Author: Umakant Mishra
Abstract:
A virus signature is a sequence of bytes that may be found
in a virus program code but unlikely to be found elsewhere. Signature scanning
is a method of detecting a virus by scanning a target program to detect the
presence of any virus signature. If the signature is found then the target
program is deemed infected, otherwise the target program is deemed uninfected.
Signature scanning is the most popular method of virus
scanning and is adopted by all anti-virus programs. Signature scanning is
capable of detecting more than 80% of viruses. It uses a simple logic and uses
less memory and system resources. It is capable of detecting encrypted viruses
too. Although it has all these advantages, it has some drawbacks too. The worst
drawback of signature scanning is that it is not capable of detecting new and
unknown viruses. The user has to update the signature database regularly in
order to deal with the latest viruses.
In this article we discuss on how to overcome some drawbacks
of signature scanning, such as, how to reduce the time lag between virus
creation (by the virus programmer) and signature distribution (by anti-virus
company), how to reduce the time and resources required for scanning, how to
address the problem of scanning compressed files, how to address the problem of
updating the signature database, and how to increase the reliability of
signature scanning.
Keywords: Software Innovation, computer virus,
anti-virus, anti-virus software, computer vulnerability, computer security,
anti-virus design, anti-virus development, inoculation, virus scanning, virus
detection, signature scanning, virus signatures, generic scanning, virus
database,
Umakant Mishra, Overcoming Limitations of Signature Scanning
- Applying TRIZ to Improve Anti-Virus Programs (January 6, 2012). Available at
SSRN: http://ssrn.com/abstract=1980629
or http://dx.doi.org/10.2139/ssrn.1980629
No comments:
Post a Comment