admin
Many viruses start as a single infection, and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains. Generic detection refers to the detection and removal of multiple threats using a single virus definitiFor example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct members, "Trojan.Vundo" and "Trojan.Vundo.B".
While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely, and create a single generic signature. These signatures often contain non-contiguous code, using wild cards where differences lie. These wild cards allow the scanner to detect if virus code is padded with code.
Generic Signatures
Many viruses start as a single infection, and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains. Generic detection refers to the detection and removal of multiple threats using a single virus definition.
For example, the Vundo trojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct members, "Trojan.Vundo" and "Trojan.Vundo.B".
While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely, and create a single generic signature. These signatures often contain non-contiguous code, using wild cards where differences lie. These wild cards allow the scanner to detect if virus code is padded with code.
Sourece : http://en.wikipedia.org/wiki/Antivirus_software#Security_Concept
Posted in: antivirus
0 comments:
Post a Comment