antivirus software

Just like EDR, antivirus and antimalware software is a method of localized endpoint defense. It might be one of the most basic levels of cybersecurity, but that doesn’t mean you should overlook or undervalue it.

It provides a specific type of protection against viruses and malware that forms the base level of a defense in depth cybersecurity strategy for business organizations and individuals.

To best understand how antivirus software has evolved, let’s take a brief look at its origins.


The first documented computer virus was recognized all the way back in 1971. Known as The Creeper, it infected and spread to PDP-10 mainframe computers built by the Digital Equipment Corporation. To fight this newfound type of computer threat computer programmer Ray Tomlinson invented The Reaper.

The Reaper wasn’t the typical antivirus as we know it today. It was another form of virus designed to remove The Creeper from infected machines.

Fast forward to the late 1980s. Toward the end of 1987 German computer security expert Bernd Robert Fix created software to eliminate Vienna, an infection that attacked DOS systems. The origin of the first true antivirus is debatable, but this was the first documented time a program was used to remove a computer virus.

During that same time in history another German company, G Data Software AG released the first antivirus application designed for use with Atari ST computers. They followed this up with a program called Ultimate Virus Killer 2000.

1987 was a big year for antivirus software. McAfee, one of the leaders in the technology was also founded that year and released the first version of VirusScan. NOD32 antivirus came to market that year as well.

But that was just the beginning. Two more antivirus applications came out in 1987 in FluShot Plus and Anti4us. And though these applications don’t exist anymore, they pushed the concept of heuristic antivirus to new levels of sophistication.


Antivirus software really came into its own post-1987 and into the 1990s. Companies like Avast and Avira were founded and released Avast Antivirus and AntiVir and respectively.

The antivirus software industry took on a rapid pace into the 1990s. Spanish company Panda Security was founded, and the Computer Antivirus Research Organization (CARO) was founded with the objective of researching and studying malware.

Symantec brought their Norton line of security products out in 1991 with AntiVirus. And today along with McAfee they’re a household name. Dutch company AVG released AVG Antivirus in 1992 and ESET was founded by the technologists behind NOD32. AVG had a market share of 19.11% and ESET one of 14.49% as of 2016.

With every passing decade new companies form and more sophisticated types of antivirus software release. Considering how important cybersecurity is on a global scale this trend is only going to continue.

How it works

Antivirus products function by detecting and quarantining or deleting documented malicious code. They scan directories and files through “signature-based scanning” looking for patterns based on signatures and definitions of known security threats.

Through background scanning, or on-access scanning, antivirus offers protection in real time to detect different types of security threats like viruses, spyware, spam, and malware. “Next-gen” antivirus programs offer features like firewalling and web protection to guard against your PII and sensitive information being stolen.

Depending on the type of antivirus, it could be designed to scan automatically or manually. Some offer the option to defeat automatic scanning to reduce load on system resources. Regardless of the type you use, it’s important to understand how it scans and adjust the settings or manual scan intervals accordingly.

Manual updating presents risks if the user doesn’t do them frequently…or at all. Modern antivirus usually provides automatic updates, most often through a subscription model. Making sure your antivirus is up to date means it will have the most current threat signature updates.


Antivirus software comes in various forms. The heuristic methodology examines code looking for anything suspicious, real-time provides continuous scanning, on demand only runs when a user tells it to, and email antivirus is designed to prevent the spread of malware through emails.


Antivirus software provides an easy-to-use mechanism, but like any solution it isn’t without its limitations and weaknesses. It has limited detection methods and is vulnerable to zero-day exploits and advanced persistent threats (APTs), which is one of the primary benefits of EDR. Its system load can eat precious resources, especially if the computer it’s installed on is underpowered. It can also interfere with innocuous programs and processes, sometimes presenting false positive alerts.

Since it’s just one piece of the defense in depth cybersecurity puzzle it operates through limited detection methodologies, so it doesn’t offer total protection. Additionally, it’s not effective against cyberattacks with specific targets as well as social engineering.

Best practices

There are proactive steps you can take as a user to make sure your chosen antivirus solution provides the best level of protection. Always patch it and keep it up to date. Consistently scan your system for issues, not just when you suspect something is wrong.

Be careful downloading files or clicking on suspicious links. And use additional security protocols like other categories of cyber security solutions, good password hygiene, and multi-factor authentication.

The difference between antivirus and EDR

Antivirus software installs on a device directly and provides protection against malicious applications. EDR is software that detects and halts cyberthreats while providing visibility and a certain level of control over network devices.

Another key difference between standard antivirus and EDR is that AV analyzes static threat signatures while EDR analyzes anomalous behaviors and patterns. This means that antivirus is reactive and EDR is proactive. Scope is another differentiator between the two security solutions. Standard AV is decentralized and has a limited scope with simpler detection and response. Conversely, EDR is centralized and provides continuous monitoring and more sophisticated protection.

The efficacy of antivirus is highly dependent on the developers compensating for new threat signatures. EDR uses a combination of artificial intelligence and machine learning to provide the constant data collection and analysis that makes them effective in the first place.

How each solution responds is different. AV only performs an action when a threat penetrates the system. EDR responds through actions like isolating the device from the network, killing a process or blocking execution.

Response time differs as well, with AV taking action immediately through automation and EDR performing a number of different tasks based on the specific type of endpoint detection response solution.

It’s easy to compare them, especially if you’re not tech savvy. And while they are similar, they serve different, distinct purposes.


Cybersecurity has never been more important. The threat landscape is always evolving, and the type of defenses you equip yourself with can be the difference maker between proper cyber hygiene and exposing yourself to a breach or cyberattack. Antivirus software is just one of the solutions. A defense in depth cybersecurity strategy is the best way to cover your cyber bases, and antivirus is an important line of defense.

This is a basic overview. But whether you’re an organization or basic end user, antivirus is an efficient and cost-effective first line of cybersecurity defense.