π¦ Anti-Malware Software
Anti-malware software is designed to detect, prevent, and remove malware from a device.
Malware may try to damage files, steal information, or secretly control parts of a system.
There are a variety of tests and actions anti-malware software carries out
π (1) Signature-Based Analysis
Signature-based analysis works by comparing files against a database of known malware patterns.
Each known piece of malware has a unique digital signature, similar to a fingerprint.
- If a file matches a known signature, it is flagged
- The database must be regularly updated
π§ (2) Heuristic Analysis
Heuristic analysis looks for suspicious behaviour rather than known malware patterns.
For example:
- A program tries to copy itself repeatedly
- A file attempts to modify system settings without permission
- A program runs automatically when the device starts
These behaviours may suggest malware, even if it is new.
π (3) Monitoring System Activity
Anti-malware software constantly monitors system activity to spot unusual or dangerous actions.
This is important because some malware:
- Only becomes active after installation
- Tries to hide from file scans
- Acts like normal software at first
βοΈ (4) Detecting Harmful Processes
A process is a program that is currently running on a device.
A harmful process may:
- Use large amounts of CPU or memory
- Send data without the userβs knowledge
- Control other programs or system settings
π (5) Quarantining Files
When suspicious files are found, they may be quarantined.
This means:
- The file is isolated from the rest of the system
- It cannot be opened or run
- It cannot spread or cause harm
Quarantined files can later be safely deleted.