Boost position in search engines, seo tools. Page Comparison Tool
|
|
The dynamic virus detection is done with the help of emulation. The antivirus software contains a
light virtual machine that emulates a real operating system, and is designed to appear just like
the real host to the virus. However, it is isolated from the actual operating system, and is
effectively run as a “sandbox”, where the unsuspecting virus can fully unwrap and display all of
its malicious behavior in action, while being bound by the virtual machine and completely unable
to do any harm to the actual host outside the sandbox.
Over the time, some viruses have developed additional tricks, targeted specifically at the
emulation-based detectors, attempting to obfuscate the malicious behavior from the dynamic
detectors as well. For instance, they may activate only on a certain day of the week, or require
some user actions (e.g., a pressed key) for activation. The idea is that if the virus is
scheduled to activate on Tuesday, but the emulation-based scan is run on Monday, the antivirus
simply will not see any malicious behavior. The anti-virus fought back by altering the clock of
the virtual machine, and other counter-measures.
The advantages of emulation-based virus scanning are obvious. First, if the unsuspecting virus
runs as if it was on the real system, it has to eventually completely decrypt itself and
eventually expose all of its code in order to be executed. Thus, the encrypted viruses can be
detected using this technique: something that is very hard to do with purely static methods. The
second big advantage of emulation is that when the virus unwraps and executes, it may also
de-obfuscate some of its code, also making the AV job easier. Thus, polymorphic viruses that do
not perform too complex transformations can be easily detected.
The issues with emulation-based scanning include the overhead of emulation and, as mentioned
before, possible tricks the virus writers may use to avoid dynamic detection.
|
|
|
dell 130w ac adapter
|
