Jump to content
Tuts 4 You

Malicious Code Detection Technologies

Teddy Rogers

About This File

Just like every other type of technology, malicious code has grown increasingly sophisticated and complex. The antivirus industry must try to stay one step ahead, especially since it is often easier to produce malicious code than it is to detect it. This white paper provides an overview of the evolving combat tactics used in the antivirus battle, giving both simplified explanations of technological approaches as well as a broad chronological perspective.

Many of the technologies and principles discussed in the paper are still current today, not only in the antivirus world, but also in the wider context of computer security systems. The early malicious code detection technology was based on signatures segments of code that act as unique identifiers for individual malicious programs. Using signatures is a relatively primitive and repetitive technology which requires little explanation and is widely understood.

As viruses have evolved, the defence technologies also had to evolve. Now they involve the use of more advanced approaches, such as heuristics and behavior analyzers, that we collectively refer to as "nonsignature" detection methods. This paper focuses primarily on these nonsignature technologies. It will define terms such as heuristic, proactive detection, behavioural detection, and HIPS it will explain how they are related; and identify some of the advantages and disadvantages of each. Some of the technologies currently used by the antivirus industry “such as unpacking packed programs and streaming signature detection" were intentionally not included in this paper to allow for a more in-depth discussion of nonsignature detection methods.

This paper was developed for readers who have a very basic understanding of antivirus technologies, but who are not experts in the field. Its aim is to systematically and objectively examine issues surrounding the use of malicious programs and the defence techniques that are essential for protection from them.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...