To detect computer viruses, we can use two different approaches or tips, namely by detecting the presence of viruses and detect file modification. Both kinds of approach was further developed by various anti virus programs, for example by:
Finding a suspicious text.
Programs that implement these techniques try to find a character string that does not match the usefulness of that file. Often the software is displaying the text on the screen, so users can view it directly.
Look for suspicious code.
This program works as resident in RAM (memory), and the computer is monitoring activities and alerts the user if there is anything suspicious. This will cause the software that was running is often interrupted. As a result, anti-virus program has become like a virus itself.
Locking writing to the file.
Here the antivirus program to lock a file or directory from the effort of writing. But there are also viruses that managed to penetrate these defenses.
Locking writing to the hard drive.
Here the hard drive is protected from the effort of writing, and how it fits to the file server on a computer network.
Look for known viruses.
Here the anti-virus program to read the disk if found certain viruses which are well known. So similar to many anti-virus programs are outstanding so far. The downside, this program can not detect new viruses, or virus-modified long.
Just run the program that allowed it.
This means the computer will not run programs that are not listed. Of course this way can not avoid the entry of the virus through a program that has been attacked, although the entry in the list.
Just run the program that allowed residents only.
This method prevents the entry of undesired resident program, assuming the virus program is resident. But as we know, not all programs are resident viruses.
Checking the authenticity of the file.
How this is done by checking whether a file has been modified by a specific virus by comparing it with all the files (the original). This method is performed by the check-sum byte value from the file.
Check the authenticity of cryptography.
This method is similar to checking the authenticity of the file. The difference is, here the sum is only a limited section (reference) of the file, not the entire file.