admin
Some more sophisticated antivirus software uses heuristic analysis to identify new malware. Two methods are used; file analysis and file emulation.
As described above, file analysis is the process by which antivirus software will analyze the instructions of a program. Based on the instructions, the software can determine whether or not the program is malicious. For example, if the file contains instructions to delete important system files, the file might be flagged as a virus. While this method is useful for identifying new viruses and variants, it can trigger many false positives.
The second heuristic approach is file emulation. By the this approach, the target file is run in a virtual system environment, separate from the real system environment. The antivirus software would then log what actions the file takes in the virtual environment. If the actions are found to be damaging or malicious, the file may be marked a virus. But again, this method can trigger false positives.
Sourece : http://en.wikipedia.org/wiki/Antivirus_software#Security_Concept
Posted in: antivirus
0 comments:
Post a Comment