Antivirus software works by scanning computer programs for patterns within their codes that match virus signatures. If a match is found, the antivirus software attempts to disable or remove the virus. It may also identify viruses and other forms of malware through heuristics and behavioral-based detection.
Comparing computer files to virus signatures is the standard technique used by most forms of antivirus software. Cyber-criminals constantly release new forms of malware, and antivirus developers respond by creating a signature that identifies each specific virus. Computer users must download these signature updates so that their antivirus software can recognize and combat new threats.
Antivirus software may also utilize heuristics or generic detection. Instead of finding exact matches, it searches for code similarities between the scanned file and known virus families in the existing signature database. Although many viruses undergo several mutations, they often have common characteristics that antivirus developers can use to create generic detection signatures.
Antivirus software may also detect malicious programs by their behaviour as they are running. If programs behave differently than expected, the antivirus software deems them suspicious and attempts to halt further operations. Some antivirus software quarantines suspicious programs automatically, whereas others alert users and ask for instructions on how to proceed.