As soon as viruses started to
appear, so did anti-virus software and virus scanners. Most virus scanners
work by reading files and comparing sequences of bytes from these files to a
database of sequences from known viruses. The database is continually
updated by the anti-virus software vendors to keep it up to date. This is of
course a problem. No matter how often the database is updated, it will only
protect you from the last wave of viruses but not from the next one. To
address this problem, some anti-virus software has gone back to using other
techniques of recognizing viruses as well.
early days of anti-virus software there were really two types around - those
that matched sequences of bytes like today's anti-virus scanners and those
that tried to recognize "virus behavior". However, when the number of
viruses grew, it was soon clear that virus behavior detection was becoming
far too complex, and it was abandoned. What some current anti-virus software is
trying to do is to combine the two methods. Unfortunately, they guys writing
the viruses have access to anti-virus software too, and they will most
likely test their creations before letting them off into the wild.
Mutating viruses were the talk of the industry not many years ago. They
would change every time they spread so that no string of bytes would ever be
the same. They would not be recognized no matter how often virus databases
were updated. Regular toolkits for writing mutating viruses appeared on the
Internet. That craze died out for some reason. Maybe it is that spreading
viruses has become so easy that using more advanced techniques is overkill.
I don't know. A clever mutating virus is my biggest fear. (There are
still viruses around that modify themselves, but not in any clever way.) It is
relatively easy to come up with a mutating virus for anyone who knows a
little bit about programming. It would use some encryption technique to hide
most of its code and would constantly modify the rest. It would be really hard for virus scanners to detect. It
is only a matter of time, I think. Instead, the latest craze are viruses
that disable anti-virus scanners. I believe that is a technique that is here
to stay. Each generation of viruses keeps getting better at it.
Copyright © 2002 Abtrusion Security AB.
All rights reserved. This document may be reproduced provided that it is
reproduced in its entirety and that this copyright message is retained.