Article Surfing Archive

Computer viruses are programs authored by people wishing to inflict damage to a computer system. Common viruses tend to slow down the operation of a computer by running a process in the operating system that consumes a high amount of memory, while it spreads itself throughout the system.

The high consumption of memory by viral processes can cause system crashes. This is because operating systems are programmed to dump memory and restart the computer when programs start sending out error messages that they are unable to run properly due to inaccessible memory.

Viruses are sometimes used interchangeably with other terms describing malicious software * shortened to malware * although viruses are designed to function differently from other types of malware. Trojans, for example, are designed to embed itself on the operating system and open a backdoor through which remote access to the infected computer is facilitated.

Because of their damaging effects to computers, several companies have produced antivirus software. Antivirus software is designed to detect the presence of viruses within your system, as well as from outside. But how exactly do these software find and locate viruses lurking within your computer?

The Different Approaches Used by Antivirus Software

Antivirus software utilize different approaches to detect viruses while scouring among your computer files. These approaches include the dictionary, suspicious behavior and sandbox techniques.

The Dictionary Approach

Under the dictionary approach, the software scans the source code for each file and compares it to a dictionary containing pieces of code associated with computer viruses. When a file*s code contains any code snippets within the dictionary, the software then tags the file as infected. Depending on what the user has set, the computer can either attempt to make repairs by removing the code, quarantine it or delete the file itself.

Because this approach makes use of a dictionary, there is a need to continually update the dictionary in order to include new virus definitions. This is to ensure that the user is continually protected against any new viruses that are released into the wild especially in the Internet.

The dictionary approach is the most common technique in detecting potential threats, and is utilized by most commercial antivirus programs in the market.

Suspicious Behavior

On the other hand, the suspicious behavior approach does not make use of any dictionary to find viruses. Instead it watches how programs within the system are behaving. Some viruses are known to replicate themselves by inserting their code into other executable files that it can find among the computer*s files. If the antivirus program detects this, under the suspicious behavior approach the code-modifying file is then tagged as suspicious and is flagged. The user is then alerted to the presence of this file.

Sandboxing

The sandbox approach involves a simulation by the antivirus software of the operating system in order for it to access every executable file and run it. The sandbox protects the actual system while the scanning takes place, and acts as a buffer which the antivirus software can analyze for indications of the presence of a virus.