By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    All You Need to Know About APTs
    8 months ago
    Avoid infection by dangerous Onion ransomware aka CTB-Locker
    8 months ago
    How Kaspersky Internet Security protects from ransomware
    8 months ago
    Latest News
    Triangulation: Trojan for iOS | Kaspersky official blog
    2 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
    2 days ago
    Safeguards against firmware signed with stolen MSI keys
    4 days ago
    WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    What’s included in the ‘Battle of Shadow and Light’ update for Halo 5: Guardians
    8 months ago
    How to fix printer spooler problems on Windows 10
    8 months ago
    How to fix error 0x80004005 starting VirtualBox VM on Windows 10
    8 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    4 months ago
    Now you can speed up any video in your browser
    4 months ago
    How to restore access to a file after EFS or view it on another computer?
    4 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    5 months ago
  • How To
    How ToShow More
    Dynamic data collection with Zaraz Worker Variables
    Dynamic data collection with Zaraz Worker Variables
    1 day ago
    Reduce latency and increase cache hits with Regional Tiered Cache
    Reduce latency and increase cache hits with Regional Tiered Cache
    2 days ago
    Cloudflare is deprecating Railgun
    Cloudflare is deprecating Railgun
    2 days ago
    What is two-factor authentication | Kaspersky official blog
    5 days ago
    Acer refreshes Windows 11 PCs for work and play: Swift Edge 16 and Predator Triton 16
    7 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to delete all empty folders on Android?
    8 months ago
    How to come up with a signature using an online service?
    8 months ago
    How to turn on screen text on iOS?
    8 months ago
    Latest News
    How to add CPU, GPU, RAM widgets on Windows 11
    2 days ago
    How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
    5 days ago
    How to enable Taskbar End Task option to close apps on Windows 11
    5 days ago
    How to check USB4 devices specs from Settings on Windows 11
    5 days ago
  • Glossary
  • My Bookmarks
Reading: Antivirus fundamentals: Viruses, signatures, disinfection
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Antivirus fundamentals: Viruses, signatures, disinfection

Vitus White
Last updated: 13 October
Vitus White 4 years ago
Share
8 Min Read

We talk and talk (and talk) about how to behave — and even how to survive — in the digital world. And we hope it’s not in vain, that our readers learn from us and then teach their friends and relatives. It’s really important.

Contents
1. Signatures2. Viruses3. DisinfectionConclusion

But we sometimes take for granted a common knowledge of some specific terms and expressions. So today we’re going back to basics to tackle three fundamentals of antivirus.

1. Signatures

Antivirus databases contain what are called signatures, both in common usage and in writing. In reality, classic signatures have not been in use for about 20 years.

From the very beginning, in the 1980s, signatures as a concept were not clearly defined. Even now, they don’t have a devoted Wikipedia page, and the entry on malware uses the term without defining signatures, as if were such common knowledge as to go without explanation.

So: Let’s define signatures at last! A virus signature is a continuous sequence of bytes that is common for a certain malware sample. That means it’s contained within the malware or the infected file and not in unaffected files.

Antivirus fundamentals: Viruses, signatures, disinfection

A characteristic sequence of bytes

Nowadays, signatures are far from sufficient to detect malicious files. Malware creators obfuscate, using a variety of techniques to cover their tracks. That’s why modern antivirus products must use more advanced detection methods. Antivirus databases still contain signatures (they account for more than half of all database entries), but they include more sophisticated entries as well.

As a matter of habit, everyone still calls such entries “signatures.” There’s no harm in that, as long as we remember that the term is shorthand for a gamut of techniques that make up a much more robust arsenal.

Ideally, we’d stop using the word signature to refer to any entry in the antivirus database, but it’s so commonly used — and a more accurate term doesn’t yet exist — so the practice persists.

#MachineLearning is fundamental to #cybersecurity. Here are some interesting facts about them: https://t.co/5BV78lc737 #ai_oil pic.twitter.com/6frMGOzUgL

— Eugene Kaspersky (@e_kaspersky) September 26, 2016

An antivirus database entry is just that: one entry. The technology behind it could be either a classic signature or something super-sophisticated, innovative, and targeting the most advanced malware.

2. Viruses

As you might have noticed, our analysts avoid using the term virus and prefer malware, threat, and so on. The reason is that a virus is a specific type of malware that exhibits a specific behavior: It infects clean files. Between themselves, analysts refer to a virus as an infector.

Infectors enjoy a unique status in the lab. First, they are difficult to detect — at a glance, an infected file seems clean. Second, infectors require special treatment: almost all of them need specific detection and disinfection procedures. That is why infectors are handled by experts who specialize in this field.

Antivirus fundamentals: Viruses, signatures, disinfection

Malware, classified

So, to avoid confusion when talking about threats in general, analysts use umbrella terms such as “malicious program” and “malware.”

Here are a couple of other classifications that may come in handy. A worm is a type of malware that can replicate itself and break out of the device it initially infected to infect others. And malware, technically speaking, does not include adware (intrusive advertising software) or riskware (legitimate software that can inflict harm on a system if installed by malefactors).

3. Disinfection

Lately, I’ve been seeing a lot of what I hope is not a common misperception: that antivirus can only scan and detect malware, but then a user needs to download a special utility to remove the malware. In fact, special utilities do exist for certain types of malware: for example, decryptors for files affected by ransomware. But antivirus can cope on its own — and at times it’s the better option, provided access to system drivers and other technologies that cannot fit into a utility.

So, how does malware removal work? In a tiny percentage of cases, a machine picks up an infector (typically before antivirus is installed; infectors seldom slip through an antivirus’s defenses), the infector acts on some files, and then the antivirus goes through any infected files and removes the malicious code, restoring them to their original state. The same procedure is implemented when you need to decrypt files encrypted by ransomware, commonly detected as Trojan-Ransom.

As for the rest — the vast majority, perhaps 99% of cases — the malware is caught before it can infect any files, the process consists of simply deleting the malware. If no files were damaged, there’s no need to restore anything.

Antivirus fundamentals: Viruses, signatures, disinfection

In the majority of cases, it’s enough to delete the malicious file

There is one exception here, though: If the malware is not an infector – for example, if it is ransomware – and is already active in the system, the antivirus switches to disinfection mode to make sure the threat is gone for good and won’t come back. You can learn more about the process here.

That exception usually happens for one of two reasons:

  1. The antivirus was installed onto an already infected computer. You know, the usual wrong sequence — first get infected, than decide it’s time to do something about protection.
  2. The antivirus marked something “suspicious” rather than “malicious” and started to closely monitor its activities. As soon as the malware becomes clearly malicious, the antivirus rolls back all malicious activities (noted during that period of monitoring). For example, the antivirus could restore encrypted files from instant backup copies if the PC was attacked by ransomware or an infector.

Conclusion

That’s it for today. I hope you now:

  1. Know that “signatures” today are, basically, any antivirus database entries, including the most advanced ones.
  2. Are more familiar with the different types of malware.
  3. Understand that the process of disinfecting a computer or device is well within an antivirus program’s competence — and why it’s important to keep the System Watcher component in your antivirus program active to analyze the behavior of suspicious files.

Source: kaspersky.com

Translate this article

TAGGED: Malware, RC4, Riskware, Security, Software, Threat, Threats, YouTube
Vitus White October 13, 2022 September 30, 2019
Share this Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Dynamic data collection with Zaraz Worker Variables
Dynamic data collection with Zaraz Worker Variables
Apps 1 day ago
How to add CPU, GPU, RAM widgets on Windows 11
News 2 days ago
Reduce latency and increase cache hits with Regional Tiered Cache
Reduce latency and increase cache hits with Regional Tiered Cache
Apps 2 days ago
Cloudflare is deprecating Railgun
Cloudflare is deprecating Railgun
Apps 2 days ago
Triangulation: Trojan for iOS | Kaspersky official blog
Threats 2 days ago

Recent Posts

  • Dynamic data collection with Zaraz Worker Variables
  • How to add CPU, GPU, RAM widgets on Windows 11
  • Reduce latency and increase cache hits with Regional Tiered Cache
  • Cloudflare is deprecating Railgun
  • Triangulation: Trojan for iOS | Kaspersky official blog

You Might Also Like

Dynamic data collection with Zaraz Worker Variables
Apps

Dynamic data collection with Zaraz Worker Variables

1 day ago
Cloudflare is deprecating Railgun
Apps

Cloudflare is deprecating Railgun

2 days ago
Threats

Triangulation: Trojan for iOS | Kaspersky official blog

2 days ago
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Wordpress Threats

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)

2 days ago
Show More

Related stories

How to Use Cloudflare to Secure Your WordPress Site
How To Starting Chrome from the command line
How to fix error 0x80070057 in Chrome?
Windows 10 How To Disable Slide to Shutdown
Windows search not working (FIX)
How to watch movies and TV series for free on Kinopoisk?
Previous Next

10 New Stories

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 22, 2023 to May 28, 2023)
Safeguards against firmware signed with stolen MSI keys
WPDeveloper Addresses Privilege Escalation Vulnerability in ReviewX WordPress Plugin
How to create virtual drive (VHD, VHDX, Dev Drive) on Windows 11
How to enable Taskbar End Task option to close apps on Windows 11
How to check USB4 devices specs from Settings on Windows 11
Previous Next
Hot News
Dynamic data collection with Zaraz Worker Variables
How to add CPU, GPU, RAM widgets on Windows 11
Reduce latency and increase cache hits with Regional Tiered Cache
Cloudflare is deprecating Railgun
Triangulation: Trojan for iOS | Kaspersky official blog
10alert.com10alert.com
Follow US

© 10 Alert Network. All Rights Reserved.

  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?