A virus definition is binary pattern (a string of ones and zeros) that identifies a specific virus. By checking a program or file against a list of virus definitions, antivirus software can determine if the program or file contains a virus.
Most antivirus and Internet security programs reference a database of virus definitions when scanning files for viruses. This is an effective way to detect known viruses. However, when new viruses are created, antivirus software may not recognize them. Therefore, most antivirus programs automatically update the virus definitions from an online database on a regular basis (such as once a week).
Some antivirus programs use known virus definitions to generate heuristics that can detect unknown viruses. These viruses may not match a virus definition exactly, but they may be similar enough that the antivirus software can mark the file as a possible virus. While this offers extra protection against unknown viruses, it can also produce "false positives," labeling files as potentially harmful when they do not contain viruses.
The accuracy of antivirus heuristics is improved over time based on the feedback end users and developers provide to antivirus software companies. This feedback is used to whitelist or blacklist certain files. By combining this information with up-to-date virus definitions, antivirus software can produce less false positives, yet still catch actual viruses.
Updated: October 31, 2013