Norman Safeground Blogs

insight, opinion & information


How do virus checkers work?

We all know that virus checkers are important, but how many of us actually know how they keep our computers safe? Read on to learn some of the key techniques used by anti-virus software all over the world.

Scanning for Signatures

While real-world viruses and bacteria have a set genetic pattern that allows them to be identified by doctors, computer viruses can also be identified by their unique patterns. Virus checkers scan computers for any patterns (specifically, any computer code) that they recognise as malicious from their huge databases.

While this means your computer is safe from infections that the scanner already knows about, it does little to protect against newly developed problems. That’s why the other methods are used.

Integrity Checking

Integrity checking doesn’t actually look at viruses – it looks at your normal files. By keeping track of the size of your files, the anti-virus software will notice if any files have increased in size. An increase in file size – in a document that the user hasn’t edited – is a good indicator that something malicious has happened.

Of course, your computer changes a lot of file sizes just by operating, so there are a lot of sophisticated processes in the background to calculate whether a change in size is an infection, or just an every-day computer operation.

Injection Detection

Viral “injections” occur when there is space left at the end of a file which hasn’t been used up. For example, if you’ve got a document that isn’t quite big enough to fill up the piece of memory it’s placed on, malware writers could infect it with malware. Virus-checkers look for these edits to memory blocks as an indicator that something could be malicious.


Computer viruses – like real-world ones – can mutate, or be deliberately altered as they move around computers. This leads different variants of the same virus. Virus researchers can define a single “generic signature” by looking at these variants and finding a pattern. Once a signature has been defined, it’s much easier for the anti-virus to capture all the variants.

Different virus checkers use different methods to find viruses – and to different degrees. The goal is the same, however – to keep you safe from the dangers that using a computer can bring. Make sure your protection is up to date!

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



The Author:

Made up of various contributors' opinions and insights - the power of the collective.

For Consumption Bloggers

Norman Safeground Blogs Archive