What is antivirus? Definition, types, and benefits

Antivirus software monitors your devices for known threats and eliminates or stops them from infecting your devices as quickly as possible. With reliable security software like Norton AntiVirus Plus, your personal data will be better protected from hackers, malware, viruses, and other online threats.

A person in a yellow sweater looking up the answer to what is antivirus on a laptop.

What is antivirus software?

Antivirus software is designed to safeguard computers and mobile devices from malware, hackers, and cybercriminals. By looking at data on your hard drive and incoming data from the internet, including websites, email messages and attachments, and applications, antivirus software can identify, block, and protect against malicious software, infected links, and other threats and suspicious activity.

What does antivirus software do?

Antivirus software works by scanning your devices regularly to look for and block known viruses as well as new and emerging malware strains. If your device gets infected, antivirus software will help you remove it. To provide the best possible protection, these programs use several forms of detection.

Signature detection

Antivirus programs use signature detection to look for specific pieces of code that are found in known viruses in order to contain and remove them. Signature detection is a core component of most antivirus software, but it’s reactive – a virus must be known for its signature to be added to antivirus software. That means if signature detection gets used on its own, it won’t protect you from new and emerging viruses.

Heuristic detection

While there is a type of virus called a heuristic virus that attacks and disables antivirus software, the heuristic detection method examines code for suspicious architecture and behavior rather than a specific signature. Heuristic detection (which means ‘to find out’ or ‘discover’ in Latin) uses a few tools to make educated guesses, including:

  • File analysis: This tool analyzes a file's apparent intent or purpose. If a file looks like it was designed to create a problem within a system, say by deleting other files, it flags the file as potentially dangerous.
  • Multicriteria analysis (MCA): MCA uses the data gathered from other detection methods to weigh and decide whether it should flag a file as potentially dangerous.

Cloud and sandbox analysis

By creating an isolated and secure environment within a system, a sandbox analysis system can test a suspect program by letting it run in a closed environment. If it turns out that it is a virus or another type of malware, it can delete it before it enters the real system.

Intrusion prevention via HIPS

HIPS (host intrusion prevention system) monitors activity within a single host system for changes and behaviors that indicate a virus is present. Some HIPSs work by weighing new activity or behaviors against a list of trusted software and then blocking the new systems from stepping beyond the bounds of what the HIPS designates as safe behavior. HIPSs are useful when running multiple protective systems like an antivirus and a firewall.

Types of viruses

Computer viruses are designed to infect devices in ways that don’t show obvious warning signs until it’s too late. Because of that, hackers use many different methods to create and deploy malicious programs.

Malware

Malware is an umbrella term that describes any kind of malicious software created to cause damage, gain unauthorized access, or otherwise disrupt computer systems. A virus is a type of malware, along with Trojans, worms, spyware, adware, ransomware, and other disruptive software.

Spyware

Spyware secretly collects information about a user’s activities. This can include anything from someone’s browsing history to keystrokes and personal information. By using spyware, hackers can direct targeted advertising at users, steal people’s identities, and even commit espionage.

Keyloggers

A keylogger is a type of spyware that records a user’s keystrokes on computers or tap patterns on mobile devices. If a keylogger is active on a device, a hacker can gain access to everything from someone’s personal messages and emails to their passwords. They can also access financial information like credit card numbers and login credentials.

Browser hijackers

With a browser hijacker, a hacker can take control of someone’s browser. Once they have control, they can change settings and set up redirects that send users to sites that contain other malware or are designed for phishing. Browser hijackers can also install extensions and change bookmarks and homepages.

Worms

A worm is a type of malware that uses software or operating system vulnerabilities to self-replicate and spread across devices and networks. Worms can act independently of host programs, making them especially tricky to detect and contain.

Rootkits

Rootkits give hackers unauthorized network or computer access by changing or modifying existing systems to stay undetected. If a rootkit infects a device, it can access the camera and microphone, install other malware, and create backdoors to keep access open. Because they integrate themselves into other systems, rootkits are often more difficult to find than other viruses and malware.

Adware

Adware bombards infected systems with ads. An adware infection might cause a user to see more pop-ups online, have their browser settings changed, or become the victim of a spyware attack. These programs show ads to users to generate revenue for the hacker.

Ransomware

Ransomware infects a device and encrypts its files. Once the files are inaccessible to the user, the ransomware program demands payment, or a ransom, to decrypt the files. The data and financial losses of a ransomware attack can be devastating to businesses and organizations.

Antivirus software considerations

When you want to stop different computer viruses from infecting your computer, there are some clear benefits to antivirus software and a few drawbacks that you should know about before you decide on a security solution.

Benefits of antivirus software

You get a lot of benefits when you use an antivirus app, including some that you might not know about.

  • Detecting, preventing, and removing malware and viruses: This is the most obvious upside of installing antivirus software. Devices infected with viruses are less safe and reliable than those protected with antivirus software.
  • Blocking pop-ups: Pop-ups aren’t just a source of malware and viruses; they’re also disruptive and annoying. Many types of antivirus software block pop-ups.
  • Scanning in real-time: Real-time scanning helps you browse the internet safely and keep your devices protected.
  • Protecting external devices: Antivirus applications help protect external devices, including external hard drives, thumb drives, and more, from malware.
  • Blocking scam sites: Modern antivirus protection helps keep you safe while browsing by blocking dangerous sites.
  • Making devices faster: Antivirus software can close unused programs running in the background and stop them from slowing down your computer.

Drawbacks of antivirus

Antivirus software has its downsides, though you can mitigate most of these by investing in better programs. A few of these drawbacks include:

  • Looking out for adware: Free antivirus protection from unknown or untrustworthy brands may not be reliable and can even be a source of adware. While you may not want to spend money on antivirus protection, weigh the cost of that program against the price of a new device.
  • Slowing down devices and system updates: If you’re running a lot of programs and then turn on your antivirus or run an in-depth scan, it could slow down your device. Some antivirus applications may deliberately stop your apps or programs from updating to make sure those updates don’t introduce vulnerabilities that the antivirus software may not be able to detect and protect against.
  • Avoiding programs that are slow to detect new malware: If you’re using unreliable free antivirus software, it may be using signature detection as the primary method for discovering malware. That means new viruses and malware can make their way onto your computer before your antivirus even knows. That’s why the best antivirus software uses a combination of signature and heuristic detection.

Make antivirus an essential part of your digital security

Norton AntiVirus Plus uses a combination of constant signature and heuristic detection to help protect your devices from malware, ransomware, hackers, and viruses. And if your device is infected, Norton AntiVirus Plus will help remove these threats. When you want protection you can rely on, you can rely on Norton.

FAQs about antivirus software

Have more questions about antivirus software? We’ve got answers.

Should I use an antivirus?

Yes. No matter what device you’re using (even Macs can get viruses), you could still get a virus or malware infection that can compromise your device or put personal information at risk.

What happens if I don't use an antivirus?

It depends. Your data could be stolen or deleted, your devices could stop working, or you could spread a virus to others.

Does anyone use an antivirus anymore?

More people than ever use antivirus software even if they don’t know it. Microsoft Defender, for example, which is part of Windows’s basic built-in security, is bundled and automatically enabled on all new Windows computers.

Does antivirus really remove viruses?

Yes, but good antivirus software also works to prevent infections from happening in the first place.

How will the software respond when it finds malware?

It depends. Some antivirus software will inform you (usually with a pop-up or dialog box) when a new type of malware is found and ask if you’d like it to be removed. Other programs will remove the malware automatically or within the parameters you’ve set for it.

Luis Corrons
  • Luis Corrons
Luis Corrons is a Security Evangelist for Gen (Avast, AVG, Avira, Norton) & leads boards at AMTSO & MUTE. He is a prominent speaker at industry events.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 

Contents

    Want more?

    Follow us for all the latest news, tips and updates.