Zero-day virus Information & Zero-day virus Links at HealthHaven.com
advertise
add site
services
publishers
database
health videos
Bookmark and Share

search wiki for    ?
web dir firms image gallery news pdf wiki shop video 
about
toolbar
stats
live show
health store
more stuff
JOIN/LOGIN
Featured Results:
Colorado Day Spa Colorado Zero Gravity Spa Colorado Relaxation Day Spa...
Colorado Day Spa Colorado Zero Gravity Spa Colorado Relaxation Day Spa...
anewspirit.com		 boss seeks cure for inefficiency virus : Dr. Brian Day...
boss seeks cure for inefficiency virus : Dr. Brian Day...
brianday.ca		 Herpes Simplex Virus - What is Herpes Simplex Virus ?- Herpes Simplex...
Herpes Simplex Virus- What is Herpes Simplex Virus?- Herpes Simplex...
elanmedispa.com		 Barmah Forest Virus - Symptom, Treatment and cause of Barmah Forest Virus
Barmah Forest Virus - Symptom, Treatment and cause of Barmah Forest Virus
disease-condition.com		 
 This article is in need of attention from an expert on the subject. WikiProject Malware may be able to help recruit one. (November 2008)

A Zero day virus is a previously-unknown computer virus or other malware for which specific antivirus software signatures are not yet available.[1]

Traditionally, antivirus software relies upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained, signatures generated and updates distributed to users. Because of this, signature-based approaches are not effective against zero-day viruses.

Most modern antivirus software still use signatures, but also carries out other types of analysis.[2]

Contents

[edit] Code analysis

In code analysis, the machine code of the file is analysed to see if there is anything that looks suspicious. Typically, malware has characteristic behaviour and code analysis attempts to detect if this is present in the code.

Although useful, code analysis has significant limitations. It is not always easy to determine what a section of code is intended to do; particularly if it is very complex and has been deliberately written with the intention of defeating analysis. Another limitation of code analysis is the time and resources available. In the competitive world of antivirus software, there is always a balance between the effectiveness of analysis and the time delay involved.

[edit] Emulation

One approach to overcome the limitations of code analysis is for the antivirus software to run suspect sections of code in a safe "memory box" and observe the behaviour. This can be orders of magnitude faster than analysing the same code.

[edit] Generic signatures

Generic signatures are signatures that are specific to certain behaviour rather than a specific item of malware. Most new malware is not totally unique, but is a variation on earlier malware, or contains code from one or more earlier examples of malware. Thus the results of previous analysis can be used against new malware.

[edit] Competitiveness in the antivirus software industry

It is generally accepted in the antivirus industry that the signature-based protection of most vendors is identically effective. If a signature is available for an item of malware, then every product (unless dysfunctional) should detect it.

However, there is a wide range of effectiveness in terms of zero day virus protection. The German computer magazine c't found that detection rates for zero day viruses varied from 20% to 68%.[3] It is primarily in the area of zero day virus performance that manufacturers now compete.

[edit] See also

[edit] References

  1. ^ Kick Start News
  2. ^ ESET
  3. ^ Channel Register
Retrieved from "http://en.wikipedia.org/wiki/Zero-day_virus"



Product Results (view all...)

search wiki for    ?
web dir firms image gallery news pdf wiki shop video 



↑ top of page ↑about thumbshots