What is a Virus Signature?

Virus Definitions

What are Virus Definitions?
A virus definition (also known as a virus signature) is a unique string of bits, or the binary pattern, of the machine code of a virus. The term "virus definitions" typically refers to the database of all current virus signature files used by particular antivirus software for virus detection. Virus definitions are the primary method of detection for most antivirus software programs. Each virus has a virus signature written in it. In simple, virus signatures are ID number for a virus.


How are they used?
When you scan your computer for viruses, antivirus software compares the data on a computer with its virus definition database. Virus definition database is the collection of virus signatures. While comparing, if the signature in database matches it is identified as a virus. 


In simple, an antivirus is like a security guard and signatures are the ID numbers. The definition database is the blacklist. It contains the ID numbers of files which are blacklisted (not allowed). While scanning, the security (antivirus) compares the ID numbers (signatures) of the files with the blacklist (database). On comparison if both are same it is identified as a virus. 


For example consider a file with signature 10101010. On scan the antivirus will compare it with dictionary. If it matches ‘10101010’ it is considered as virus.


Some hacker uses Crypter software to change the content of the file. From the above example, using this software 10101010 will be changed to 12121212 so that antivirus would not recognize it in and doesn’t consider it to be virus. To encounter with this problem Antivirus Dictionaries also include the entries to identify the Crypted Virus. It would keep 12121212 in Virus Signature Database and identify it as a virus.


For effective protection, it is essential that the virus definition database is frequently updated. Virus authors are constantly creating new variants and new viruses in attempt to exploit vulnerabilities in user’s systems. All it takes is one worm or virus to wreak havoc and cause major destruction to a system or network. In order for antivirus software to provide maximum protection, it should be able to detect all known viruses, including the latest threats. 

To know more, read "How antivirus works?" and "What is a computer virus?"

Comments

Popular posts from this blog

The ALT codes

How a webcam works?