Anti-virus software are software for your computer used to prevent, detect, and remove malware, including computer viruses, worms, and Trojan horses. Some examples of anti-virus software are Sophos, Eset Nod32, Quick Heal and McAfee

Antivirus is a computer program which is designed to detect, ward off, and remove malicious codes such as virus, worm, Trojan, Malware, etc. Today, computer users are well aware of the benefit of installing antivirus software on their computers. Everyone installs an anti-virus program to keep the online risks at bay.

The antivirus software thoroughly checks every downloaded file. Be it a Word document, a ZIP file, a spreadsheet or EXE file, the chances for a virus or macro to launch on a computer when the file is double-clicked is high. It is the duty of the antivirus software to make sure that all the downloaded files are safe. If any suspicious files or activities are found, it flags it and lets the user know immediately.

IDENTIFICATION METHODS

One of the few solid theoretical results in the study of computer viruses is Frederick B. Cohen’s 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses. However, using different layers of defense, a good detection rate may be achieved.

There are several methods which antivirus engine can use to identify malware:

Sandbox detection: a particular behavioural-based detection technique that, instead of detecting the behavioural fingerprint at run time, it executes the programs in a virtual environment, logging what actions the program performs. Depending on the actions logged, the antivirus engine can determine if the program is malicious or not.[75] If not, then, the program is executed in the real environment. Albeit this technique has shown to be quite effective, given its heaviness and slowness, it is rarely used in end-user antivirus solutions.

Data mining techniques: one of the latest approaches applied in malware detection. Data mining and machine learning algorithms are used to try to classify the behaviour of a file (as either malicious or benign) given a series of file features that are extracted from the file itself.