Antivirus Approaches

• First-generation

  • A scanner identifies a virus by its bit signature.
  • Assumes that a virus has the same structure and bit pattern in all copies.
  • Maintains a record of the length of the programs and looks for changes in length.

• Second-generation

  • Uses heuristic rules to search for probable virus infection.
  • Looks for fragments of code that are often associated with viruses.

Previous slide

Next slide

Back to first slide

View graphic version