Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

What is antivirus software, and how does it work?

You’ve probably been hearing about antivirus software as long as you’ve had a computer. It’s been a staple of almost every PC since the early 90s. Ask any trusted IT worker about how to protect your system against hackers and threats, and they’ll give you the same answer: Install an antivirus solution.

If you use best practices for staying safe online — like ignoring links and attachments in untrustworthy emails, avoiding dodgy websites, and sticking to curated app stores — your antivirus may simply operate in the background, seemingly not doing much at all (even though it does).

But what is antivirus software, and how does it work? There are a number of definitions, and, depending on which company’s product you use, their tactics for targeting malicious applications like viruses and ransomware can be quite different. Being well-versed in what these sorts of tools can do is the best way to make an informed choice about the best antivirus software for you or your small business.

What is antivirus software?

Yui Mok - PA Images/GettyImages

Antivirus software (or anti-malware software) is a tool that looks for sneaky applications that don’t belong on your PC (or smartphone). It uses a number of methods to differentiate between that Word document you’re editing and a nasty piece of software intent on stealing your bank details. It can even spot when otherwise legitimate applications have been hijacked by a virus.

Some antivirus software uses live protection to automatically block such viruses and malware from running at all. They even stop you from visiting malicious websites or opening infected emails. Others, known as remediation tools, offer scanning functionality only and must be run in order to clean up a malware infection after it has taken hold.

When antivirus software finds a malicious program on your system, it will typically offer two options: Quarantine it so it’s unable to operate as intended, or delete it entirely. While deleting a threat cleans your system of the infection, quarantining makes analyzing it easier for antivirus software companies. This allows them to potentially alter their antivirus solution to be more capable of defending against it in the future.

Do you need antivirus software?

Modern operating systems come with a number of built-in protections like firewalls or Windows Security to help prevent viruses from seizing your system. If you’re careful with how you use your devices and steer clear of links, attachments, and dodgy websites, or even operate on a virtual machine, then you may well be safe from most virus threats.

However, there are threats that even the most well-prepared PC or mobile user can’t avoid. For instance, sometimes legitimate download servers are hijacked, and flaws in the Wi-Fi network you connect to could leave you vulnerable in other ways.

Having a robust antivirus solution that runs alongside all of the modern OS and browser protections is a great first step in protecting yourself and your system. At worst, it provides peace of mind that you should be protected against nasty threats like ransomware. At best, it halts those threats in their tracks should you stumble across them as you venture forth online.

You don’t always have to pay for it, as there are great free antivirus applications out there. However, we’d recommend you have at least one of them running on all your devices, just to make sure you at least have the basic protections in place.

How does antivirus work?

Antivirus software has changed a lot over the years. While the earliest iterations were bespoke programs designed to specifically target individual viruses, today, there are millions upon millions of different pieces of malicious software creeping across the internet.

To combat that ever-evolving threat, antivirus software has changed and expanded in scope. The best anti-malware solutions today use a combination of different tactics to help protect your PC and MacOS desktops, as well as your smart devices and networks.

Here are three methods that antivirus software most commonly use.

Signatures

Signature-based detection is the most tried, tested, and reactionary method of the three. It looks for the specific digital code of a virus — its “fingerprint” — and will either quarantine it or delete it upon detection.

The upside to this method is that an identified virus can be added to a signature database stored locally on the device or in the cloud and then accessed when scanning a system for threats. The downside is that it’s not very useful for new threats. It requires at least one person or system to be attacked by the malicious software and identify it before everyone else can be protected.

With hundreds of thousands of new viruses appearing every day, more is needed to keep modern systems safe. That’s why do much more than its free tool providing mere signature scanning.

Behavioral detection

This is a more modern technique for tracking known and unknown viruses and malware. Instead of looking at what a piece of software is, behavior monitoring looks at what software does.

For example, the way humans and operating systems like Windows or MacOS perform certain functions is quantifiable and relatively well-defined. Viruses and other malicious programs, however, tend to perform certain functions that aren’t typical of a user.

Malware typically attempts to shut down or bypass installed antivirus solutions. Without asking, it may place itself in the boot process so it automatically loads when your device starts. It may even contact an external server to download other malicious software to your device.

Behavioral analysis looks for software attempting to perform these functions — and even at the potential for applications to perform them. Malicious software is quarantined or deleted as they are detected.

Although there is greater potential for false positives with behavioral detection than using signatures, it’s a crucial component of the antivirus puzzle.

For instance, ransomware attacks encrypt files and demand payment to unlock them. These attacks require a fast response and can’t be stopped by signatures alone. Behavioral detection like Bitdefender’s solution , however, can spot encryption and halt it in its tracks, even rolling back any encrypting it has done in some cases.

Machine learning

Teaching computers how to do something has always been difficult and time-consuming, but machine learning allows computers to teach themselves in a much more efficient manner. That’s exactly what machine learning in antivirus leverages in order to provide another important layer in modern anti-malware protections.

Machine learning in antivirus software uses its understanding of malicious and benign programs to analyze application code and decide if it’s dangerous or not. It’s effectively an artificial intelligence solution and, when used in conjunction with other security protocols, has proved extremely effective at combating threats new and old. In some cases, companies like Cylance are using it as their only antivirus solution, though most offer a more rounded toolset.

Machine learning does require internet connectivity to leverage and draw from the power of cloud-connected information databases to detect malicious software. However, it can evolve and adjust far quicker than the more human-curated methods of antivirus protection, and that helps keep the most modern solutions up to date with the ever-evolving threat landscape.

Which antivirus should you choose?

Image used with permission by copyright holder

Choosing the right antivirus is much like any other technological decision — it very much depends on you. There are tools that are great remediation scanners, others with plenty of preemptive protective measures, and some that do more than just block malware attacks.

But there are some that are worth recommending over others to help you get started. After all, downloading just any old security software can sometimes put you at even greater risk.

Some of our favorite antivirus programs include BitDefender’s Antivirus Free Edition and Avast Free Antivirus . Out of the premium solutions, Malwarebytes is one of the best , offering protection against all sorts of threats, as well as active web protection to help you avoid dodgy websites entirely.

If you’re looking for the best Mac Antivirus, here are some of our favorites.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
Is macOS more secure than Windows? This malware report has the answer
A person using a laptop with a set of code seen on the display.

It’s a long-held belief that Macs are less at risk of malware and viruses than Windows PCs, but how true is that? Well, a new report has shed some light on the situation -- and the results might surprise you.

According to threat research firm Elastic Security Labs, roughly 39% of all malware infections happen on Windows PCs. In good news for Apple fans, only 6% of breaches occurred on macOS, making Mac systems far less vulnerable than their Windows counterparts.

Read more
This Mac malware can steal your credit card data in seconds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

Read more