Anti-virus software and other preventive countermeasures There
are two common methods that an anti-virus software application uses to
detect viruses. The first, and by far the most common method of virus
detection is using a list of virus signature definitions. The
disadvantage of this detection method is that users are only protected
from viruses that pre-date their last virus definition update. The
second method is to use a heuristic algorithm to find viruses based on
common behaviors. This method has the ability to detect viruses that
anti-virus security firms have yet to create a signature for.
Many
users install anti-virus software that can detect and eliminate known
viruses after the computer downloads or runs the executable. They work
by examining the content of the computer's memory (its RAM, and boot
sectors) and the files stored on fixed or removable drives (hard
drives, floppy drives), and comparing those files against a database of
known virus "signatures". Some anti-virus programs are able to scan
opened files in addition to sent and received emails 'on the fly' in a
similar manner. This practice is known as "on-access scanning."
Anti-virus software does not change the underlying capability of host
software to transmit viruses. Users must update their software
regularly to patch security holes. Anti-virus software also needs to be
regularly updated in order to prevent the latest threats.
One
may also prevent the damage done by viruses by making regular backups
of data (and the Operating Systems) on different media, that are either
kept unconnected to the system (most of the time), read-only or not
accessible for other reasons, such as using different file systems.
This way, if data is lost through a virus, one can start again using
the backup (which should preferably be recent). If a backup session on
optical media like CD and DVD is closed, it becomes read-only and can
no longer be affected by a virus. Likewise, an Operating System on a
bootable can be used to start the computer if the installed Operating
Systems become unusable. Another method is to use different Operating
Systems on different file systems. A virus is not likely to affect
both. Data backups can also be put on different file systems. For
example, Linux requires specific software to write to NTFS partitions,
so if one does not install such software and uses a separate
installation of MS Windows to make the backups on an NTFS partition
(and preferably only for that reason), the backup should remain safe
from any Linux viruses. Likewise, MS Windows can not read file systems
like ext3, so if one normally uses MS Windows, the backups can be made
on an ext3 partition using a Linux installation.
