Next: General Purpose Monitors Up: Signature Scanning and Algorithmic Previous: Selection Factors

Summary

Scanners are extremely effective at detecting known viruses. Scanners are not intended to detect new viruses (i.e., any virus discovered after the program was released) and any such detection will result in misidentification. Scanners enjoy an especially high level of user acceptance because they name the virus or virus family. However, this can be undermined by the occurrence of false positives.

The strength of a scanner is highly dependent upon the quality and timeliness of the signature database. For viruses requiring algorithmic methods, the quality of the algorithms used will be crucial.

The major strengths of scanners are:

The major limitations of scanners are:



Next: General Purpose Monitors Up: Signature Scanning and Algorithmic Previous: Selection Factors


konczal@csrc.ncsl.nist.gov
Fri Mar 11 21:26:02 EST 1994