I recently had a magazine of Symantics and have read about how protection is done by an antivirus software in the simplest thought. I would like to share it with you all.
The classic mechanism for detecting and stopping threats is Blacklisting though the use of Virus Signatures. Which is i guess the primary reason why we have to update our antivirus software regularly. It is analogous to using a fingerprint matching to catch criminals. In order to for a virus to be recognize, it needs to be in the virus signature, if not it will not be considered as a threat. This works well on those virus that had been already discovered. But how about those new invented viruses, well in this situation blacklisting mechanism isn't effective anymore.
Here come Heuristic Technology, it is examining the attributes of files on disk to check for suspecious characteristics. For the analogy, if you see a person wearing an angle lenght coat in the street during summer with something obviously concealed underneath, we usually identify them as "suspecious". Any suspecious file can still be detected eventhough it is not in the virus signatures.
The last line of defense beyond blocklisting and heuristics is, Behavioral Protection Technology. This involves monitoring actively running software and network streams for behavioral patterns that could be malicious. In this approach, it is possible to identify entirely new threats or classes of threats by examining their behaviour. It can catch entirely new and unknown malware that has bypassed classic, finger-print antivirus protection and heuristic protection.
The classic mechanism for detecting and stopping threats is Blacklisting though the use of Virus Signatures. Which is i guess the primary reason why we have to update our antivirus software regularly. It is analogous to using a fingerprint matching to catch criminals. In order to for a virus to be recognize, it needs to be in the virus signature, if not it will not be considered as a threat. This works well on those virus that had been already discovered. But how about those new invented viruses, well in this situation blacklisting mechanism isn't effective anymore.
Here come Heuristic Technology, it is examining the attributes of files on disk to check for suspecious characteristics. For the analogy, if you see a person wearing an angle lenght coat in the street during summer with something obviously concealed underneath, we usually identify them as "suspecious". Any suspecious file can still be detected eventhough it is not in the virus signatures.
The last line of defense beyond blocklisting and heuristics is, Behavioral Protection Technology. This involves monitoring actively running software and network streams for behavioral patterns that could be malicious. In this approach, it is possible to identify entirely new threats or classes of threats by examining their behaviour. It can catch entirely new and unknown malware that has bypassed classic, finger-print antivirus protection and heuristic protection.
