ELI5: What is Antivirus / Anti-malware?
Think of it as a bodyguard for your computer that checks every file coming in, like a school nurse checking kids for a fever. If it spots something sick, it stops it from getting inside.
Definition
Antivirus and anti-malware software protects endpoints by detecting and removing malicious software using signature-based detection (matching known malware patterns), heuristic analysis (identifying suspicious behaviors), and behavioral monitoring. Modern solutions combine multiple detection methods to combat both known threats and novel, zero-day malware.
Key Details
- Signature-based: compares files against a database of known malware signatures; fast but misses new threats
- Heuristic/behavioral: analyzes code behavior or structure to detect unknown threats
- Sandboxing: executes suspicious files in an isolated environment before allowing them to run
- Must be kept updated — signature databases require frequent updates to remain effective
- Complements but does not replace EDR solutions; considered a baseline endpoint control
Connections
- Parent: endpoint-security — antivirus is a foundational endpoint security control
- See also: fileless-malware-detection