Skip to main content
  1. Home
  2. Computing
  3. Guides

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

What is antivirus software, and how does it work?

Jon Martindale
By

You’ve probably been hearing about antivirus software as long as you’ve had a computer. It’s been a staple of almost every PC since the early 90s. Ask any trusted IT worker about how to protect your system against hackers and threats, and they’ll give you the same answer: Install an antivirus solution.

Recommended Videos

If you use best practices for staying safe online — like ignoring links and attachments in untrustworthy emails, avoiding dodgy websites, and sticking to curated app stores — your antivirus may simply operate in the background, seemingly not doing much at all (even though it does).

Related

But what is antivirus software, and how does it work? There are a number of definitions, and, depending on which company’s product you use, their tactics for targeting malicious applications like viruses and ransomware can be quite different. Being well-versed in what these sorts of tools can do is the best way to make an informed choice about the best antivirus software for you or your small business.

What is antivirus software?

Yui Mok - PA Images/GettyImages

Antivirus software (or anti-malware software) is a tool that looks for sneaky applications that don’t belong on your PC (or smartphone). It uses a number of methods to differentiate between that Word document you’re editing and a nasty piece of software intent on stealing your bank details. It can even spot when otherwise legitimate applications have been hijacked by a virus.

Some antivirus software uses live protection to automatically block such viruses and malware from running at all. They even stop you from visiting malicious websites or opening infected emails. Others, known as remediation tools, offer scanning functionality only and must be run in order to clean up a malware infection after it has taken hold.

When antivirus software finds a malicious program on your system, it will typically offer two options: Quarantine it so it’s unable to operate as intended, or delete it entirely. While deleting a threat cleans your system of the infection, quarantining makes analyzing it easier for antivirus software companies. This allows them to potentially alter their antivirus solution to be more capable of defending against it in the future.

Do you need antivirus software?

Modern operating systems come with a number of built-in protections like firewalls or Windows Security to help prevent viruses from seizing your system. If you’re careful with how you use your devices and steer clear of links, attachments, and dodgy websites, or even operate on a virtual machine, then you may well be safe from most virus threats.

However, there are threats that even the most well-prepared PC or mobile user can’t avoid. For instance, sometimes legitimate download servers are hijacked, and flaws in the Wi-Fi network you connect to could leave you vulnerable in other ways.

Having a robust antivirus solution that runs alongside all of the modern OS and browser protections is a great first step in protecting yourself and your system. At worst, it provides peace of mind that you should be protected against nasty threats like ransomware. At best, it halts those threats in their tracks should you stumble across them as you venture forth online.

You don’t always have to pay for it, as there are great free antivirus applications out there. However, we’d recommend you have at least one of them running on all your devices, just to make sure you at least have the basic protections in place.

How does antivirus work?

Antivirus software has changed a lot over the years. While the earliest iterations were bespoke programs designed to specifically target individual viruses, today, there are millions upon millions of different pieces of malicious software creeping across the internet.

To combat that ever-evolving threat, antivirus software has changed and expanded in scope. The best anti-malware solutions today use a combination of different tactics to help protect your PC and MacOS desktops, as well as your smart devices and networks.

Here are three methods that antivirus software most commonly use.

Signatures

Signature-based detection is the most tried, tested, and reactionary method of the three. It looks for the specific digital code of a virus — its “fingerprint” — and will either quarantine it or delete it upon detection.

The upside to this method is that an identified virus can be added to a signature database stored locally on the device or in the cloud and then accessed when scanning a system for threats. The downside is that it’s not very useful for new threats. It requires at least one person or system to be attacked by the malicious software and identify it before everyone else can be protected.

With hundreds of thousands of new viruses appearing every day, more is needed to keep modern systems safe. That’s why do much more than its free tool providing mere signature scanning.

Behavioral detection

This is a more modern technique for tracking known and unknown viruses and malware. Instead of looking at what a piece of software is, behavior monitoring looks at what software does.

For example, the way humans and operating systems like Windows or MacOS perform certain functions is quantifiable and relatively well-defined. Viruses and other malicious programs, however, tend to perform certain functions that aren’t typical of a user.

Malware typically attempts to shut down or bypass installed antivirus solutions. Without asking, it may place itself in the boot process so it automatically loads when your device starts. It may even contact an external server to download other malicious software to your device.

Behavioral analysis looks for software attempting to perform these functions — and even at the potential for applications to perform them. Malicious software is quarantined or deleted as they are detected.

Although there is greater potential for false positives with behavioral detection than using signatures, it’s a crucial component of the antivirus puzzle.

For instance, ransomware attacks encrypt files and demand payment to unlock them. These attacks require a fast response and can’t be stopped by signatures alone. Behavioral detection like Bitdefender’s solution, however, can spot encryption and halt it in its tracks, even rolling back any encrypting it has done in some cases.

Machine learning

Teaching computers how to do something has always been difficult and time-consuming, but machine learning allows computers to teach themselves in a much more efficient manner. That’s exactly what machine learning in antivirus leverages in order to provide another important layer in modern anti-malware protections.

Machine learning in antivirus software uses its understanding of malicious and benign programs to analyze application code and decide if it’s dangerous or not. It’s effectively an artificial intelligence solution and, when used in conjunction with other security protocols, has proved extremely effective at combating threats new and old. In some cases, companies like Cylance are using it as their only antivirus solution, though most offer a more rounded toolset.

Machine learning does require internet connectivity to leverage and draw from the power of cloud-connected information databases to detect malicious software. However, it can evolve and adjust far quicker than the more human-curated methods of antivirus protection, and that helps keep the most modern solutions up to date with the ever-evolving threat landscape.

Which antivirus should you choose?

Image used with permission by copyright holder

Choosing the right antivirus is much like any other technological decision — it very much depends on you. There are tools that are great remediation scanners, others with plenty of preemptive protective measures, and some that do more than just block malware attacks.

But there are some that are worth recommending over others to help you get started. After all, downloading just any old security software can sometimes put you at even greater risk.

Some of our favorite antivirus programs include BitDefender’s Antivirus Free Edition and Avast Free Antivirus. Out of the premium solutions, Malwarebytes is one of the best, offering protection against all sorts of threats, as well as active web protection to help you avoid dodgy websites entirely.

If you’re looking for the best Mac Antivirus, here are some of our favorites.

Editors' Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
Common macOS Sonoma problems and how to fix them
Apple's Craig Federighi presents new features in macOS Sonoma at the company's Worldwide Developers Conference (WWDC) in June 2023.

Apple’s latest operating system, macOS Sonoma, has launched, and it brings with it a bunch of great new features for your Mac. But upgrading your Apple computer could lead to problems, and while this won’t happen to everyone, it can be frustrating when issues arise.

Fortunately, there’s help at hand. We’ve put together a list of the most common macOS Sonoma problems and how to fix them. Just follow these tips and they could help you out of a tricky spot. We’ve added links to Apple’s official guidance throughout, so be sure to check them out for more assistance.
macOS Sonoma won’t download

Read more
This dangerous new Mac malware steals your credit card info
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more