You are right, the detection and removal of malware, such as spyware and rootkits, is more involved than that of...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
viruses. Because of this, the response times providing malware signature updates are longer. While viruses, once released, propagate on their own and survive or die out based on their payloads, malware can be updated and modified after being released by its creator. This is why it changes its activities and modes of infection so quickly.
Antivirus companies can usually update their antivirus signatures within 24 hours if a new virus or varient of an existing virus is discovered. A malware signature update takes approximately 72 hours, if not longer. This time difference is do to various factors. First, a virus can be sent for inspection and analysis. Second, it is self-contained and includes the code necessary to reproduce itself. This provides a unique signature, which can be used to definitively identify and deal with it. On the other hand, malware is neither self-contained nor completely identifiable. Unless the active content that deposits malware on a computer is caught in the act, a source of infection must be found before you can begin the comparison process, which is needed to identify what it does and what it changes. You must then work through the file replacements, updates or deletions necessary to remove the infection. It can be very difficult to create a methodology that safely removes malware from all possible computer configurations. This is particularly true of kernel rootkits where the only certain cure is to erase the entire infected hard drive and reinstall the operating system from scratch.
Because of this delay, some vendors are trying to prevent malware from running in the first place by analyzing program behavior and trying to recognize and block any dangerous behavior. Each type of malware is trying to achieve a particular goal even if it uses a different method. For example, a Trojan always sends files and a dialer always dials. Two programs using this approach are a-squared Malware-IDS available at www.emsisoft.com/en/software/ids and Principal Antivirus at www.resplendence.com/antivirus. One of the leading products that uses a threat database is Sunbelt's CounterSpy, which is also offered in a centralized, policy-based Enterprise edition. CounterSpy receives updates from thousands of users participating in Sunbelt's ThreatNet community, as well as new spyware definitions from Microsoft. More details are available at www.sunbeltsoftware.com/CounterSpy.cfm.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Michael Cobb
The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the ...continue reading
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.