Overcoming Limitations of Signature Scanning - Applying TRIZ to Improve Anti-Virus Programs
暂无分享,去创建一个
A virus signature is a sequence of bytes that may be found in a virus program code but unlikely to be found elsewhere. Signature scanning is a method of detecting a virus by scanning a target program to detect the presence of any virus signature. If the signature is found then the target program is deemed infected, otherwise the target program is deemed uninfected. Signature scanning is the most popular method of virus scanning and is adopted by all anti-virus programs. Signature scanning is capable of detecting more than 80% of viruses. It uses a simple logic and uses less memory and system resources. It is capable of detecting encrypted viruses too. Although it has all these advantages, it has some drawbacks too. The worst drawback of signature scanning is that it is not capable of detecting new and unknown viruses. The user has to update the signature database regularly in order to deal with the latest viruses. In this article we discuss on how to overcome some drawbacks of signature scanning, such as, how to reduce the time lag between virus creation (by the virus programmer) and signature distribution (by anti-virus company), how to reduce the time and resources required for scanning, how to address the problem of scanning compressed files, how to address the problem of updating the signature database, and how to increase the reliability of signature scanning.