Understanding Anti-Virus Software | CISA

What does anti-virus software do?

Although details may vary between packages, anti-virus software scans files or your computer’s memory for certain patterns that may indicate the presence of malicious software (i.e., malware). Anti-virus software (sometimes more broadly referred to as anti-malware software) looks for patterns based on the signatures or definitions of known malware. Anti-virus vendors find new and updated malware daily, so it is important that you have the latest updates installed on your computer.

Once you have installed an anti-virus package, you should scan your entire computer periodically.

  • Automatic scans – Most anti-virus software can be configured to automatically scan specific files or directories in real time and prompt you at set intervals to perform complete scans.
  • Manual scans – If your anti-virus software does not automatically scan new files, you should manually scan files and media you receive from an outside source before opening them. This process includes:
    • Saving and scanning email attachments or web downloads rather than opening them directly from the source.
    • Scanning media, including CDs and DVDs, for malware before opening files.

How will the software respond when it finds malware?

Sometimes the software will produce a dialog box alerting you that it has found malware and ask whether you want it to “clean” the file (to remove the malware). In other cases, the software may attempt to remove the malware without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.

Which software should you use?

There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. Anti-virus software typically performs the same types of functions, so your decision may be driven by recommendations, particular features, availability, or price. Regardless of which package you choose, installing any anti-virus software will increase your level of protection.

How do you get the current malware information?

This process may differ depending on what product you choose, so find out what your anti-virus software requires. Many anti-virus packages include an option to automatically receive updated malware definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing alarmist emails claiming that the “worst virus in history” or the “most dangerous malware ever” has been detected and will destroy your computer’s hard drive. These emails are usually hoaxes. You can confirm malware information through your anti-virus vendor or through resources offered by other anti-virus vendors.

While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect malware that has known characteristics. It is important to keep these signatures up-to-date. You will still be susceptible to malware that circulates before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.