Clearly, the Signature based approach is not all that good (Yes, all that "downloading latest virus definitions" is exactly what i am talking about) There needs to be something more concrete, more dependable.
Enter the heuristic-based approach.
Heuristics is nothing but behavior in layman terms. It detects viruses on basis of what they do, unlike signatures where even a small difference might cause a virus to be let away.
Heuristics rely on various parameters to determine whether a given system is infected or not; then if it is infected, then go ahead and fix it. The algorithm is something like this:
** To test whether a given machine is indeed infected, we run "tests".
for(i=0; i till tests.size(); i++) {
if(tests[i].pass == true) {
infection = "possible";
}
}
** To find the locations of these infections, we invoke some algorithm that finds out possible locations
if(infection=="possible") {
for(i=0;i till locationTest.size(); i++) {
possibleLocations += locationTest[i].location();
}
}
** Finally, we remove them using some procedures.
for(i=0; i till removalProcedure.size(); i++) {
removalProcedure[i].execute(possibleLocations);
}
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment