Antivirus software is a class of program designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
Antivirus software, originally designed to detect and remove viruses from computers, can also protect against a wide variety of threats, including other types of malicious software, such as keyloggers, browser hijackers, Trojan horses, worms, rootkits, spyware, adware, botnets and ransomware.
How antivirus software works
Antivirus software typically runs as a background process, scanning computers, servers or mobile devices to detect and restrict the spread of malware. Many antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.
Antivirus software usually performs these basic functions:
- Scanning directories or specific files for known malicious patterns indicating the presence of malicious software;
- Allowing users to schedule scans so they run automatically;
- Allowing users to initiate new scans at any time; and
- Removing any malicious software it detects. Some antivirus software programs do this automatically in the background, while others notify users of infections and ask them if they want to clean the files.
Antivirus software uses a variety of virus detection techniques.
Originally, antivirus software depended on signature-based detection to flag malicious software. Antivirus programs depend on stored virus signatures — unique strings of data that are characteristic of known malware. The antivirus software uses these signatures to identify when it encounters viruses that have already been identified and analyzed by security experts.