TYPES OF VIRUS DETECTION TECHNIQUE

Types of virus detection technique
As the techniques used by viruses evolve and are investigated, antivirus programs incorporate more advanced virus scanning and protection measures such as the following:

Virus detection techniques

The main objective of the antivirus is to detect and remove malware programs from your computer. Since the first step is to detect, there are some techniques for that.

Detection techniques include:

- Signature Verification

- Heuristic Verification

- Behavior Blocking

- Chain Search

- Permanent Protection

- Vaccination

Signature verification technique

Signature Verification determines the characteristics that a file leads to being or not being considered malware. It is verify characteristics such as: file size, sequence of binary instructions, among others. When a file is recognized as malware, it receives its own identity, with its respective signature. These signatures are the ones that determine each malware that is part of the antivirus definition list.

This type of detection may not be very efficient, as it does not allow new malware, which was not yet included in the antivirus database, to be detected. In other words, new malware will not be detected before the antivirus software has its definition list updated.

Heuristic Verification Technique

Heuristic Verification is the ability that an antivirus has to detect malware, without having a specific vaccine for it, that is, the idea of ​​heuristics is to anticipate the discovery of malware. There are anti-spam software that works with the same philosophy. The big problem with this type of detection method is the possibility of generating a very high number of false positives. False positives are files that have some characteristics that can make it look like malware, although in reality they are not.

In addition to this, this technique performs the verification more slowly, since the process of looking for files that have certain characteristics is different from looking for already recognized malware.

This technique will also not identify new malware that have different characteristics than already known malware, since the heuristic is prepared to detect characteristics common to other malware.

Behavior Blocking Technique

Behavior Blocking is the technique that analyzes the actions carried out by programs (suspicious actions), in order to identify possible attempts at invasions or infections. According to the actions carried out by some software, it may be considered malware and not allowed to execute.

Most antivirus software uses a combination of these techniques to detect and remove malware.

Chain ​​search

Each virus contains certain character strings that identify it. These are the so-called signatures of the virus. Antivirus programs include a file called "virus signature file" in which they store all the strings corresponding to each of the viruses it detects. In this way, to find them, all the specified files will be analyzed, checking if any of them contain them. If a file does not contain any of these strings, it is considered clean, while if the antivirus program detects it inside the file, it will warn about the possibility that it is infected.

Permanent protection

During the entire time that the computer remains on, the antivirus program will be in charge of analyzing all the files involved in certain operations. When these are copied, opened, closed, executed, etc., the antivirus analyzes them. If a virus has been detected, a warning is displayed in which disinfection is allowed. If nothing unusual is found, the process just analyzed continues.

Vaccination

Using this technique, the antivirus program stores information about each of the files. If a change has been detected between the saved information and the current information in the file, the antivirus will notify you of what happened. There are two types of vaccinations: Internal, the information is stored within the file itself, in such a way that when it is executed it checks if it has undergone any change, and external the information stored in a special file and from there the information is contrasted.

Comments

Post a Comment

Popular posts from this blog

What Is the WeAreDevs Virus?

Image
This is another case of a purported virus that truly doesn't fit the definition of most computer viruses. It's not by any means malware, really. In any case, despite everything can be hazardous: While downloading a hack from that website, you could have effortlessly downloaded an adventure, too. Adventures are known tools of cybercriminals intended to exploit any security shortcomings on your computer. Since the endeavour could have been downloaded from the WeAreDevs webpage, it is known as the WeAreDevs virus when it tends to be followed back to that website. How Does the WeAreDevs Virus Work? Once installed on your computer, an endeavour helps genuine viruses and malware infiltrate your system. It's only a little bit of software or bit of code however it fundamentally powers open any holes on your system and lets malware effectively go through. Endeavours normally work by allowing the malware to divert you to a compromised website with imperceptible presentation pag...
Read more

WHAT IS BOTNET ATTACK?

Image
The number of cyber-attacks has grown dramatically in recent years. Hackers are targeting governments, businesses, and individuals around the world, and you may have unwittingly assisted them in carrying out their attacks. If you have ever clicked on a link in a suspicious email and similar emails have been automatically sent to all your contacts, you have surely been a victim, and an accomplice of a botnet. The definition: It is a word made up of the words "robot" and "network". A botnet is a group of computers remotely controlled and coordinated to carry out harmful tasks. A single botnet can be made up of between several hundred and several million computers, they are called “bots” (the word “robots” shortened). Botnets can access your computer through the installation of malicious programs, a direct attack by a hacker, or an automated program that scans the internet for security deficiencies (for example, lack of virus protection) that can be exploited. . If...
Read more

Original or Pirated Virus Protection Which Is Better

Image
The use of shields in computer systems has been used since IBM suffered the Creeper attack in 1972. To try to stop this, Reaper was developed in 1973. This is not virus protection like those of today, since they have evolved a lot. Despite their useful feature, many users choose not to pay for them and get pirated versions. So Genuine or Pirated virus protection, which is better? Also, updates to the system will not run on the illegally acquired version. That means: Stein would have to continue to load software from dubious providers - with the risk that viruses or Trojans are hidden here that search the computer for passwords for online banking, for example, and send them to the author. In a study, market observers from IDC found that a few years ago, websites that offer cracked software had spread 25 percent of malware such as Trojans at the same time. In the case of file-sharing networks, it was almost 60 percent. It often takes less than a day after a game is rel...
Read more