How do antivirus programs detect viruses? [closed]

Question

How do anti-virus programs detect if something is a virus or trojan?

I'm from Turkey, please keep the English simple if possible, thanks.

Answer 1

There are three basic ways to find viruses. You can scan files to see if they have virus code in them from known viruses. You can scan files to see if the code will do virus-like things. You can wait until a program does something it should not do, and flag the program as infected.

You would scan files when they are first created, and you would also do it on a schedule after that. You would have to install a kernel driver in order to watch what programs do and stop them from doing malicious things.

Many anti-spyware programs work exactly the same way. For example, Spybot S&D can watch for Registry changes that could be spyware installations.

Answer 2

There are different types of virus detection. Some of the different techniques they use are

1) Look at binary makeup of file for match or partial match in database of known viruses and trojans (most common technique)

2) Watch what program does and see if it ever does anything similar to viruses/trojans

3) Analyze program code (sometimes disassemble program code) and look for malicious things. This is often very difficult and usually only advanced detection programs do this.