Antivirus software is designed to prevent, detect and destroy computer viruses. There may be different ways to detect and treat infected files.
In any case, when an infection of a file is detected, the antivirus tries to remove malicious code from it and, if this is not possible, deletes the file completely.

Types of antivirus software

• Scanners. After startup, the file system and RAM (RAM) are scanned PC and neutralize the found viruses.
• Monitors (guards). They monitor the processes running on the computer in real time.
• Polyphages. The most effective, universal solutions. They scan startup files and boot sectors of hard drives for new viruses.
• Blockers. They can detect a computer virus at an early stage of infecting a PC (when writing it to the boot sector of the hard disk).
• Auditors. Create a database of information about file parameters and control their changes. They cannot find viruses in new files because they do not have data about them in their database.

Blockers are often included in the BIOS (Basic Input-Output system – the basic input/output system, which is stored on the motherboard chip). Polyphages are the most “heavy”, they take up a lot of disk space and “eat up” a large amount of RAM.

Types of protection

Depending on the type of threat (known or unknown to a particular software), the antivirus can perform proactive or reactive protection:

• Proactive protection (heuristics). Protection against unknown viruses based on the study of the code and behavior of programs specific to malware. This type of protection shows the best result in the fight against modified viruses. Data on existing threats are taken as a basis.Heuristics in the antivirus context is a set of rules that are used to detect malware actions without the need to identify a specific threat.
• Reactive protection (virus signature). Protection against already known viruses based on information about the code and other features of malware. To work as efficiently as possible, such antiviruses must constantly update their virus signature databases.Protection based on virus signatures implies accessing a dictionary with already known viruses, which were compiled by the developers of antivirus software.

The main drawback of proactive protection is the so—called “false positives”, frequent blocking of uninfected software. The disadvantage of reactive protection is the inability to defend against new threats. Modern antivirus software uses both proactive and reactive protection.

As soon as the antivirus detects malicious code, it can perform the following actions (depending on the user’s settings):

• Try to “cure” the infected file by removing malicious code from it.
• Send the infected file to quarantine. It is relevant for files that are valuable to the user. While in quarantine, the infected file will not be able to harm the PC; later it can be cured independently or with the help of third-party specialists.
• Delete the infected file. If the code cannot be corrected, the file can be permanently deleted from the hard disk.
• Do not perform any actions. If it is assumed that the file was marked as “malicious” by mistake, you can add this file to the list of antivirus exceptions.

Full-fledged antivirus software protects your computer in real time all the time. That is, the antivirus is downloaded along with the OS, always keeps the RAM and the PC file system under control, and also monitors all programs that are launched and downloaded. Antivirus software significantly reduces the risk of losing valuable data, and also prevents malware from entering the PC.