Software that searches for known viruses. Also known as a "virus scanner." As new viruses are discovered by the antivirus vendor, their binary patterns are added to a signature database that is downloaded periodically to the user's antivirus program via the Web. Popular antivirus programs are Norton, McAfee, Sophos, AVG and Kaspersky.|
Antivirus programs are used almost exclusively on Windows machines. Although available, the greater majority of Mac users, as well as desktop Linux users, do not use antivirus. The reason is simple. Mac and Linux make up approximately 10% of the desktop computer market, and, since they are all Unix-based operating systems, they are more difficult to crack. See virus, quarantine, disinfect, behavior blocking and scareware.
Two Different Detection Approaches
Antivirus programs work two ways. The more common method scans the file against all known viruses each time the file is opened. The second method, such as used by Sophos, takes a blueprint of every file ahead of time. It computes a checksum of each file's contents and stores it in a database. The next time a file is opened, the software recomputes the checksum and compares it to the one in the database to see if the file has changed. If it has, the program scans the file for viruses. If not, the file is considered virus free. Since most files are virus free, this method is faster because recomputing a checksum is considerably faster than comparing the file to all the binary signatures. See Symantec, McAfee, Sophos, AVG and checksum.