How does an AntiVirus program work?

An AntiVirus is a software program that detects and removes malicious programs and viruses from a PC. There are two chief ways of the working of an antivirus program. There are two principal ways in which an antivirus works. 

• It checks up the names and structure of all executable files in the PC and matches those names against a dictionary or database of already known viruses.
• It checks up all executable files before they start execution for any modification in behavior that is expected normally from it.

Let us understand these two procedures in details. The first one is the most common one in use by most antivirus programs. Though it will not be wrong to say that almost all modern antivirus software use both the above procedures. The dictionary approach begins with a database of all known viruses present and this database is created by the author of the antivirus program. The antivirus examines all files for a match in name or code to be executed with all known viruses. If a match is found the user is alerted and necessary action is taken. These actions may include deletion of the file as a whole, removing the virus from the file, or quarantining the file so that it does not effect the performance of other files on the PC.

The second approach does not depend upon already created database of viruses. It observes all executable files before they start execution. If these files relate to some noted or flagged actions such as they start transferring control to many other executable files simultaneously and instantly or they start modifying or start writing on other executable files at once, they are flagged and the user is alerted against them and the user delas with such programs.

There are several other techniques being used but none of them is declared successful yet.