How Does Antivirus Software Work?
Antivirus software is a type of computer program designed to scan files and identify and get rid of malware (malicious software) and computer viruses. It works by looking at all files and identifying suspicious ones based on the software's virus dictionary or what the program considers suspicious behavior.
The Virus Dictionary
Every software program has a dictionary of known viruses which is updated several times daily. You can set your software to do this automatically every time you're online or you can do the update manually. Each virus has its own code and the software is designed to look for these types of codes. If it recognizes a code as a virus, the software will delete it or quarantine it so it can't spread. In some cases the program may try to remove the virus and repair the file. It's a good idea to set virus software to automatically examine your computer for malware and viruses on a regular basis.
Most antivirus software will monitor programs being run on your computer for anything that appears to be out of the ordinary. With behavior monitoring the software doesn't attempt to identify what's causing the suspicious activity, but it will let you know when something it considers suspicious is happening. An example of a suspicious activity is if one of program were to try to write data to an executable program.
The biggest benefit of behavior monitoring is that it provides some protection against new viruses that haven't been put in any virus dictionaries yet. There are literally thousands of new viruses being created daily and while software with behavior monitoring doesn't get rid of a virus, it can let you know if there might be a problem and suggest solutions. The downside is that there are often enough false positives to desensitize users to the warnings.
Full System Scanning
Most antivirus software offers the option of a full system scan. The software doesn't do this automatically because the scan can take hours to complete and typically the computer can't be used during this time. You as the user need to tell the program to complete an in depth scan of everything on your computer or only on select system files. A full system scanning works by checking all parts of every program and every file instead of just the parts known to cause problems. The program will quarantine potential problem files, fix the ones it can or tell you about files that may be infected and give you solution options.