Antivirus Software

Owned by Former user (Deleted)
Last updated: Feb 16, 2022 by Sarah Nguyen (Deactivated)
4 min read

This article is for students, faculty, and staff who would like to learn about various antivirus software types, their importance, and their benefits.

This article will focus mainly on antivirus programs as they apply to desktop devices. For more information specifically about threat prevention on mobile devices, see Security and Threat Prevention.

Overview

Antivirus software is a type of program that is meant to prevent malware infections, detect existing threats or attacks, and eradicate them from singular computing devices, networks, and entire IT systems. Antivirus programs work by analyzing websites, files, installed software or applications, and other user data to parse for known threats. They automatically monitor day-to-day program behavior, which enables the software to flag anything that is out of the ordinary and alert the user; they confirm the status of the device in question, and users can typically use the program to scan a single file or their entire device on demand.

Antivirus Software Types

There are multiple types of antivirus software products available to users, based on their security needs. The most common types of antivirus software are malware signature, standalone, system monitoring, security software suite, machine learning, and cloud-based. 

Malware Signature

A malware signature (also known as a virus signature) is a continuous sequence of code that is typical for and peculiar to a specific piece of malicious software; it basically serves as a digital fingerprint of a viral threat. Malware signature antivirus software works by scanning for malicious codes, identifying the virus at hand, and disabling it to prevent it from further impacting the device, network, or system.

While these functions are essential for bolstering against threats, malware signature antivirus programs only provide users with the most basic form of threat protection. This form of antivirus does not monitor user data in real time or address new viruses; it can only protect against known threats.

Standalone

Standalone antivirus programs, like malware signature programs, are used to target and eliminate specific, known threats. However, standalone software is designed to be installed on a portable device, like a USB drive, and is commonly used by administrators to scan a compromised system in an emergency. Standalone antivirus software is similar to malware signature antivirus programs in that it is not meant to provide around-the-clock, real-time protection or download new viral signatures every day.

System Monitoring

As the name would suggest, system monitoring software is meant to continuously monitor software and computer systems to gain an understanding of how the device or system is commonly used. This design enables the software to then flag behavior that appears to be suspicious or atypical of the user. Some examples of atypical behavior that may be flagged by system monitoring include:

  • Attempts to connect to an unfamiliar or suspicious website.

  • Attempts to gain access to a large number of files.

  • An unusually large increase in data usage.

When these or other similar behaviors arise, the program will generate an alert. System monitoring can provide real-time protection to users.

Security Software Suites

A security software suite is a set of software tools managed by a central control panel that is designed to prevent devices, networks, and systems from malware infection. From this control panel, the user can access not only the antivirus software but also other additional features in the suite. Suites often offer extra functionalities like anti-spam software, password storage, identity theft protection, and VPNs, among multiple others. 

Security software suites provide more thorough protection against threats than malware signature, standalone, and system monitoring, in that they are designed to combat viruses, along with all other types of malware; they actively monitor for new threats in real time, and the additional features further enhance the protection provided. Common security software suite providers include:

  • Bitdefender

  • Kaspersky

  • Norton

  • Avast

  • Webroot

  • McAfee

Machine Learning 

Machine learning antivirus software uses, as the name would suggest, machine learning techniques to determine what constitutes normal behavior for a given device, network, or system. The software monitors user activity, and using the data it gathers, limits or disables tasks if they are deemed to be suspicious.

The algorithms that power machine learning antivirus software serve to broaden its scope of malware detection; in many cases, such software can monitor millions of other devices and aggregate the data, which facilitates the discovery and development of new malware signatures. These capabilities provide multiple layers of continuous, real-time protection. Machine learning software is ideal for working in tandem with other antivirus programs to further protect devices, networks, and systems from threats.

Cloud-Based

A cloud is a collection of servers that are operated and accessed remotely over the Internet instead of locally via computer and includes any of the software and databases that are run on those servers. Cloud-based antivirus software works in a similar manner; instead of operating locally on a device (which takes up a great deal of storage space and slows down tasks), this form of antivirus protection analyzes files remotely in the cloud.

These programs usually have two components – a desktop client that operates locally on your computer and a web service. The desktop client acts as a light version of a system monitoring program: periodically gathering data, and scanning the device for viruses and other malware without excessively taking up memory. The web service then processes this information in the cloud, comparing it to its virus and malware database to identify matches.

Related Articles