How do antivirus programs detect viruses?

antivirus
ahmet picture ahmet · Sep 8, 2009 · Viewed 27.2k times · Source

How do anti-virus programs detect if something is a virus or trojan?

I'm from Turkey, please keep the English simple if possible, thanks.

Answer

jprete picture jprete · Sep 8, 2009

There are three basic ways to find viruses. You can scan files to see if they have virus code in them from known viruses. You can scan files to see if the code will do virus-like things. You can wait until a program does something it should not do, and flag the program as infected.

You would scan files when they are first created, and you would also do it on a schedule after that. You would have to install a kernel driver in order to watch what programs do and stop them from doing malicious things.

Many anti-spyware programs work exactly the same way. For example, Spybot S&D can watch for Registry changes that could be spyware installations.

Related questions

.NET virus scanning API

I'm building a web application in which I need to scan the user-uploaded files for viruses. Does anyone with experience in building something like this can provide information on how to get this up and running? I'm guessing antivirus software …

Read More
Detect Antivirus on Windows using C#

Is there a way to detect whether there is an antivirus software installed in a machine using C#? I know the Security Center detects antivirus software but how can you detect that in C#?

Read More
How do you virus scan a file being uploaded to your java webapp as it streams?

Basically, I want to virus scan files as they are uploaded (before writing them to disk) to a web app. In particular, I'd like to integrate with "McAfee VirusScan Enterprise" (latest version). From a design and maintenance perspective, would it …

Read More