Dangerously Incomplete Malware Protection
By Bob Rankin
Bob Rankin provides a close look at the functionality of current antivirus software technology and why some methods of protection are dangerously incomplete.–PC Pitstop
Antivirus software’s first job is to detect viruses and other types of malware before they do their damage. There are two ways to identify malware, and a number of variations on these basic strategies. Here’s a plain-English description of how antivirus software gets the job done…
Different Types of Antivirus Software
Have you ever wondered how antivirus software works? In a nutshell, traditional computer security software hooks into your operating system, and inspects every file or program before it is allowed to be open or run. Newer anti-malware technology keeps an eye out for unexpected system changes. Combining both methods will provide the best security. Let’s crack open the nut, and look at these techniques in a bit more detail.
The first malware detection method is commonly called “signature-based detection.” Any program contains unique blocks of code that identify it as surely as passages from a book identify what book you’re holding. The patterns of code which uniquely identify a malware program are called its “signature.”
Antivirus vendors compile databases of malware signatures and distribute copies to their users regularly. The antivirus program scans files on a user’s system looking for matches between each file’s code and those in the signature database. Matches are flagged as malware.
Excerpt shared with permission from Bob Rankin.