In general, Antivirus is a computer program which is used to scan files to identify and remove any computer viruses and other malicious software (malware).
An antivirus software uses a variety of strategies to identify and eliminate virus, malware etc.., In this post we are going to learn about two famous strategies. They are Signature-based detection, Heuristic-based detection.
This is also called as "Dictionary Approach". In this type of detection when antivirus examines a file, It will refer to its dictionary which is provided by its author. The dictionary which it refers will have a sample malware codes called signatures, If the piece of code within the file matches with the one in it’s dictionary then it is flagged and taken proper action.
Even though this is a good way to catch virus, malware etc.., it has its minus points. As new virus and malware are created and released every day, this method cannot defend against new virus as they are not in their dictionary's. So it requires frequent updates to defend against new virus or malware.
This is totally different from Signature-based detection. In this type it flagges a file if it do any thing suspiciously which might indicate potential risk. This type of detection is used by some sophisticated antivirus softwares to identify new ones and variants of known ones.
File Emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.
Some of the leading antivirus softwares use these both type of detections to give their users more protection.
Even though An antivirus software can catch almost all virus threats, it is still not 100% fool proof because virus authors always try to be one step a head by writhing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.
Finally user education is more important as antivirus software to keep you computer safe so as your data.