By now, you've probably already become convinced of the importance of having an antivirus program installed, running, and updated on your system. Without this precaution, your data is at risk. Even if you don't use your computer for business purposes, that data probably holds tremendous sentimental value to you, not to mention the fact that you may have spent hundreds (if not thousands) of dollars on things like music files, movies, digital books, and more. Given the fact that one infection can wipe all of that (and your precious family photos) out, it's important to guard against these with all of the diligence you can, which means installing and maintaining antivirus software. Fortunately, modern antivirus software does not adversely impact performance the way antivirus software did in days gone by.
But How Does it Work?
The way any particular piece of antivirus software works is governed primarily by the particular philosophy of virus protection it was built with. For starters, let's take a look at a technology called the "virus dictionary approach." The basic idea here is that the software examines each file on your hard drive and compares its contents to a dictionary of known viruses compiled by the provider of the software. Once a virus has been identified, the file can then either be deleted or quarantined. Alternatively, the program can attempt to repair the file by deleting the malicious code.
More About Virus Dictionary
In order to continue to be effective, this type of software must be updated periodically. Definitions of new viruses which have been identified since your last update are downloaded into the program. Sometimes these definitions are contributed by other technically proficient and responsible users of the program which have encountered these new viruses in the real world. Every time a new file is created, opened, closed, or emailed on your computer, the antivirus software will examine it in comparison to the most up-to-date version of its virus dictionary. In addition to this, you can program your software to periodically recheck every file on your system.
In addition to the virus dictionary method, there are other means by which viruses can be identified. One of these is called the "suspicious behavior approach." The idea here is to monitor the behavior of all of the programs on your system. If, for example, one program tried to write data to the executable file of another, this would be flagged as suspicious behavior. You would then be alerted and offered a number of possible options from which to choose. The advantage here is that, thanks to the fact that no new virus definitions are necessary, new viruses can be protected against. The drawback is that such technology generates a large number of false positives. One final method is the use of a sandbox. A simulated operating system runs the program and checks for out of place changes. This method will affect your system's performance dramatically, and therefore is generally only utilized during on-demand scanning.