Virus Detection Methods and Techniques

ID Techniques

File Checking

Identification Antivirus programs will scan and identify existing virus files and processes on your computer. The scanning will look at simple things like file names sizes and quantities to determine if a virus has loaded itself or replicated on your computer. These programs also look at checksums as a way to identify malicious code and data. Checksums are unique numbers that are assigned to files for error checking purposes based on their content. They can be used by Antivirus programs to identify code and data that is unique to a specific variety of viruses. They are a signature of sorts can these programs to identify viruses. Viruses have unique code and data that they must store on your computer. Using these techniques of id Antivirus software can have a better idea if code and data are part of a virus or are harmless code and data.

Memory Scanning

Antivirus software will also check running processes to check for hidden processes and memory usage for viruses that have themselves loaded in memory. Looking at these signatures will determine if something running is using memory in a malicious manner. Some viruses slow down your entire computer by spawning dummy processes or allocating too much memory.

Registry Modifictions

Antivirus programs also watch for registry modifications and keys that are characteristic of viruses. Registry settings hold the options that control your programs and operating system. Antivirus programs will check to see what keys are in you registry and can identify mailicious code by the keys it might create. Some viruses modify the settings in the registry in malicious ways. Antivirus programs will check for those options when they scan.

Heuristic Techniques

All the above techniques look at known characteristics of viruses and the traces they leave on your system. Antivirus programs will store all these characteristics in a database and check against the database to find these clues. Heuristic Techniques

Antivirus programs will also check for unknown or new viruses by watching for "virus-like" behaviour. Antivirus programs use heuristic techniques to track viruses as well. These are basic behavioural techniques for tracking viruses that watch for registry modifications, file creations, checking PE headers on windows programs. All of which are able to track viruses that are not yet in the databse of known viruses.