Anti-virus software is a computer program or utility designed to detect and respond to malicious software, such as viruses and worms. Responses may include blocking user access to infected files, cleaning infected files or systems, or informing the user that an infected program was detected. So it is designed to detect and remove viruses that have infected your memory, disks, or operating systems. Since new viruses appear all the time, it is important to continuously update anti-virus software with the latest version. But most anti-virus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered.

Antivirus program works in two distinct ways. One type scans the file for viruses each time it is opened. The other takes a blueprint of every file ahead of time and stores a checksum of each file's contents in a database. The next time a file is opened, the software computes the checksum and compares it to the database to see if the file has changed. If it has, the program scans the file for viruses. The latter method is faster for day-to-day operations because computing a checksum is much faster than comparing the file with all the binary signatures. Both methods may be scheduled to perform a complete scan of all files at a periodic interval such as once a week. The best antivirus software types include: McAfee VirusScan, eTrust EzAntirus, and Norton Antivirus among others.

By analogy, an intrusion detection system (IDS) does for a network what an antivirus software package does for files that enter a system: It inspects the contents of network traffic to look for and deflect possible attacks, just as an antivirus software package inspects the contents of incoming files, e-mail attachments, active Web content, and so forth to look for virus signatures or for possible malicious actions.

In computer security, intrusion detection system (IDS) refers to the process of monitoring computer and network activities and analyzing those events to look for signs of unauthorized use of or attacks on a system or network. An IDS is designed and used to detect and then to deflect or deter where possible such attacks or unauthorized use of systems, networks, and related resources. IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the event or even paging an administrator. In some cases the IDS may be prompted to reconfigure the network to reduce the effects of the suspicious intrusion. Like firewalls, IDS may be software-based or may combine hardware and software.

For example, Network-based IDS systems (NIDS) are often standalone hardware appliances that include network intrusion detection capabilities. It will usually consist of hardware sensors located at various points along the network that analyzes data packets entering and leaving the network.
Host-based IDS systems consist of software agents installed on individual computers within the system. HIDS analyze the traffic to and from the specific computer on which the intrusion detection software is installed. Although IDS devices tend to operate at network peripheries, IDS systems can detect and deal with insider attacks as well as external attacks.