How Antiviruses find malicious code ?

Networking/Security Forums -> General Software

Author: Stane PostPosted: Thu Jun 11, 2009 8:46 pm    Post subject: How Antiviruses find malicious code ?
    ----
Hello to all,
i want to know how antiviruses work,are they using signature databases,file length,file extensions,what others ? And which way is the best ?

Author: smajer PostPosted: Wed Jul 08, 2009 4:32 pm    Post subject:
    ----
Hello,

A variety of strategies are typically employed. Signature-based detection involves searching for known malicious patterns in executable code. However, it is possible for a user to be infected with new malware in which no signature exists yet. To counter such so called zero-day threats, heuristics can be used. One type of heuristic approach, generic signatures, can identify new viruses or variants of existing viruses for looking for known malicious code (or slight variations of such code) in files. Some antivirus software can also predict what a file will do if opened/run by emulating it in a sandbox and analyzing what it does to see if it performs any malicious actions. If it does, this could mean the file is malicious.

http://en.wikipedia.org/wiki/Antivirus_software



Networking/Security Forums -> General Software


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group