How Virus Scanners Work
- Anti-virus software programs are any software programs that can be used to scan files to identify and destroy computer viruses and other malware (malicious software). More correctly, malware is the general term used by computer professionals to indicate a variety of aggressive, detrimental, intrusive, or otherwise unwanted program, software, or code. In this way, the term malware is the correct term to the commonly used colloquialism, "computer virus." Malware types include viruses, worms, trojan horses, rookits, spyware, sneaky adware, crimeware, and other unwanted/hostile software. These variety of computer threats can seriously harm your computer - while virus scanners attempt to identify these threats and neutralize them.
- Anti-virus softwares use two general techniques to accomplish their task of locating and removing malware. First, anti-virus software examines files to look for known viruses, checking code against a virus dictionary for matches (and/or close mutations). When code matches the file, the virus scanner attempts to identify the malicious software and either delete it or quarantine it, and/or try to repair the file by removing the virus directly from the file. In addition, good software also attempts to identify suspicious behavior from any computer program or process which might indicate infection, sometimes by running the program in a "sandbox" to test its effects.
- One main problem is that many types of spreading malware mutate according to certain algorithms put in place by the program's creators, making dictionary attempts at virus recognition sometimes poor. Even when dictionary search is utilized before the program is opened (most virus scanners run when the OS creates, opens, and closes, and when files are emailed), if the dictionary is outdated malicious software can still penetrate and potentially harm the system. Further, inexperienced users might fail to select correctly when prompted by sandbox antivirus activities. Wrong selection can be deadly when done by the anti-virus as well - when Symantec mistakenly identified and removed essential operating system files in 2007, thousands of PCs couldn't boot in China. Further, anti-virus scanners run on the highly trusted kernel level of the operating system, creating a pathway of attack for more malware. More importantly, a study in 2007 suggested that virus scanner detection rates under experimentation decreased from 40-50% to 20-30% as compared to 2006. Malware is a financial game, not a prankster's game as it was once thought, and Goodin's evidence may indicate that things are getting worse, not better.
