How Antivirus Software Works

Yee-ha! In the wild wild west of the internet, antivirus software is a must-have partner.

If you have antivirus software installed on your computer (and you should!) you’ll know that it stops viruses from doing damage to your computer. But how does an antivirus know what’s bad and what’s good? Let’s take a peek inside how an antivirus works and how they keep your PC safe.

If you’ve watched your antivirus update, you’ll see a part where it downloads and installs “virus definitions.” These are special rules that tell the antivirus what viruses are making the rounds on the internet. If the antivirus spots one of these programs arrive on the computer, it knows to get rid of it immediately!

You can imagine the antivirus as a saloon owner in the Wild West. Every day, the owner gets a few WANTED posters from the local sheriff, which shows some of the local bandits that have appeared.

When someone enters the saloon, the owner checks the newcomer’s face with all the WANTED posters he has. If they’re not on any of the posters, they’re free to stay; if they are wanted, they get kicked out before they can cause any trouble!

This is how an antivirus keeps known viruses out; but how about changed viruses? The people who create viruses know that an antivirus will spot the program in the wild and will create a rule that blocks it.

To combat this, they make a new version of the virus that’s only slightly different from the one they made. That way, when the antivirus scans it, it doesn’t perfectly match the records that the software has. The creator of the virus hopes this slight difference is enough to fool the antivirus into allowing it.

In our Wild West saloon, this is like the bandits wearing funny hats, eye patches, or fake mustaches to trick the owner into believing they’re a different person from the people on the WANTED posters. Fortunately, the owner can use a little common sense here; if the newcomer looks similar, but not identical to, one of the wanted bandits, they can investigate further to see if they’re really a bad guy.

Antiviruses can also do this. They look at software coming in and compare it to viruses that it already knows. If it shares similarities with an existing virus, the antivirus will stop it from running. This kind of detection has a funny name: it’s called “heuristics” (hew-riss-ticks).

An antivirus can also use heuristics to catch a brand new virus that doesn’t have a definition yet. For example, if a brand new software tries to delete everything on the computer, the antivirus can detect this and stop it, even if it doesn’t have a rule dictating that it should.

This is like our saloon owner keeping an eye out for trouble. They don’t need a WANTED poster to spot someone trying to start a fight or rob someone. They can identify this person as bad and promptly kick them out of the saloon. They can even report the person to the sheriff, so the whole town knows to watch out for that person!

However, an antivirus can’t be too strict with its rules. If it’s a little too forceful, it will identify totally innocent programs as viruses, much to the annoyance of the user. It’s important for the antivirus to be cautious, but not overly so.

The next time you update your antivirus, just imagine all the WANTED posters it’s downloading for you. Who knows; in the future, it may use one of them to save your PC!

Learn More

Comodo’s guide on how an antivirus works

Detection method

How Anti-virus software works

How do different types of antiviruses work?

Antivirus software

Antivirus software facts for kids

2020 Top Ten Antivirus software

Advantages of using an antivirus

Explaining computer viruses


Importance of antivirus software

Best Cybersecurity Analogies


  • Simon Batt

    Simon Batt is a UK-based tech enthusiast and all-around geek. His favourite things are cups of tea, cats, and new gadgets, even though they never mix well.

Also In The April 2020 Issue

As students reach the age of 13 the importance of them understanding their rights and privacy online becomes crucial.

The iDTech summer camp recently posted 102 questions. Here are a few with links to the full list.

Being well-read is essential in everything in life, and coding is no exception! Here are some book recommendations to make you a coding master.

The circus is in town, but they're missing one of their colourful balls. Let's make one for them!

Sundials were one of the first ways people kept track of time. But how did they work?

New to physical computing? MircoPython may be perfect or you!

It's project time! In this article we go over how the same processes used in big factories can be used to control a simple LED.

What do bubbles, pancakes, and spaghetti all have in common? They're all great for sorting!

Yee-ha! In the wild wild west of the internet, antivirus software is a must-have partner.

Exploring the concept of RAM and how it helps your MInecraft game run better.

Breaking down big problems into smaller ones is a great way to solve them. Let's see how recursion helps us do this!

How did this pale blue dot that we call Earth first begin? The answer is even more fascinating than imagined.

Have you ever wondered why your computer's mouse is called that? Well it all started with a fellow named Douglas and a block of wood...

How do you power devices at the top of mountains and the bottom of oceans? Let's find out!

Links from the bottom of all the April 2020 articles, collected in one place for you to print, share, or bookmark.

Interesting stories about computer science, software programming, and technology for April 2020.

Interested but not ready to subscribe? Sign-up for our free monthly email newsletter with curated site content and a new issue email announcement that we send every two months.

No, thanks!