Antivirus software (alternate spelling anti-virus) mainly prevent and remove computer viruses, including worms and trojan horses. Such programs may also detect and remove adware, spyware, and other forms of malware.
A variety of strategies are typically employed. Signatures involve searching for known malicious patterns in executable code. However, signatures can only be updated as viruses are created; users can be infected in the time it takes to create and distribute a signature. To counter such zero-day viruses, heuristics may be used to essentially guess if the file is truly malicious. Generic signatures look for known malicious code and use wild cards to identify variants of a single virus. An antivirus may also emulate a program in a sandbox, monitoring for malicious behavior. Success depends on striking a balance between false positive and false negatives. False positives can be as destructive as false negatives. In one case a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.