BEHAVIORAL AND PERFORMANCE ANALYSIS MODEL FOR MALWARE DETECTION TECHNIQUES

Anti-virus programs are the most effective means of fighting viruses. There are no antiviruses guaranteeing 100 percent protection from viruses. Any declarations about their existence may be considered to be either an advertising trick or a sign of incompetence. Such systems do not exist, because, for each anti-virus algorithm, it is always possible to suggest a virus counter algorithm, making this particular virus invisible for this particular anti-virus (fortunately, the opposite is also true: for any anti-virus algorithm, it is always possible to create an anti-virus). [1]“False Positive” when an uninfected object (file, sector or system memory) triggers the anti-virus program. The opposite term “False Negative” means that an infected object arrived undetected. On-demand Scanning a virus scan starts upon user request. In this mode, the anti-virus program remains inactive until a user invokes it from a command line, batch file or system scheduler. On-the-fly Scanning all the objects that are processed in any way (opened, closed, created, read from or written to etc.) are being constantly checked for viruses. In this mode, the antivirus program is always active; it is a memory resident and checks objects without user request.