How AntiVirus Software Works:
Computer AntiVirus Software specializes in identifying harmful Computer Viruses and other Malware on your computer. Once these viruses have been identified, your antivirus program will then either neutralize (often by putting in "Quarantine") or delete the virus so that it cannot harm your computer.
There are many types of computer viruses and malware out there now, so anti-virus programs actually catch more than just "viruses." Most antivirus software can now detect Computer Viruses, Worms, Spyware, Trojans, Malware, and Phishing attacks. The more complex your antivirus program is, the better protected your computer system will be.
Suspicious Behavior Approach:
There are several different methods that antivirus programs use to detect computer viruses. With the Suspicious Behavior approach, your anti-virus program will monitor the behavior of programs on your computer. The suspicious behavior approach is one of the better virus detection methods because it will not only detect suspicious behavior from programs currently running on your computer, but it will also detect the behaviours of new viruses that show up on your system.
With the Dictionary Approach, your anti-virus program will scan your computers files when they are created, opened, closed or emailed on your computer. The benefit of this, is that it can pick up a virus as soon as it is received. The downside to the dictionary approach, is that the anti-virus program can only detect viruses that are known in a “dictionary” or comprehensive database of known computer viruses. This means your anti-virus program will only pick up viruses that are “known” and can miss newer, non-registered viruses that can still infect your computer.
These are the most common approaches used by antivirus software on the market today, although new techniques are constantly being developed all the time. One such new approach is called Sandboxing, which runs questionable programs in a safe environment to see if they are malicious or not. Many modern antivirus programs, such as Norton AntiVirus, NOD32 AntiVirus, and Kaspersky AntiVirus, use a combination of both the Suspicious Behavior and Dictionary Approach as well as other methods to detect computer viruses and malware.