Antivirus software is used to search and destroy computer viruses, detect malicious and potentially dangerous software and security risk prevention in IT systems. The ways of searching, detecting and eliminating viruses can be different and directly depend on the functionality of particular antivirus software.
Main types of antivirus software
- Scanners: search and destroy viruses by scanning the system and RAM. Scanners can find and remove only those viruses, information about which contains in the database of the antivirus program itself.
- Monitors: monitor system processes and running applications in real time. They are good at finding viruses at an early stage of infection, but cannot “cure” a file. Additionally, monitors often conflict with other software.
- Polyphages: scan executable files and boot sectors of hard drives for new viruses. Polyphages are capable of working with large-scale infections, when a virus has captured a large space, but they work slowly and take up a lot of space on the hard drive.
- Auditors: programs that remember the initial state of files and applications and then monitor changes in them. The main disadvantage of this type of software is that an infected file is detected only after the operating system is restarted, i.e. an auditor cannot detect infection in new files and applications.
- Blockers: programs that can stop the infection process in its early stages, preventing viruses from multiplying when they are written to the boot sector of the hard disk. The main disadvantage of this type of antivirus is the high number of false positives.
In addition, all antivirus programs can be divided into two types depending on whether they are able to fight unknown viruses.
- Signature: they use so-called reactive protection, i.e. they search for viruses based on their own database. In order for an antivirus to remain effective, its database must be constantly updated. The main disadvantage of such software is that it cannot detect new viruses that are not yet in their database.
- Non-signature: antiviruses which use so-called proactive protection, i.e. they analyze files and the work of applications based on information about already existing viruses. Such antiviruses are able to detect new viruses, but they sometimes work falsely and may block uninfected applications.
Signature and non-signature antivirus software may well work simultaneously, if necessary.