Cybersecurity
Antivirus
Definition
Antivirus software is a program or set of programs that are designed to prevent, search for, detect, and remove software viruses, and other malicious software like worms, trojans, adware, and more. It typically uses signature-based detection to identify known threats.
Why It Matters
For decades, antivirus has been a fundamental security tool for endpoint protection, providing a baseline defense against common malware.
Contextual Example
A user downloads a file that contains a known computer virus. The antivirus software on their computer scans the file, recognizes the virus's signature, and quarantines or deletes the file before it can be executed and cause harm.
Common Misunderstandings
- Traditional antivirus is primarily reactive, as it relies on a database of known malware signatures. It can be ineffective against new, zero-day threats.
- Modern endpoint security solutions (like EDR) go beyond simple signature-based detection and also look for suspicious behavior to detect new threats.