History
There are competing claims for the innovator of the first antivirus product. Perhaps the first publicly-known neutralization of a wild PC virus was performed by European Bernt Fix (also Bernd) in early 1987. Fix neutralized an infection of the Vienna virus.The first edition of Polish antivirus software mks_vir was released in 1987; the program was only available with a Polish interface. Autumn 1988 saw antivirus software Dr. Solomon's Anti-Virus Toolkit released by Briton Alan Solomon. By December 1990, the market had matured to the point of nineteen separate antivirus products being on sale including Norton AntiVirus and ViruScan from McAfee
.
Peter Tippett made a number of contributions to the budding field of virus detection. He was an emergency-room doctor who also ran a computer software company. He had read an article about the Lehigh virus and questioned whether they would have similar characteristics to biological viruses that attack organisms. From an epidemiological viewpoint, he was able to determine how these viruses were affecting systems within the computer (the boot-sector was affected by the Brain virus, the .com files were affected by the Lehigh virus, and both .com and .exe files were affected by the Jerusalem virus). Tippett’s company Certus International Corp. then began to create anti-virus software programs. The company was sold in 1992 to Symantec Corp, and Tippett went to work for them, incorporating the software he had developed into Symantec’s product, Norton AntiVirus.
A very uncommon use of the term "antivirus" is to apply it to benign viruses that spread and combated malicious viruses. This was common on the Amiga computer platform.
About
In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:
1.attempt to repair the file by removing the virus itself from the file,
2.quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread), or
3.delete the infected file.
To achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically-minded and technically-inclined users identify new viruses "in the wild", they can send their infected files to the authors of antivirus software, who then include information about the new viruses in their dictionaries.
Dictionary-based antivirus software typically examines files when the computer's operating system creates, opens, closes, or e-mails them. In this way it can detect a known virus immediately upon receipt. Note too that a System Administrator can typically schedule the antivirus software to examine (scan) all files on the computer's hard disk on a regular basis.
Although the dictionary approach can effectively contain virus outbreaks in the right circumstances, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and more recently "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.
An emerging technique to deal with malware in general is whitelisting. Rather than looking for only known bad software, this technique prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator. By following this default deny approach, the limitations inherent in keeping virus signatures up to date are avoided. Additionally, computer applications that are unwanted by the system administrator are prevented from executing since they are not on the whitelist. Since modern enterprise organizations have large quantities of trusted applications, the limitations of adopting this technique rest with the system administrators' ability to properly inventory and maintain the whitelist of trusted applications. As such, viable implementations of this technique include tools for automating the inventory and whitelist maintenance processes.