Software for protecting against, detecting, and removing viruses, malware, and other potential threats to a computer system.
Anti-virus software can be used on a live, running system, or used to scan an infected hard disk from another computer system. The general purpose of all anti-virus software is to remove malware (shortform for malicious software). Most modern anti-virus software is capable of dealing with (but not limited to) viruses, worms, trojan horses, and spyware/adware.
There are a variety of paid and free anti-virus software options for almost all modern operating systems, some of which are better then others. This is due to the differences in scanning techniques (which can also impact performance of the system) and available virus "definitions".
Anti-virus programs normally have several different detection methods:
- Signature scanner, which tries to match files against signatures. This is generally not very effective because a virus maker does not have to do much to change the unique signature of their virus. Some viruses can change their code every time they are run (polymorphic viruses), making them harder to detect.
- Heuristics scanner, which tries to match files against a heuristic (think of it like a fuzzy checksum). This is more effective because it can counteract the virus's attempts to disguise itself.
- Behavioral scanner, which tracks the behavior of processes and tries to look for suspicious activity (for example, trying to patch the kernel).
