Dangerously Incomplete Malware Protection

Dangerously Incomplete Malware Protection

By Bob Rankin

Bob Rankin provides a close look at the functionality of current antivirus software technology and why some methods of protection are dangerously incomplete.–PC Pitstop

Antivirus software’s first job is to detect viruses and other types of malware before they do their damage. There are two ways to identify malware, and a number of variations on these basic strategies. Here’s a plain-English description of how antivirus software gets the job done…

Different Types of Antivirus Software

Have you ever wondered how antivirus software works? In a nutshell, traditional computer security software hooks into your operating system, and inspects every file or program before it is allowed to be open or run. Newer anti-malware technology keeps an eye out for unexpected system changes. Combining both methods will provide the best security. Let’s crack open the nut, and look at these techniques in a bit more detail.

The first malware detection method is commonly called “signature-based detection.” Any program contains unique blocks of code that identify it as surely as passages from a book identify what book you’re holding. The patterns of code which uniquely identify a malware program are called its “signature.”

Antivirus vendors compile databases of malware signatures and distribute copies to their users regularly. The antivirus program scans files on a user’s system looking for matches between each file’s code and those in the signature database. Matches are flagged as malware.

Article Continued Here

Excerpt shared with permission from Bob Rankin.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles