Antivirus Software - Identification Methods

Identification Methods

One of the few solid theoretical results in the study of computer viruses is Frederick B. Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses.

There are several methods which antivirus software can use to identify malware.

Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.

Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.

File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.

Read more about this topic:  Antivirus Software

Famous quotes containing the word methods:

    The ancient bitter opposition to improved methods [of production] on the ancient theory that it more than temporarily deprives men of employment ... has no place in the gospel of American progress.
    Herbert Hoover (1874–1964)