How Does Antivirus Software Work?

Antivirus software is one of the most important weapons you can have in your arsenal to protect your device. With attacks on your devices becoming more sophisticated, it’s important to know just how antivirus software works. Only then can you make informed choices about which products are right for you.

How Does Antivirus Software Work?

Antivirus software usually works on one of two principles: Either it scans programs and files as they enter your device and compares them to known viruses, or it scans programs already on your device, looking for any suspicious behavior. Strong antivirus software, such as the ones we list below, do both. In addition, most antiviruses feature tools to either remove or quarantine offending malware.

What Is Antivirus Software?

As the name indicates, antivirus software is software designed to combat viruses. It does that through a three-part system:

1. Searching for viruses
2. Detecting viruses
3. Removing viruses

Do You Need Antivirus Software?

As we point out in our digital security guide, your device needs protection from malware in order to stay healthy. In fact, malware threats are more pervasive now than ever. From 2009 to 2019, for example, malware infections increased from over 12 million to over 812 million, an increase of more than 6,500 percent.1 As a result of this rise, many devices now come pre-installed with antivirus and/or anti-malware software. The problem is that these programs don’t usually cover all the threats out there. You may still be vulnerable to phishing, adware, and email scams. Ultimately, you still need antivirus software even if your device has some built-in security features.

Do Windows 10 Devices Need Antivirus?

Windows has long been the primary target for malware, if for no other reason than that there are far more Windows devices in use than any other kind of computer. In fact, as of December 2020, over 76 percent of all computers worldwide were running some version of Windows.2 It’s no surprise, then, that the AV-Test Institute registers 350,000 new pieces of malware and potentially unwanted applications (PUAs) aimed specifically at Windows devices every day.3

Because of this large number of threats, Windows 10 has built-in antivirus software called Windows Defender (or Microsoft Defender Antivirus). Obviously, this package offers some protection against malware. However, Defender doesn’t make our own list of the best antivirus software. For one thing, it doesn’t include endpoint protection. It also lacks automated investigation and remediation. The bottom line is, even if you have Defender, you’ll want to supplement it with additional protection from our list of the best antivirus software for Windows.

Do Macs Need Antivirus?

There are significantly fewer Macs in the world than Windows devices. Compared to Windows’ 76 percent global market share, Macs’ market share is just over 16 percent.4 As a result, Macs aren’t as big a target for hackers. In addition, all Macs contain two specific features designed to help prevent malware:

• XProtect: First, they have an anti-malware program of their own, XProtect, which inspects every single app for signs of trouble.
• Gatekeeper: In addition, Macs include Gatekeeper, a program that makes it almost impossible for a user to run any software unless a certified developer created it.

However, things are changing, as we point out in our guide to Mac antivirus. Probably the most important of these changes is that Macs are becoming more popular. In fact, Mac shipments grew by over 40 percent in 2020.5 As they have become a larger force in the market, they have become a bigger target for hackers. In its 2021 report, Malwarebytes found over 75 million threats aimed specifically at Macs.6 With those kinds of numbers, it certainly can’t hurt to add third-party antivirus. After all, Macs, for all their security features, still have vulnerabilities. In particular, they don’t block all adware or PUPs (potentially unwanted programs). Our page on the best antivirus for Macs offers excellent suggestions on how you can patch these vulnerabilities and protect against a rising tide of malware.

Do Chromebooks Need Antivirus?

Like Macs, Chromebooks aren’t as popular with the public as Windows, with only a 2 percent market share worldwide, so hackers don’t spend as much time making malware for them. In addition, Chromebooks take an entirely different approach from their competitors to dealing with malware. The Chromebook OS is based on the open-source, relatively bug-free Linux system. In addition, Chromebooks have several built-in security features. Among these, their “sandboxing” feature keeps every app and webpage separate from the rest of the computer so that if any trouble should arrive, it is completely isolated. Even so, as we note in our guide to Chromebooks and antivirus, Chromebooks have vulnerabilities. They are especially susceptible to phishing schemes, insecure websites, scam apps, and fake browser extensions. Security-conscious users might want to purchase antivirus software that addresses these issues.

Do Androids Need Antivirus?

In general, mobile devices are safer from viruses than PCs and laptops are.7 This is partly because they are more exclusively devoted to apps. Android devices, for example, encourage users to get their apps only from the Google Play Store, and Google checks its apps for malware before posting them for download. In addition, Android devices use Chrome as their default browser, and Chrome has built-in security protections.

However, Android users have more freedom to download apps from third-party vendors than iOS users do. As we note in our discussion of removing Android viruses, such apps can come infected with malware. Additionally, because of the enormous bulk of app submissions Google receives, apps containing malware have made it through the screening process into the Google Play Store. Early in 2020, for instance, Google issued warnings about dozens of different apps available from its library.8 The fact is, with numbers like that, you need to install one of the best Android antiviruses on your mobile device.

Do iOS Devices Need Antivirus?

Apple’s mobile devices, iPads and iPhones, are the only devices that don’t need antivirus software. Every app you download and install on your iOS device must come directly from the App Store. Since Apple rigorously screens these apps, it is theoretically impossible for you to download anything containing malware onto these devices. In addition, like Chromebooks, iOS devices isolate every app so that a virus can’t spread from one device to another.

Do Antivirus and Anti-Malware Mean the Same Thing?

While “antivirus” and “anti-malware” don’t technically mean the same thing, people often use them interchangeably these days. In its original sense, “antivirus” refers to a specific kind of software, one designed only to prevent viruses. “Virus” means a program that replicates itself by attacking other programs and taking them over.9 “Malware” is a more general term for any kind of damaging software. A virus is a kind of malware, but not all kinds of malware are viruses. As our guide to antivirus protection points out, these are some other types of malware:

• Spyware: Spyware programs infiltrate your device and collect personal information about you.
• Ransomware: Ransomware hijacks your device and blocks access to files or programs until you pay a ransom.
• Adware: Adware monitors your online behavior and shows you targeted ads.

Just What Is a Virus, and How Does It Work?

Originally, the term “virus” referred to a specific class of malware that infects a device and replicates itself, attacking other programs and inserting its own code. Typically, it changes the way these programs behave. Because its behavior resembles the way viruses attack humans, early programmers decided they should call it a “virus.”

What Is Ransomware?

Ransomware is another kind of malware that attacks devices.10 As the name implies, its goal is to collect ransoms from users. Once it infects a device, it can lock down programs and files by encrypting them so users can’t access them. It can even lock users out of their devices entirely, no encryption needed. Users then receive messages offering them decryption codes or control of their devices in exchange for ransom money.

How Does Antivirus Software Identify and Prevent Malware?

Antivirus and anti-malware software use various methods to detect and prevent malware from infecting your device, such as these:

• Signature-based detection: Signature-based detection is one of the oldest forms of antivirus protection. It compares files coming into devices to known malware, looking for signature matches. For the software to be effective, the antivirus database must stay up to date with the latest malware.
• Heuristic-based detection: Heuristic-based detection is similar to signature-based detection in that it scans incoming files and programs for matches to known malware. However, while signature detection looks for exact matches, heuristic detection looks for similar tendencies or patterns in a file’s code. As a result, it catches malware that signature detection may have missed.
• Behavior-based detection: This form of detection examines how files and programs act, looking for anything out of the ordinary.

Can Antivirus Software Stop Hackers?

Antivirus software is a valuable defense against hackers. Many hacking attacks use malware to steal your PII (personally identifiable information) or to hold your files and programs for ransom. Good anti-malware software can prevent these kinds of attacks. However, hackers have other means of stealing your information, such as intercepting your internet connection, another access point to your PII. This means that, while you need antivirus software to protect yourself, you need other important tools as well, like a VPN. For a list of ways to protect yourself from identity theft and hackers, check out our article on how antivirus stops hackers.

Antivirus Features

As you might expect, different antivirus packages come with different features. For example, some software offers only signature-based detection, while others include both signature- and behavior-based detection. These are some other important features to look for in antivirus software:

• Manual scanning: Manual scanning means you can start a scan anytime you want.
• On-access scanning: This type of scanning begins whenever you open the antivirus software, usually upon device startup. The advantage of on-access scanning is that it prevents you from forgetting to run a scan.
• Scheduled scans: Some software gives you the option to schedule scans for regular times each day or week. Like on-access scans, scheduled scans are a handy way to make sure you remember to scan your device regularly.
• Quick scans: Quick scans check commonly used areas of a device, such as temporary files, the operating system directory, and the computer memory. Because they don’t scan everything on your device, they typically take less than 30 minutes to complete.

• Full scan: A full-system scan can take significantly longer to complete than a quick scan because it looks at absolutely every part of your device, including external devices and files.
• Firewall: This security feature comes bundled with some antivirus software programs. Essentially, a firewall is a wall or barrier between the internet and your device. It monitors all incoming traffic and allows or blocks it based on the security settings you’ve chosen.11
• Automatic updates: This refers to how regularly an antivirus package updates its virus and malware definitions. Frequent or continuous updates mean the software is more likely to detect malware based on signatures or heuristics.

How Does Antivirus Get Rid of Viruses?

Essentially, an antivirus does one of two things when it encounters a virus:

1. First, it will attempt to remove or delete the malware, preventing it from spreading further.
2. If it can’t delete the file, it has another option: quarantine. This means the antivirus software places the problem file in a secure location. This seals it off from the rest of the device so it can’t cause any more problems.12

Can You Trust Your Antivirus?

Generally speaking, you should be able to trust reputable antivirus software to protect your device from malware. However, there are reasons to be cautious about trusting your antivirus completely, such as these:

• Fake antivirus software: Some malware out there actually masquerades as antivirus software. Just because something calls itself an antivirus doesn’t mean it is.
• Weak antivirus software: Not every antivirus package out there fully protects your device. An antivirus that misses a lot of malware can lure you into a false sense of security. If you notice your computer is running hot, for instance, or programs aren’t working as they should, you may very well have a virus even if your antivirus says you don’t.
• False positives: Even good antiviruses can tag legitimate programs and files as malware. As a result, you could wind up deleting files your device needs to work.
• Security breaches: Like many other companies, antivirus companies have been subject to security breaches in the past. We’ve covered some big ones in our reviews of the Kaspersky antivirus, AVG antivirus, and Norton antivirus. Breaches like these can expose user data, especially if the company doesn’t maintain a strict privacy policy.

How can you tell whether to trust your antivirus?

• Reputation: Always take the time to research antivirus packages before you purchase or install them.
• Privacy policy: A reputable antivirus company should publish a privacy policy. Check this page to see what information the company keeps about you. Trustworthy antivirus companies don’t hold on to personal information or sell that information to any third parties.
• Ads: Look out for antivirus software that feeds you advertising.

What Is an Antivirus False Positive?

An antivirus false positive is when an antivirus misidentifies healthy code as tainted. In some cases, the antivirus may even delete programs or files that your device needs in order to function. Such false positives can cause just as many headaches as malware. In late 2011, for example, Microsoft Defender Antivirus misidentified the Chrome browser as malware and sent a message to users suggesting they remove the offending program.13

Why Do Detection Rates Matter?

Detection is the core of what antivirus software does. The better a program can detect malware, the better it protects your computer. That’s why detection is the aspect of antivirus software that has evolved the most over the years. Early programs, for instance, tried to match incoming files to known viruses. Later versions of antivirus used sophisticated algorithms to detect malware tendencies. Many programs can now detect malware based on how a file behaves, and most software employs a combination of these methods for maximum detection.

In sum, an antivirus’s detection rate should be a key number in your decision of which program to purchase and install. “IT” refers to the percentage of malware it detects in controlled tests. While this rate can’t tell you whether the antivirus can stop every piece of malware, it can give you a general sense of the software’s effectiveness.

Of course, every antivirus works slightly differently, and this means they have different rates of detection, some better and some worse than others. Typically, because antivirus software is constantly under development, no single antivirus stays on top when it comes to detection rates. Instead, the top companies regularly change places with one another. The best way to keep track of who is on top at any given time is to visit AV-Comparatives.org. This independent website tests all antiviruses on the market regularly and rates them on their ability to detect viruses and other kinds of malware.14

Checking Detection Rates for Yourself

In addition to visiting AV-Comparatives.org, you can run your own tests on your antivirus software. To do so, simply visit EICAR.org and download the EICAR file, which mimics malware. You can download it, run it, and see if your antivirus catches it without putting your computer in real danger.15 In addition, you can check out our complete list of the best antivirus software services to see how different packages stack up to one another.

How To Keep Your Speeds Fast While Running an Antivirus

Antivirus software can slow down your devices. For one thing, it needs the device’s processing power in order to scan for malware, so whenever you’re running a scan, you’ll likely experience slowdowns. In addition, the antivirus software uses resources when it has to update its virus definitions. If you have your antivirus set for continual updates, this can cause lags. Fortunately, most antivirus programs allow you to tinker with the settings, which can speed things up significantly. We recommend following these steps:

1. Turn off constant virus definition updates. Some antivirus software is always updating, using valuable resources and slowing down your computer. By setting updates to occur only at certain times, you free up these resources.
2. Set updates to occur less frequently. Your software may not update definitions continuously, but it might download updates too frequently. Again, changing the settings will help your computer to run more efficiently.
3. Schedule scans. Scans also use resources. While you shouldn’t turn off these scheduled scans entirely, scheduling them to happen when you’re not using your device saves headaches. We recommend scheduling them for the middle of the night (or for another time when you know you won’t need your computer or other device).
4. Turn your antivirus off. Occasionally, when you’re performing a particularly resource-heavy task, you may find it useful to turn your antivirus software off altogether. However, remember that you are not protected from malware while it’s off, so you should turn your antivirus back on as soon as possible.

What Are the Benefits of Antivirus Software?

Quality antivirus software can have numerous benefits for your device:

• Protection against malware: Obviously, your antivirus will protect your device from viruses and other malware.
• Protection against spam: Antivirus software stops spam and unwanted ads.
• Identity theft protection: Antivirus software protects your personal information from hackers, preventing identity theft.
• Scans of external files: Antivirus software doesn’t just scan what’s on your device itself. Full scans typically cover removable devices as well.
• Improved device function: By keeping your device free of malware, antivirus software makes it run smoothly.
• Firewalls: Many antivirus packages come with a firewall, which automatically admits or rejects files based on your security settings.
• Website protection: Antivirus software can also protect against insecure websites. If a website seems at all suspicious, it won’t let you enter.
• Parental controls: Many antivirus packages offer parental controls, which allow parents to ensure their kids can’t access inappropriate websites. Find out more in our complete guide to protecting kids online.
• Password protection: Finally, many antivirus packages include a password manager, which stores all of your passwords in a single secure location.

How To Choose the Right Antivirus

There are many elements to consider when you’re deciding which antivirus software is right for you. We’ve outlined a number of them below.

• Detection rates: An antivirus’s first job is to protect you from malware, so it’s important to check its detection rates before installing it on your device.
• Scanning: At a minimum, you should expect your antivirus software to have manual scans. This means you can check your device for malware anytime you want. It’s also necessary to have automatic scans or, even better, scheduled scans, since these initiate scans even if you forget.
• Behavior-based detection: These days, you want your antivirus to utilize behavior-based detection. This approach works particularly well when combined with signature- or heuristic-based detection.
• Extra safety features: You should also consider what additional safety features an antivirus offers. For example, does it include a VPN? Does it provide identity theft protection, a password manager, or parental controls?
• Price: As with any product, you’ll want to think about the price and exactly what you’re getting for your money. Antivirus software comes in a wide range of prices. You can even find free antivirus software. More often, though, companies insist you sign up for at least a yearlong contract. These can run as high as $180, but most packages only cost around $40 a year, and some companies offer discounts for multiyear contracts.
• Speeds: Antivirus software will slow down your device; it can’t be helped. However, speed tests reveal which programs will slow it down more and less.

How Much Does Antivirus Software Cost?

As we’ve mentioned, there are lots of antivirus options on the market, even free ones. Prices vary considerably and depend on what you want as well as what kind of commitment you’re willing to make. In general, you can get a good antivirus for around $40 with a one-year contract. One quick way to compare prices is to check out our complete list of antivirus prices.

Free vs. Paid Antivirus Software

A simple internet search will turn up dozens of free antivirus packages. Just how good are these free versions, and should you consider downloading one if you’re short on cash? As it happens, there are some free antivirus programs that offer decent, basic protection against common viruses and malware. Kaspersky, Bitdefender, and Avast, for example, all offer solid free versions of their software. You should know, though, that paid software almost always offers more in-depth protection than free versions. These are some common limitations of free antivirus software:

• No behavior-based scanning
• Coverage for only one device
• Lack of availability for some operating systems
• Infrequent virus definition updates
• No firewalls
• The possibility your data will be sold
• Poor or no customer support
• Fewer or no extra features
• Frequent ads for paid products

How Do I Get Antivirus Software?

Follow these steps if you’re looking for antivirus software:

1. Check your device. First, see what kind of protection your device already has. If you’re using an iPhone, for instance, you won’t need any additional antivirus software. If you have a Chromebook, even though it has some built-in security, you might want to invest in software that fills in the gaps.
2. Do your research. As we’ve said many times here, don’t invest in an antivirus until you’ve checked it out thoroughly and seen how it stacks up against other products. We’ve outlined numerous ways to do that, including in our many individual reviews.
3. Download the software. Visit your chosen company’s website and download the antivirus if you want it for a PC. If you’re working with a Mac or Android device, you’ll download the antivirus from the Google Play Store, the Microsoft Store, or the App Store.
4. Install the software. Execute the file and follow the instructions.
5. Adjust the software. Make any necessary adjustments to the settings (firewall sensitivity, update frequency, scanning options, etc.).

What to Do if Your Antivirus Has Expired

What happens should your antivirus expire? Well, that depends on the particular antivirus. Some parts of the software may continue to work, while others will immediately shut down. For example, you can still run scans with some products even after they’ve expired. However, in every case, the regular updates to the virus database will stop. Without the updates, the scanner won’t do a lot of good, since it won’t be able to catch the most recent versions of malware.

Often, the antivirus app itself will include a button that allows you to renew easily, even if your subscription has expired. If that’s not the case, you’ll probably need to return to the website where you first bought the software and repurchase it.

Other Ways to Protect Your Device

While antivirus software is an important tool for keeping your device safe, your device can still be vulnerable even with an antivirus installed and running. So what are some other ways to protect your device?

• Perform regular updates. Antivirus software can’t do its job if you don’t update it regularly.
• Install a firewall. Not every antivirus comes with a firewall. If yours doesn’t, consider installing one to create an added barrier of network protection.
• Scan email. If your antivirus offers an email scanner, use it. If it doesn’t, never open email attachments from senders you don’t recognize.
• Invest in a VPN. Even with antivirus software, your PII is vulnerable if you’re using the regular internet. Hackers, identity thieves, and ISPs can see everything you’re up to. A VPN, or virtual private network, conceals your IP address so no one knows who you are or where you’re located. In addition, VPNs hide your browsing activity inside an encrypted tunnel. If you’re considering this option, make sure you check out our list of the best VPNs.

How To Remove Viruses Without Antivirus Software

Almost all antivirus packages these days offer convenient ways to delete or quarantine malware. However, there are also ways to remove malware manually without antivirus software.

How To Remove Viruses on Windows Devices

1. Restart your device in safe mode.
2. Navigate to your Task Manager.
3. Click the Processes tab.
4. Check for any unusual programs.
5. Once you’ve identified the malware program, click End Task.
6. Click File.
7. Click Run New Task.
8. Type the MSConfig in the box.
9. Click OK.
10. Go to the Service tab.
11. Uncheck the suspicious service.
12. Click Apply.
13. Click OK.
14. Restart your device normally.16

How To Remove Viruses on Macs

1. Restart your device in safe mode.
2. Navigate to Launchpad.
3. Open the Activity Monitor.
4. Check for any unusual programs.
5. Once you’ve identified the malware program, click the X in the top left area of the window.
6. Open your Finder.
7. Go to Applications.
8. Look for suspicious apps.
9. Once you’ve identified a suspicious app, drag it to the trash.
10. Empty the trash.
11. Restart the device normally.17

How To Remove Viruses on Android Devices

1. Restart your device in safe mode.
2. Navigate to your device’s Settings app.
3. Choose Apps.
4. Choose Downloaded.
5. Check for any unusual apps.
6. Once you’ve identified the malware, tap its name.
7. Choose Uninstall on the app’s info page.
8. Restart the device normally.18

Recap

Antivirus software scans your device for malware and, once it detects it, deletes or quarantines it. While many devices now come with some antivirus software pre-installed, it’s always a good idea to consider additional software to cover any vulnerabilities. Finally, keep in mind that an antivirus doesn’t protect you from every online threat. You should also think about adding a VPN to keep you safe.