Antivirus software are computer programs that attempt to identify, neutralize or eliminate malicious software. Antivirus is so named because the earliest examples were designed exclusively to combat computer viruses; however most modern antivirus software is now designed to combat a wide range of threats, including worms, phishing attacks, rootkits, trojan horses and other malware. Antivirus software typically uses two different approaches to accomplish this:
examining (scanning) files to look for known viruses matching definitions in a virus dictionary, and
identifying suspicious behavior from any computer program which might indicate infection.
The second approach is called heuristic analysis. Such analysis may include data captures, port monitoring and other methods.
Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach. Some people claim that a Firewall program performs the functions of a Anti-Virus, however they are mistaken.
In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions: attempt to repair the file by removing the virus itself from the file, quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread), or delete the infected file.
Sunbelt Software CEO to Keynote at Virus Bulletin 2008 Conference (Marketwire via Yahoo! Finance)
