|
Various worms and viruses cause millions, if not billions of dollars worth of damage every year. Currently, no serious business that involves computers can be imaginable without a thorough anti-virus protection. The existing antivirus products alleviate the problem with varying degrees of success, but a lot more issues are yet to be addressed. Naturally, antivirus technology has its limitations -- for instance, it may be helpless against manual attack carried out with customized tools and scripts. The current trend among AV vendors is to package the antivirus products along with intrusion detection systems, firewalls, and other computer protection components....
Read more
| |
| Signature Detection | Signature-based virus detection is the basis for all current AV products. Originally designed to catch primitive viruses that infected the DOS .COM files, a signature literally contains chunks of the virus’s executable. The signatures are created in the antivirus vendors’ labs during a semi-automated process of virus analysis. The goal is to create a signature specific enough so it matches only its virus, and never any other (possibly innocent) executables. Such approach allows the anti-virus to pin down the specific virus, and, possibly its flavor or version. However, this approach comes with several disadvantages. Perhaps the most important one...
Read more
| |
| Heuristics | Heuristic scanning is an addition to signature-based detection that allows antivirus products to be more flexible. Worms and viruses can avoid a signature-based malware detector easily by morphing themselves into a different form, obfuscating (e.g., swapping parts of the code or substituting instructions with their alternatives that server the same purpose, but look entirely different to signature-based detectors), or simply encrypting some parts of themselves. Heuristic scanning, names so after the Greek word which means “to discover”, instead of looking for a perfect signature match, works with the probability of this file being malicious. Antivirus vendors were very careful...
Read more
|
| Emulation | The dynamic virus detection is done with the help of emulation. The antivirus software contains a light virtual machine that emulates a real operating system, and is designed to appear just like the real host to the virus. However, it is isolated from the actual operating system, and is effectively run as a “sandbox”, where the unsuspecting virus can fully unwrap and display all of its malicious behavior in action, while being bound by the virtual machine and completely unable to do any harm to the actual host outside the sandbox. Over the time, some viruses have developed additional...
Read more
|
| Other methods | Other detection methods include, for example, on-the-fly virus detection. That way, the antivirus monitors the executables that are loaded into memory, and scans them for malicious patterns as they run, without even using a sandbox. Furthermore, most main system calls (DLL function calls on Windows) can be hooked with additional functions that can be used to monitor the system call traces and the real-time behavior of existing executables. That way, dangerous or anomalous activity, such as the operations with the files, automatic email and network connectivity operations, and other worm-like behavior can be detected in real time in the...
Read more
|
|
Read other articles on our site
|
Antivirus News:
May 30: Antivirus for Mobiles - TechWhack (press release)
May 30: How to recover lost photos from a digital camera memory card - Mobile Computer
May 29: Phishers target gamers - Moneyweb
May 30: Barracuda hungry for OSS security developer Sourcefire - Ars Technica
May 29: Fortinet's Consolidated Network Security Platform Selected for New ... - DMN Newswire (press release)
May 30: Kaspersky Administration Kit - Gather.com
May 28: Verizon Business Offers New Managed All-in-One Device to Help ... - Earthtimes (press release)
May 28: Fortinet's Consolidated Network Security Platform Selected for New ... - Stockhouse
May 30: Fortinet's Consolidated Network Security Platform Selected for New ... - IT Business Net
May 29: Symantec Pledges Less Bloat, More Speed - Washington Post
|
