Аnti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).
Аnti-virus software typically uses two different techniques to accomplish this:
* Examining (scanning) files to look for known viruses matching definitions in a virus dictionary
* Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.
Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Historically, the term anti-virus has also been used for benign computer viruses that spread and combated malicious viruses. This was common on the Amiga computer platform.
=============================
Techniques
=============================
Virus dictionary approach
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that the authors of the anti-virus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can take one of the following actions:
1. attempt to repair the file by removing the virus itself from the file
2. quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread)
No comments:
Post a Comment