Fandom

The IT Law Wiki

Signature scanning and algorithmic detection

32,196pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

Signature scanning and algorithmic detection (also known as scanners) are a common class of anti-virus tools.

They are static analysis detection tools (i.e., they help detect the presence of a virus). Scanners also perform a more limited role as identification tools (i.e., they help determine the specific virus detected). They are primarily used to detect if an executable contains virus code, but they can also be used to detect resident viruses by scanning memory instead of executables.[1]

Overview Edit

"They may be employed proactively or reactively. Proactive application of scanners is achieved by scanning all executables introduced to the system. Reactive application requires scanning the system at regular intervals (e.g., weekly or monthly)."[2] "Scanners are extremely effective at detecting known viruses. Scanners are not intended to detect new viruses (i.e., any virus discovered after the program was released) and any such detection will result in misidentification. Scanners enjoy an especially high level of user acceptance because they name the virus or virus family. However, this can be undermined by the occurrence of false positives. The strength of a scanner is highly dependent upon the quality and timeliness of the signature database. For viruses requiring algorithmic methods, the quality of the algorithms used will be crucial."[3]

References Edit

  1. NIST Special Publication 800-5, at §4.1.
  2. Id.
  3. Id. at §4.1.3.

Also on Fandom

Random Wiki