Most people know that you need some kind of antivirus software to protect from computer viruses. There are millions of computer viruses in the wild, and antivirus software intercepts and protects your computer from infection. You know antivirus software runs in the background, but how does it work?
Computer Viruses and Footprints
Anyone who can program computer software can create a virus. Viruses are just compiled applications that run on your computer. The only difference between regular software and a virus is that a virus is meant to harm you by crashing your computer, deleting data or even stealing your information.
As with any program, a compiled application is made up of bits. As long as the code doesn’t change, the application compiles into the same sequence of bits each time. This sequence of bits is referred to as a “signature” in the virus world. Viruses create a footprint by keeping the same signature as it passes from computer to computer. Because the virus has the same sequence of bits, antivirus vendors can store the sequence to recognize the virus when it’s stored on your computer.
What make viruses hard to track are the variants that other people create to add on to existing virus signatures. If you read about the different viruses in the wild, you’ll notice that one virus might have several different names. It’s because people take existing virus code, alter it to their own specifications, compile and distribute it. Because most of the code is similar to the original virus, the new variant has a similar but slightly altered signature.
Antivirus Definitions and Virus Signatures
The virus signature is how an antivirus program can work to defend your computer from malware. Antivirus software uses a database of virus signatures and checks executable files for these signatures. For instance, if you double-click “myprogram.exe” and it’s a virus disguised as a harmless program, the antivirus checks the executable file against its database of signatures and blocks the program if it comes up with a match.
Because new viruses pop up every day, antivirus vendors produce definition files you add to your existing antivirus software. When you hear IT people tell you to update the definition files, it’s because you need to add to your antivirus software’s database of virus signatures. Without updated definition files, your antivirus software is unable to recognize new virus signatures and you risk installing malware on your computer.
The disadvantage of having antivirus software run in the background is that it does slow down your computer. If you’ve ever wondered why your computer is slower with antivirus software running, it’s because the software must check executable files against a large number of virus signatures in its database. If you need to run software quickly, it’s best to disable the antivirus software temporarily. For instance, antivirus software can interfere with gaming, so gamers often turn off antivirus software during play time.
If you don’t install executables often, you can turn off background checks and schedule your antivirus software to run at night when you are away from the computer. However, it’s important that you keep some kind of protection on your computer and manually run a scan each week to check for malware.