Antivirus software detects known viruses by consulting a database containing virus signatures. When the antivirus software finds a virus contained in its database, it disinfects the infected files. What happens, however, if you get a virus that isn’t in the database?
The answer is that it depends. If a brand-new type of virus is released, there’s little chance that an antivirus program will be able to detect the menacing code before it does harm. For example, the Melissa and I Love You viruses both unleashed havoc all over the world because they were brand-new types of viruses that no antivirus program even knew to look for.
Defenses against new viruses
Fortunately, there is some defense against new viruses. One of the older methods involved monitoring the system for virus-like activity. For example, even today, many antivirus programs monitor to make sure that the Command.com file isn’t changed. After all, no legitimate program except for an operating system upgrade should be tampering with your machine’s Command.com file.
Some antivirus software also watches for replication code to be run. However, this isn’t an effective technique since many legitimate programs, such as Windows 2000 and Microsoft Exchange, include replication code.
The number one way to look for an unknown virus is by using the database of known virus signatures. As you may know, for every new virus that comes along, there are countless variants. For example, there are over 50 known variants of the Melissa virus. Most of these variants should be identified by signature within the signature database.
2 comments:
what a quick reply!
thanks.
ur wel come buddy.
Post a Comment