How the stuff works?

Wondering how your Computer Antivirus Software Works? Read This!

Mechanism of Computer Antivirus Software

How does a computer antivirus software works  (working of computer antivirus)? What is an antivirus and how does it work-An antivirus software is a computer program that detect and identify a virus and can be used to scan files to identify and eliminate computer viruses and other types of malicious software (malware). Most Antivirus software (AV) are used to defend your computer from not only viruses, but also other malicious programs such as keyloggersTrojans and Hijackers. They are very useful in detecting the infected patterns that may reside in the computer memory. Antivirus as name specifies works fro keeping the entire computer system safe and secure from the unauthenticated modules and infected snippets . Antivirus software protects against all different types of malware you can also Download Free 11 Best NO Installation lightweight Portable USB Antivirus from here. So in this article we will discussing about.

antivirus software works
antivirus working mechanism

Also Read: Apply These 13 Secret Tips To Improve Computer Security

  • How does a computer antivirus software works or working of computer antivirus
  • Components of antivirus
  • How do antivirus programs detect and identify a virus
  • Antivirus Modes used for Scanning viruses
  • How antivirus is been tested or how to check strength of your antivirus

Do you know?

Antivirus companies are the ones who develop most of the viruses on the market today. If you think about it, it does make since because in order to make a good product, you need to make something that wears out or needs to be refilled/recharged. If nobody is writing any viruses than they are not making any money so in order to keep business going they either pay someone under the counter to develop them or develop them themselves

How do antivirus software works detect and identify a virus?

So what is the main working of Antivirus Software uses to detect a virus and find clean files from non-malicious files? How do antivirus software works and detect and identify a virus? These are the questions frequently asked by most of the users so lemme just explained you more about how do antivirus software works and detect and identify a virus. This is done by using virus definitions for known viruses and by employing heuristics to detect new or modified viruses.

antivirus software works
See how Antivirus software works

Also Read: How to remove virus completely without using Antivirus in Win 7/8/10

Antivirus software relies heavily on virus definitions to detect malware on your system and this is the most traditional way of detecting malware on your system. Virus definitions contain signatures which are used to determine the kind of malware. New malware is released every day and so are virus definitions. The bigger antivirus software vendors have dedicated antivirus labs where new malware is researched to develop new definitions and signatures for them. This is a costly process because millions of new malicious software is released every year. Without the latest virus definitions it may be impossible for your antivirus software to detect the latest malware. Most antivirus software vendors update malware definitions multiple times a day for this reason. Another method for antivirus software is heuristic based detection which we will explain in more detail


Heuristic bases detection is used in combination with virus definitions to detect malware which is based on known and modified malware. Even without virus definitions for the modified malware the antivirus software is able to recognize variations of malware and put it in quarantine. Antivirus uses generic signature detection for this purpose and can be explained as malware with different fingerprints but exactly the same malicious code. Another method for antivirus software is file analysis for example to see if an executable has instructions to alter or delete certain files. Regular software does not try to modify or delete important system software and therefore this action could be considered malicious behaviour and should therefore be considered malware.

Also Read: Download Free 11 Best NO Installation lightweight Portable USB Antivirus


One big downside of heuristic based virus detection are false positives. False positives is when antivirus flags files or programs as malicious or marks them as a threat when they are not, it is just a false alarm. In normal daily use of your computer you should rarely encounter false positives. But with so much software around it may be possible to run into a false positive. In general it is advised that if your antivirus software claims a file to be malicious, consider it malicious too. If you want to be 100% sure if you’re facing a false positive, you can upload the file to VirusTotal for analysis. VirusTotal will scan the file for you and show you how other antivirus software think about its contents.

So coming back with a topic- how does antivirus works and How do antivirus programs detect and identify a virus, basically antivirus uses two different techniques to detect and identify a virus which follows

  • Examining files to look for known viruses by means of a virus dictionary Identifying suspicious behaviour from any computer program which might indicate infection
  • Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.

Components of Antivirus:

Below are the components of an Antivirus which play a major role running of Antivirus:

* Scanner (conventional scanner, command-line scanner, on-demand scanner) -A program that looks for known viruses by checking for recognisable patterns (‘scan strings’, ‘search strings’,

‘signatures’ [a term best avoided for its ambiguity]).

* TSR scanner – a TSR (memory-resident program) that checks for viruses while other programs are running. It may have some of the characteristics of a monitor and/or behavior blocker.

* VxD scanner – a scanner that works under Windows or perhaps under Win 95, or both), which checks for viruses continuously while you work.

* Heuristic scanners – scanners that inspect executable files for code using operations that might denote an unknown virus.

* Monitor/Behavior Blocker – a TSR that monitors programs while they are running for behaviour which might denote a virus.

* Change Detectors/Checksummers/Integrity Checkers – programs that keep a database of the characteristics of all executable files on a system and check for changes which might signify an attack by an unknown virus.

* Cryptographic Checksummers use an encryption algorithm to lessen the risk of being fooled by a virus which targets that particular checksummer.

Also Read: Why Should You buy Original Antivirus Software

Modes of Antivirus:

Modes are the inbuilt feature of all Antivirus. They are use for scanning puposes which depend upon time to time:

Full system scan

A full system scan is very useful when you’ve just installed antivirus software and you want to check if your computer contains any malicious software. Another reason to run a full system scan is when you suspect an infection which has gone unnoticed until than or if you want to check the system for dormant malware with the latest virus definitions.

Quick scan

The quick scan uses only a fraction of the time and resources a full system scan uses. Therefor you can run a quick scan anytime you like without having the anti malware software slowing down your computer.

On-access scanning

On-access scan or real time protection is probably the most important scanning mechanism used by antivirus software.A great benefit of on-access scans is that security flaws in applications are also being caught by the antivirus software. For example it will detect malicious flash files when vulnerabilities in flash are being exploited. For this reason it is advised to never turn off on-access scanning on your antivirus even if it impacts your computer performance. A lot of malware infections have great impact on your system and it might cost a lot of time, effort and sometimes money to remove the malware and make sure it has been completely removed.

How Antivirus is been tested- How to check strength of your antivirus?

There are a lot of Antivirus software in a market which is been tested by experts. Why might antivirus software and antispyware software not detect malicious software. They all claimed to be the best antivirus software in the world which detect and identify a virus. They offer free trial antivirus version as well as paid version . Some of them claims that Norton antivirus is the best antivirus and some says that Kaspersky, and remaining says AVG is best. But it is difficult to compare which antivirus is good for the computer. I am teaching here a method to check the strength of your antivirus. If the antivirus pass the test then you can think that your antivirus is good and if it fails to pass the test then I recommend you to switch to next antivirus software. So let’s get started.

  • Go to Notepad and copy the code below and paste it in Notepad.
  • Go to Notepad and copy the code below and paste it in Notepad.


  • Save with with .exe or .com extension. For example virus.exe or .
  • After you save the file, Run the file. If your antivirus detect it as a threat then your antivirus is good and strong and if it doesn’t detect then search for another antivirus.


the authorHarinder is created and owned by Harinder(Aarav).Aarav is a technology Blogger from India(Dehradun). He’s Quiet type and Creative Guy who enjoys creating and exploring new trends on the WEB. Currently pursuing from DIT University.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.