How does anti-malware scanners work?

Antimalware scanners used to use signature databases to see if your computer was infected... When the program was run it would check to see if certain conditions where true (for example: new registry keys, files / folders) and if they where it would show the infection that made those changes. The process of finding new infection, creating signatures and publishing them took to long, new viruses where being made while they where still trying to detect and remove the old ones! Today, antimalware scanners use behavior based or heuristic (bloodhound) detection tools, they are like watchdogs... Looking for common changes made by malware, when sensitive settings are modified by a program the user is notified. It is now common to see a malware scanner that has both signature and behavior based, for maximum prevention and removal.


--Behavior based scanners are good mainly for prevention

--Signature based scanners are good mainly for removal of threats.

--Maximum protection is achived when both methods are combined