Does a scanner remove a virus?
Anti-virus scanners are an essential tool for defending yourself against computer viruses – but what are they, how do they work, and what are they defending you against?
Let’s start by defining “computer virus.”
A computer virus is a software program that embeds a copy of itself into another program on your computer. Once it’s done that, whenever you run the host program, the virus can do whatever it was designed to do. It might disrupt your work, damage or steal your data, or compromise your security in many other ways.
Much as a biological virus spreads between organisms, a computer virus can spread between computers. It does so by being copied into data files that are shared across networks, the Internet, email, or portable storage devices such as USB flash drives.
Most computer viruses can only infect “similar” computers – so, for example, a Windows virus can only infect other Windows computers. But “cross-platform” viruses do exist. Some are written with programming tools that make it easier to write legitimate software that runs in different environments such as Macintosh or Linux. Others are “macro viruses” that can infect both Windows and macOS computers running Microsoft Office.
True computer viruses must be part of another program to run, just as biological viruses need to take over a host cell in order to be active. But a similar form of disruptive software, the “worm,” can operate and self-replicate independently. Sometimes the terms “virus” and “worm” are used interchangeably, and as different forms of malicious software evolved, the term “malware” was created to cover all of them.
Self-replicating software like viruses and worms was first envisioned by mathematician John von Neumann way back in 1949. (von Neumann, a true genius, defined the structure most computers still use today.) The first experimental computer virus -- technically, a worm -- was created in the early 1970s before personal computers even existed. It was spread across a pioneering academic and military network that preceded the Internet. It merely displayed an annoying message – but soon enough, someone created software to track it down and delete it. That was the first anti-virus scanner.
As millions of people started using personal computers in the 1980s and 1990s, truly malicious viruses, worms, and other malware spread quickly. Anti-virus scanners became indispensable – and they still are.
How does an anti-virus scanner work? Traditionally, they’ve searched for “signatures”: patterns of computer code, data, or text that appears in all copies of a virus. That means a signature-based anti-virus software package is only as good as the company’s virus research team. They work constantly to recognize new threats as rapidly as possible – and then quickly distribute information about new threat signatures to everyone who’s running their anti-virus scanner.
Of course, cybercriminals who write viruses keep looking for ways to hide or quickly change their code, so it won’t be recognized by anti-virus scanners – and anti-virus companies work to quickly recognize and overcome those new techniques.
Today, advanced anti-virus scanners (like the one in Sophos Home Premium) don’t rely only on signature detection. Using advanced artificial intelligence, they track program behavior -- recognizing when software is acting suspiciously. Using these techniques, Sophos Home Premium can recognize malicious code that nobody’s ever seen before.
These days, most anti-virus scanners look for multiple forms of malicious code. So it’s more accurate to call them anti-malware scanners. And, of course, it’s not enough just to find bad code: users want malware destroyed or quarantined so it won’t hurt them. That’s why an advanced security program like Sophos Home Premium also “cleans” malware infections – removing any traces of them.