The IT Law Wiki

Malware scanner

32,080pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

A malware scanner can provide precise identification of known malicious code. Scanners search for “signature strings” or use algorithmic detection methods to identify known code. Scanners rely on a significant amount of a prior knowledge about the code. Therefore, it is critical that the signature information for scanners is current. Most scanners can be configured to automatically update their signatures from a designated source, typically on a weekly basis; scanners can also be forced to update their signatures on demand.[1]

Scanner software can also be used by an attacker to

send a series of messages to other computers to try to learn more about them. These tools can check hundreds or thousands of computers an hour to identify good targets for future attacks. A computer connected directly to the Internet is scanned constantly; if the computer is not protected, attackers could gain information from the scans that would help them in planning attacks against the computer.[2]

References Edit

  1. NIST Special Publication 800-36, at 36-37.
  2. NIST Special Publication 800-69, at 2-3, 2-4.

Also on Fandom

Random Wiki