New computer viruses pose a significant computer security threat because some antivirus protection solutions are unable to detect them. In this article we will explain why some antivirus solutions are ineffective in detecting certain malware and just how these kinds of threats can be dealt with.
Arguable the most effective way of detecting computer viruses is the dictionary virus detection method. This virus detection method compares the contents of files to a virus definition database to see if that file contains malware code. If it does, the antivirus software will take steps to alert the user and quarantine, remove or clean the computer virus.
Of course, this method works so long as the antivirus software and the virus definition files are kept up-to-date. To put it another way, a virus may have infected a computer but the antivirus software may not be able to detect it because there is no entry in the dictionary to tell it what to look for.
Dealing with New Computer Viruses
To detect the latest viruses, antivirus software sometimes uses a sandbox and/or heuristic method of virus detection. The heuristic method monitors computers for suspicious behavior. Any activity that fits the profile of what a virus would do will cause the antivirus software to take defensive measures such as trying to quarantine the virus.
The sandbox approach examines the actions of suspicious files after it has allowed them to run in a controlled or simulated environment. As with the heuristic methods, the sandbox approach is not foolproof and therefore tends to give some false alarms. The sandbox and heuristic methods are however useful in detecting the latest computer viruses that have not yet been documented and mutating viruses that constantly self modify to change their signature.
Mutating/Polymorphic Viruses
Mutating viruses are a significant threat to computers and present a big challenge to antivirus software. One of the first things that a polymorphic virus does, once it starts, is to self-modify. This makes it more difficult for antivirus programs to detect them using traditional methods.
In addition to the challenges that mutating viruses pose, sophisticated cloaking and encryption methods are also being used to make viruses virtually undetectable. Therefore, in addition to using antivirus software and ensuring that they are kept up-to-date, computer users need to also use other security measures to protect their computers against malware.
Protecting Computers Against the Latest Viruses
Effectively protecting computers against the latest virus threats requires some commonsense and vigilance on the part of computer users, as well as the proper maintenance of computer assets. Some strategies that can be used to protect computers against new and perhaps undetectable viruses include:
Not always using the computer in administrator mode – Running operating systems in administrator mode allows viruses to do more damage because of the greater privileges that admin mode provide. By simply running a computer in user mode, some types of virus would be made completely harmless.
Apply security patches – Security patches should be applied as soon as they are made available to fix known flaws and security gaps in software and productivity programs.
Education – If users were better educated about computer security best practices such as not downloading and running certain program, viruses would not be as prevalent as they are today.
While some antivirus software will not readily detect the very latest viruses, keeping computers safe from security threats can be accomplish by following some computer security best practices, by remaining vigilant to suspicious activity and keeping antivirus software up-to-date at all times.
Source:
- Burger, Ralf. “Computer viruses and data protection.” Abacus, 1991
Steve McFarlane - I am a professional freelance writer who is passionate about bringing quality and relevant content to my audience of readers. I strive to ...
Join the Conversation