By now, most savvy computer users have anti-virus software (AV) installed on their machines and use it as part of their regular computing routine. However, most average users do not know how anti-virus software works. This two-part series will offer a . . .
By now, most savvy computer users have anti-virus software (AV) installed on their machines and use it as part of their regular computing routine. However, most average users do not know how anti-virus software works. This two-part series will offer a brief overview of a particular type of anti-virus mechanism know as on-access virus scanners. These programs are loaded at during the operation system start-up and interact with programs in the background until the system is shut down. In the Microsoft Windows world, which this article will focus on, they must function reliably and speedily across a range of Windows flavors. They must also be able to correctly identify and disinfect thousands of viruses -- known and unknown. On-access scanners must stand in the gap, ensuring that nothing passes the ground they defend.

Anti-virus programs protect a computer system from viruses by examining the computer's memory and file system for signs of virus infestation. This examination process is called scanning. Anti-virus programmers use two main scanning strategies - on demand and on access scanning. In on-demand scanning, users voluntarily activate a virus-scanning program each time they want to examine the computer for viruses. In on-access virus scanning, the virus scanner that continually examines the computers memory and file system automatically activates each time one of these resources is accessed by a program.

While on-access and on-demand scanners may have some similarities, including some of the same programming code, the on-access scanner must do more that just examine files: it shoulders most of the active anti-virus burden for the user. The on-access scanner places itself between programs and the operating system. It examines programs as they interact with files, memory areas and network functions. It has to examine a suspicious program's behavior and halt malevolent software before the software executes. Viruses, trojan horses, and other malevolent Web applications are all part of the on-access scanner's patrol. Part of the challenge of an effective on-access scanner is that it must be diligent and capable of scanning each accessed file while not interfering with the functionality of the machine.

The link for this article located at SecurityFocus is no longer available.