Antivirus software searches your hard drive for any known or potential viruses. Some will even scan external drives and disk drives for infections. There are many scanning methods used by different types of antivirus software, such as use of definitions, keying on suspicious behavior from a program, and heuristic scanning. When it comes to fighting the ever-growing number of infections, antivirus software is an important tool to use.

Some antivirus scanners uses a database with detailed definitions that are used to detect and clean infections on a user’s system. When the antivirus software scans the files on a computer, it will check it against its “dictionary” of definitions. If it finds that a piece of code in the file matches a virus identified in its dictionary, it will take action to clean the system. Once the antivirus scanner detects an infection, it can attempt to clean the computer by removing the virus itself from the infected file, quarantining the infected file, or deleting the infected file altogether. Quarantining a file leaves the file on the computer, but renders the file inaccessible by changing the file’s extension.

Since thousands of viruses are released each year, all antivirus software needs to be regularly updated. A number of the antivirus programs will automatically check for updates when a user is online and initiates a scan. Some programs require a manual update check. If you ever have an infection that isn't being cleaned, or even not being detected, you can submit the sample to the antivirus software company so that they can analyze it and create a definition that will allow the software to detect and remove the infection. Some antivirus companies will have tech support that can help you submit samples. StopSign even has a special cleaning program for stubborn infections. Subscribers to StopSign will have access to Custom Cleaners for infections that the scanner cannot clean on its own.

Scanners that scan for suspicious behavior do not attempt to identify known viruses using definitions – they monitor the behavior of all programs. If the scanner discovers a program is trying to write data to an executable program, the scanner can inform the user of this behavior and ask what the user would like to do. Scanning for suspicious behavior may be a better way to catch new viruses that do not yet exist in any virus dictionaries. However, that method is likely to have a large number of false positives, labeling a valid program as an infection because of its behavior. Most of today’s antivirus software programs do not use this method, relying instead on definitions and heuristic scanning.

Heuristic Analysis looks at the file’s code and type to determine if it seems to be a malicious file. For example, an antivirus program may try to emulate the beginning piece of code from an executable to see if it has malicious intent. This method also has a number of false positive results. Each approach has its flaws: the definition approach is dependent on its dictionary of viruses, while the suspicious behavior approach has a high number of false positive detection, as does the heuristic scanning. Due to the ever-growing number of viruses, users need to use caution to help avoid infection.

Though some antivirus software tools like firewalls and on access scanners will help reduce the risk of infection, no antivirus software can prevent a user from downloading files, opening attachments, using a mobile storage device, or visiting infected websites. Antivirus software is used to clean up the infections that users get, because no matter how much protection you have or how careful you are, anyone can get infected.