Antivirus is a type of software used to secure, detect, and remove computer viruses from computer systems. Antivirus is also called virus protection software. This program can determine whether a computer system has been infected with a virus or not. Generally, this software runs in the background and scans all files that are accessed (opened, modified, or when stored).Latest antivirus now not only detects viruses. An antivirus program is now also equipped with the ability to detect surveillance devices, kits, roots, and other harmful devices. Not only that, the antivirus is now equipped with a firewall to protect the computer from hack and anti spam attacks to prevent entry of junk email and / or viruses into the user’s inbox.
In general, the way antivirus work is:
Detection by using virus signature database (virus signature database): How antivirus work is an approach widely used by traditional antivirus, which searches for signs of presence of viruses by using a small portion of the virus code that has been analyzed by antivirus vendors, and has been catalyzed according to its type, size, destructiveness and several other categories. This method is fast and reliable to detect viruses that have been analyzed by antivirus vendors, but can not detect new virus until new virus signature database is installed into the system. This signature virus database can be obtained from antivirus vendors and generally can be obtained for free via download or via subscription, and / or
Detection by looking at how the virus works: How antivirus works like this is a new approach borrowed from technology applied in Intrusion Detection System (IDS). This method is often referred to as Behavior-blocking detection. This method uses the policy (policy) that must be applied to detect the presence of a virus. If any software behavior is “unusual” according to the applied policy, as well as software that tries to access the address book to send emails en masse to the e-mail list located in the address book (this is often used by viruses to transmit the virus via email), then the antivirus will stop the process performed by the software. Antivirus can also isolate suspected virus codes until the administrator determines what to do next. The advantage of this way is the antivirus can detect the presence of new viruses that have not been recognized by the virus signature database. The downside, obviously because antiviruses monitor how the software works all over (instead of monitoring files), antivirus often makes false alarms (if the antivirus configuration is too “hard”), or even allows viruses to multiply in the system ( if the antivirus configuration is too “soft”), false positives occur. Some manufacturers refer to this technique as heuristic scanning. This heuristic scanning technology has grown so far today. Some antivirus checks a file with the usual definition. If it escapes regular detection, it runs in a virtual environment. All file changes are virus-like, so users will be warned.
Antivirus based on its users is divided into 2, ie home users and network users / corporate users.For home users, antivirus running as usual.For network version, antivirus can perform scanning on client computers and network drives In addition, the client computer update process in the network does not have to be directly from the Internet.Client computers can make updates directly from the network server.