Antivirus software mainly prevent and remove computer viruses, including worms and trojan horses. Such programs may also detect and remove adware, spyware, and other forms of malware.
A variety of strategies are typically employed. Signatures involve searching for known malicious patterns in executable code. However, signatures can only be updated as viruses are created; users can be infected in the time it takes to create and distribute a signature. To counter such zero-day viruses, heuristics may be used to essentially guess if the file is truly malicious. Generic signatures look for known malicious code and use wild cards to identify variants of a single virus. An antivirus may also emulate a program in a sandbox, monitoring for malicious behavior. Success depends on striking a balance between false positive and false negatives. False positives can be as destructive as false negatives. In one case a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.
Antivirus software can have drawbacks. If it is of the type that scans continuously, antivirus software may cause a significant decline in computer performance, it may present computer users with a decision the user may not understand. Antivirus software generally works at the highly trusted kernel level of the operating system, creating a potential avenue of attack
The effectiveness of antivirus software is a contentious issue.
One study found that the detection success of major antivirus software dropped over a one-year period
No comments:
Post a Comment