The internet is a scary place. Even for someone who spends most of their time on Amazon.com and checking email, there are scams everywhere these days, websites designed to trick you into handing over credit card information, and dangerous malware that can infect your computer and steal your identity before you can even login to Netflix.
Fortunately, antivirus software offers some powerful security when you’re online and even when you’re not. The best products from companies like Norton and McAfee are designed for non-technical users and offer protection no matter what you do on a computer.
While you may already use antivirus protection software you might not have a full understanding of how these apps actually work, what they do behind the scenes, and how they offer multi-layered protection beyond simply scanning for a virus on your computer or phone. Here’s an overview of how the software actually works and what they do.
Basic protection from viral infections
At the most basic level, an antivirus program can scan your computer to find, quarantine, and eradicate a computer virus. The apps can also protect your computer from an infection in the first place, blocking attacks before they occur and keeping your data safe. Scanning can take place whether you are online or not. The best antivirus apps tend to offer plenty of powerful features beyond scanning, but at their heart, they are meant to stop and block attacks.
The best way to understand this protection is to think of your computer as an open endpoint on the internet - e.g., a live target for hackers. A virus is any piece of code that intends to cause harm - either in terms of making your computer inaccessible, slowing it down, disrupting services, or stealing your information. Like a real virus, this computer code is malicious and often meant to cause mayhem; you likely won’t even know if your computer is infected.
“At the core of an antivirus is the process of matching a pattern inside a malicious file against signatures which range from a simple file hash to more sophisticated types of signatures, which match not only file contents but also metadata or behavior,” says Oleg Stukalenko, a Product Manager at Moonlock / Macpaw, a cybersecurity firm.
In many cases, malicious hackers often have a financial incentive - they are trying to steal your data that can then be sold on the dark web to the highest bidder. A virus might cause mayhem and confusion, but for hackers it is often all about the financial rewards.
How the software actually works
Antivirus software runs in the background and, in most cases, will monitor your internet connection in real-time looking for harmful software. The AV software compares detected software against signature files that are constantly updated. Here’s an example of how that works.
Let’s say you are browsing the web and come across a new video game. You click an option to install the software on your computer. When you install the software, your AV program will scan the code to determine if there’s a virus about to infect your computer. The app does this by looking for a pattern in the code (stored in a database) that matches a known threat.
The good news is that the AV software can quarantine the file and protect your computer. That means, before an infection even occurs, the AV app has blocked the virus.
Apart from this real-time protection, the antivirus apps can also periodically scan your hard drive looking for malicious software, although it is becoming less and less common to install local apps and store data locally. That’s why the best antivirus software does both: the apps scan for threats in real-time and block them, but you can also scan for local infections and look for code that is acting like a virus, even if it is not in the database of signature files.
“Behavioral analysis is an even more advanced detection method,” says Stukalenko. “Some system calls, execution flow, memory access, and interactions with system components are more suspicious types of behavior that could indicate malware even if the exact sample isn't in the database. The behavioral analysis may incorporate machine learning and AI as well.”
Advanced antivirus protection
Of course, if that’s all the protection an AV program offered, we’d all be in trouble - it’s just not enough protection these days. While the two pillars of AV protection involve real-time scanning and local scanning, the apps do far more than those two main functions.
One of the key advanced features has to do with blocking websites. To do this, antivirus software also maintains a database of websites that are known to be harmful. When you attempt to visit a website that has been identified as a conduit for distributing harmful and malicious threats, you’ll see a warning that it’s not safe to proceed. This is valuable because the AV software is blocking the site to minimize and reduce the threat. The AV app won’t even have to scan for a viral threat, because you’re never even exposed to the virus.
Many AV apps also include a virtual private network or VPN. This is a critical function because a VPN secures your actual endpoint - you are no longer a “live target” as explained earlier, but instead can rely on an encrypted connection. Hackers don’t know your actual IP address to track your location and identity, and they can’t access sensitive information on your local computer because it’s not even available to them - it’s protected from prying eyes.
A VPN is like a secure tunnel. Your computer connects over the internet to a private server run by the VPN, and the server in turn becomes the live endpoint. You can even switch to the server you want to use, even if it is in another country. Hackers are not able to see which sites you are visiting and they are unable to capture real-time transmissions, since they are encrypted.
What AV software doesn’t do
Any discussion about what AV software does and how it works should include some mention about what AV can’t do for you. Yes, it offers advanced protection with real-time scanning, blocking software and harmful websites, and - in some cases - providing a VPN to encrypt and protect your connection. That‘s all well and good, but no AV program is perfect.
In terms of understanding how AV programs work, it’s important to note that a virus could still slip through the cracks in rare cases. If you recall, these apps are constantly monitoring your connection and scanning for malicious code, comparing the viruses against a database of known threats. The issue is that the database of known compromises is not perfect. Hackers are industrious and attempt to stay one step ahead of AV software - sometimes, they succeed in spreading a virus before the AV firms can react and update their database.
AI is helping stem the tide. While hackers keep inventing new ways to compromise your information, advanced machine learning intends to keep pace. That means, as the threats become more advanced, AI will help us stay at least one step ahead.
More from Tom's Guide
- Malicious ads impersonating Google Chrome spreading dangerous malware
- These are the best Mac antivirus software solutions for your Apple computer
- Over 1 million Android devices infected with password-stealing, pre-installed botnet malware
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
