HOW ANTIVIRUS DETECTS
MALWARE?
Antivirus is that tool that we constantly mention in our articles
and whose functionality is essential to preserve the integrity of
the information and the systems that manage it. It protects all
our data, information and keep us safe. In this article we will
show you some details and characteristics of this basic
cybersecurity tool.
What Does An Antivirus Do?
An antivirus is a type of software whose main objective is to
detect and block malicious actions on the computer,
generated by any type of malware and, in the event of an
infection, to eliminate it. Currently, this type of software is part
of what are known as suites of security tools that incorporate
other functionalities: password managers, Wi-Fi network
analyzers or blockers of malicious websites such as those
used in phishing campaigns.
Malware Detection
Antivirus incorporate a large number of functions. Today we
are going to focus on how they detect malicious code. To do
this, they mainly have two types of protection:
I. Reactive, signature-based;
II. Proactive or heuristic.
Signature Database
The method, traditionally used by an antivirus to detect
malware, is based on signature databases (a way to identify
malware), generated by the manufacturer, also known as
vaccines. The possible malicious file is checked against the
database and if there is a match then it is malware.
Signature-based detection issues
The main problem with this type of analysis is that it will only
detect those malware samples that have already been
previously identified and for which a signature has been
generated that is in the database. If it does not exist in the
database that the user's antivirus has, the user would be
exposed to the threat.
Another drawback is the delay that exists between the
identification, generation of the signature and updating of the
database; this window of time leaves the user defenseless
against the threat.
Finally, there are a lot of malicious files that are created on a
dail