There are several methods which antivirus software can use to identify malware.
Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.
Malicious activity detection is another way to identify malware. In this approach, antivirus software monitors the system for suspicious program behavior. If suspicious behavior is detected, the suspect program may be further investigated, using signature based detection or another method listed in this section. This type of detection can be used to identify unknown viruses. Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses. This can be accomplished in one of two ways; file analysis and file emulation. File analysis is the process of searching a suspect file for virus-like instructions. For example, if a program has instructions to format the C drive, antivirus software might further investigate the file. One downside is the amount of computer resources needed to analyze every file. File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
Sourece : http://en.wikipedia.org/wiki/Antivirus_software#Security_Concept
0 comments:
Post a Comment