How the antivirus works to protect your computer
Any good antivirus application uses multiple methods to detect and block malware. The first one is using a virus dictionary, which is actually a database containing virus signatures. The antivirus compares any file it analyzes with its virus dictionary to see if the file’s contents match any part of the code found in a virus signature.
The second method is behavioral detection. Viruses can attempt to do a number of things on your computer (e.g.: writing data to an executable file) and these are labeled as “suspicious”. As soon as a file will have a suspicious behavior the antivirus can block it in a number of ways depending on the user’s settings (quarantine, ask for user confirmation, automated removal… etc.).
Some antivirus programs will also try to emulate the beginning code of an application before allowing it to actually run. If the executable will have a suspicious behavior it will be detected as a virus. Another way of preventing malware infections is using a sandbox. This is a virtual environment where an executable can run without being able to perform any modifications to the system and the antivirus can safely analyze its behavior.
Cloud-based antiviruses are rather new in the market and have a different approach for ensuring protection. These security apps, will analyze any file you open, download, close or run, using a virus database stored in the cloud (this requires an active Internet connection). Cloud-based antiviruses have several benefits: first of all most of the processing will take place in the cloud so it will use very little computer resources. Secondly, the virus database is also stored in the cloud, not taking so much space on your computer.
When in offline mode (not connected to the Internet), the antivirus does have a virus database stored on your computer, only a smaller one, containing just the most common viruses and malware. As a result, a cloud antivirus is a very good solution for someone that has an active Internet connection most of the time (such as a home PC, for example).
Types of antivirus updates
Antiviruses usually have two types of updates: definition updates (the ones that add new virus signatures to the database) and program updates (improvements, additions, bug fixes… etc. of the program’s code).