Detection techniques

There are four methods of spotting a virus that you have to know about, they are:

Searching for a virus signature

This means trying to find a match for a bit of programming code that has been recognised as a virus. This is the main way most anti virus programs detect viruses and is why you need to keep your anti virus up to date!

Memory resident monitoring

This is looking at the programs in memory (like in the screen I showed you when I talked about memory monitoring) and trying to spot a program that is trying to do something unusual. It is a bit like watching for pupils who keep turning round in an exam, they are probably trying to cheat. Not all anti virus programs do this and it has to be running all the time to be of any use.

Using something called checksum

Viruses sometimes change files. Anti virus programs can detect changes by getting a value out of a file (by doing a calculation with the binary numbers) and then later on trying to get the same value by performing the same calculation. If they don’t match someone or something (i.e. a virus) has changed the file.

Using something called heuristics

A heuristic is a trick or technique that helps you solve a problem. We know that viruses often display wierd behaviour, like trying to delete all your files without you clicking the mouse, or on a particular date disabling your computer (see michaelangelo virus). So anti virus programs can increase their chances of finding a virus by looking for these kinds of actions (another way of saying they are using a heuristic).

I hope this helps. If you are still finding it tricky there is some good stuff on Scholar, here, also I will be back tomorrow so you can ask questions then (I hope you have been behaving Dara 😉 )



