Continued......(from part I)
Now, suppose that a previously unknown strain of the Melissa virus happens to come into contact with your computer. Your antivirus software would use a technology known as heuristics to identify the virus.
Heuristics work on the basis of probability. The basic idea is that a variant of Melissa would still resemble one of the existing versions of Melissa. After all, if it looks like Melissa and it smells like Melissa, then it’s probably Melissa. If the heuristics algorithm causes the virus scanner to uncover a potential variant of a known virus, the scanner will alert you to the fact. When your antivirus software detects an unknown variant and alerts you to the potential virus, what it’s really telling you is that the file has a certain percentage of code in common with a known virus or that the software is a certain percentage certain that the file contains viral code.
Polymorphic viruses
Heuristics are great if the virus remains true to its original form, but virus programmers are smart people. Some viruses are designed to encrypt themselves. Such viruses are known as polymorphic viruses. The idea behind polymorphic viruses is that they can reorganize themselves so as to have an extremely large potential number of signatures.
Fortunately, there’s a way to protect your machine from polymorphic viruses. If the virus scanner suspects a polymorphic virus, some antivirus software packages actually test the code. To do so, they create what’s known as a virtual machine. In a nutshell, a virtual machine is an area of memory that can behave as if it existed in a separate computer.
By opening a potentially hazardous file in a virtual machine, the antivirus software can test the file in a safe and controlled environment. If the file proves to be safe, the user will never know of the test. However, if the file does contain a virus, the user is alerted to the infection and prompted to take action.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.
0 comments:
Post a Comment