that infects a computer or operating system from performing its basic functions. Dissimilar to the generic forms of malicious software, a computer virus reproduces and replicates. 

This characteristic enables the virus to transfer from one platform to another. As a result of this function, a computer virus is held separately from generic computer problems, such as adware and spyware programs.

The presence of a computer virus can be damaging, not just to the tangible computer or network, but to the safety of personal and critical information that is typically stored on an operating system. 

What is a Virus Scan?

To disinfect a computer, an individual must download or purchase a virus scan program or various forms of antivirus software. A virus scan is a computer program that, when installed, will sweep the computer’s files and network to reveal any malicious software or coding abnormalities. The typical virus scan will implement a number of identification methods to pinpoint which files are infected. After identifying the damaged files, a virus scan program will disinfect the computer.  

How does a Virus Scan Identify the Problem? 

A virus scan will utilize several identification methods to detect computer viruses or malicious software. The most common identification method, known as a signature-based detection, will identify viruses and other malware by comparing the signatures of such software with the contents of a dictionary that stores virus signatures. 

In essence, if the signatures detected match those in the dictionary, the virus scan will reveal and subsequently disinfect the problems. Although this identification method is effective, it is susceptible to the formation of new viruses where the attached code is not present in the virus scan’s dictionary. To counter this problem, the majority of virus scan software will implement updates to account for the new virus signatures.  

Other methods employed by a virus scan will include more sophisticated approaches, such as a heuristics analysis. Heuristics analysis identifies new malware or variants of known malware through the use of a single virus definition. 

This type of virus scan will not use a dictionary to match exact matches, but will incorporate various complex signatures to terminate families of viruses. Although it is particularly advantageous to identify a specific virus, it can be easier to detect a virus family through a generic signature or through an inexact match to an existing signature. 

This form of virus scan is successful because virus researchers and programmers find common areas that all viruses in a family share uniquely. Through this presence the software can create a generic single signature. These signatures will contain non-contiguous code attached with wildcard characters. These characters will allow the virus scan to detect malware or viruses even if they are padded in meaningless layers of code.  

A virus scan can also search for rootkits, which is a type of malware designed to gain administrative control over a computer system without being detected. Rootkits ultimately change how an operating system functions and can tamper with an anti-virus program to render it ineffective. 




Related Articles

Read previous post:
Malware At A Glance