Authors: BR Karumudi
Antivirus and malware detection software primarily used in signature-based approach. These software’s use a set of rules from a library, based on previously known malware and published vulnerabilities from the software manufacturer. The rules are very specific to the vulnerability and malware, thus making them brittle and very context and malware specific. So a new malware release still has the potential to take advantage of the same vulnerability that has already been addressed for different malware. The Antivirus software provider releases updates to the library of rules on a periodic basis, or as critical vulnerabilities are discovered. One risk with the traditional Antivirus or malware detection software is zero-day vulnerabilities, where the hackers discover it before either the software manufacturer or the antivirus provider.
