How Does Anti-Malware Work?

Without anti-malware software, your computer would be at increased risk of damage from malicious programs such as trojans and viruses. In order to successfully protect your computer, anti-malware software must be able to both detect malware on your machine and remove it safely. Many anti-malware programs use a range of methods for both detection and removal in order to maximize their effectiveness.

The term "malware" encompasses all forms of malicious software, including viruses, worms, trojans and spyware. Anti-virus software is designed to protect your computer from viruses, a specific type of self-replicating malware which is intended to alter files on your computer. Anti-malware software, on the other hand, usually provides protection against all classes of malware. However, both program types treat infections in a broadly similar way, identifying malicious programs on your machine and allowing you to remove them without harm.

Many anti-malware programs scan for threats using a malware database. This database contains virus definitions, which detail what specific malware or viruses do and how to recognize them. If the anti-malware program detects a file on the system that matches a definition, it will flag that file to the user as potential malware. Scanning using a database is an effective way of removing known threats, but the process relies on regular updates to ensure that the program does not miss out on newly developed malware.

Heuristic analysis, an alternative to database scanning, allows anti-malware programs to detect threats that have not been previously discovered. Heuristic anti-malware programs identify malicious software by their characteristics, rather than by simply comparing files to a list of known malware. For example, if an anti-malware program detects that a given application is programmed to remove key system files, it may flag that application as malicious. However, heuristic analysis can increase the risk of “false positive” results when compared to database scanning.

Once malware has been detected on a system, it must be removed. Many threats can be deleted by the anti-malware program itself as soon as they are detected. However, some malware is designed to cause further damage to your computer if it is removed. If the anti-malware software suspects this is the case, it will usually quarantine the file in a “safe” area of your computer's storage. Quarantining a file prevents it from causing harm, and usually allows you to remove the file manually without damaging your computer.