A CDE Definition
See antivirus program.
Software that searches for viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns and behaviors are added to a database that is downloaded periodically to the user's antivirus program via the Web. Popular antivirus programs are Norton, McAfee, Sophos, Bitdefender, AVG and Kaspersky. Windows Defender is Microsoft's own antivirus software that comes with Windows, starting with Windows 8.
Antivirus programs are used on all Windows machines, but most Mac users do not install them. However, as more Macs are acquired, the Mac has slowly but surely become a target of attacks, and Mac antivirus programs are being installed at a more rapid rate than in the past. See virus, quarantine, disinfect and scareware.
Multiple Detection Approaches
Early antivirus scanning matched the binary signature (pattern) of executable files against a database of known malware signatures before they were allowed to run. This "scanning" process was vastly speeded up by doing a one-time scan of all the executables in the computer and also when a new one is installed. If the executable is virus free, a checksum (hash) of its binary pattern is computed and stored in a checksum database. The next time the executable is launched by the user, its checksum is recomputed and compared with the virus-free checksum. If they match, the file was not adulterated.
Because malware may generate a unique signature each time it is downloaded to an unsuspecting user, antivirus programs also use behavior detection, which looks for suspicious activities such as copying and deleting files when launched (see behavior detection). See Symantec, McAfee, Sophos, Bitdefender, AVG, checksum, virus, polymorphic virus and Reputation-based Security.
Scan and Create a Checksum (Hash)
Before/After Your Search Term
Terms By Topic
Click any of the following categories for a list of fundamental terms.