Antivirus Software

Antivirus software (anti-virus) is computer software used to identify and remove computer viruses, as well as many other types of harmful computer software, collectively referred to as malware. While the first antivirus software was designed exclusively to combat viruses, most modern antivirus software can protect against a wide range of malware, including worms, rootkits, and trojan horses.

Modern antivirus software typically employ a variety of ways to identify a virus. Most antivirus software use signatures, identifying pieces of code found in a virus. Wild cards may be present in a signatures to account for mutations; modifications made to evade detection. Heuristics may supplement signatures. Instead of attempting to relate a virus with a signature, heuristic technology may look at a program's code or actions for potentially damaging code or actions. heuristic technology may emulate a program in a sandbox, classifying actions as malicious or not. While heuristics may increase the sucessful detection of malware. However, a downside is the increased risk of a false positive; when the antivirus software incorrectly identifies a file as malicious. Programmers who write antivirus software could classify every file as malicious and boast 100 percent detection. However, the program would obviously produce numerous false positives. Instead, programmers must improve heuristic detection methods and signature detection methods, and attempt to find a balance. False positives can render programs corrupted, and possibly the operating system corrupted. In an recent incident, a faulty update issued to Symantec's Norton-branded security software in China removed essential files needed by the OS, on the grounds the files matched a signature. The incident left thousands of computers in China unable to boot.

Antivirus software may cause issues. Often times, antivirus software may have a significant performance impact. Antivirus software may present users with a decision concerning a malicious file, and the user may not understand the implications of their choice completely. Antiviruses may pose a risk to themselves, as they generally work at the kernel level of the operating system. An exploit of Norton-branded security software could let an attacker install malicious software undetected. The effectiveness of antiviruses is also questioned, a study found the detection of major antivirus software dropped in a one-year period.