Zero day virus
Encyclopedia
A Zero day virus is a previously unknown computer virus
or other malware
for which specific antivirus software
signatures are not yet available.
Traditionally, antivirus software relies upon signature
s to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained, signatures generated and updates distributed to users. Because of this, signature-based approaches are not effective against zero-day viruses.
Most modern antivirus software still use signatures, but also carry out other types of analysis.
Although useful, code analysis has significant limitations. It is not always easy to determine what a section of code is intended to do; particularly if it is very complex
and has been deliberately written with the intention of defeating analysis. Another limitation of code analysis is the time and resources available. In the competitive world of antivirus software, there is always a balance between the effectiveness of analysis and the time delay involved.
This virus cannot be errased with any kind of program, software or spyware.
However, there is a wide range of effectiveness in terms of zero day virus protection. The German
computer magazine c't found that detection rates for zero day viruses varied from 20% to 68%. It is primarily in the area of zero day virus performance that manufacturers now compete.
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
or other malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
for which specific antivirus software
Antivirus software
Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, trojan horses, spyware and adware...
signatures are not yet available.
Traditionally, antivirus software relies upon signature
Electronic signature
An electronic signature, or e-signature, is any electronic means that indicates either that a person adopts the contents of an electronic message, or more broadly that the person who claims to have written a message is the one who wrote it . By comparison, a signature is a stylized script...
s to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained, signatures generated and updates distributed to users. Because of this, signature-based approaches are not effective against zero-day viruses.
Most modern antivirus software still use signatures, but also carry out other types of analysis.
Code analysis
In code analysis, the machine code of the file is analysed to see if there is anything that looks suspicious. Typically, malware has characteristic behaviour and code analysis attempts to detect if this is present in the code.Although useful, code analysis has significant limitations. It is not always easy to determine what a section of code is intended to do; particularly if it is very complex
Complexity
In general usage, complexity tends to be used to characterize something with many parts in intricate arrangement. The study of these complex linkages is the main goal of complex systems theory. In science there are at this time a number of approaches to characterizing complexity, many of which are...
and has been deliberately written with the intention of defeating analysis. Another limitation of code analysis is the time and resources available. In the competitive world of antivirus software, there is always a balance between the effectiveness of analysis and the time delay involved.
This virus cannot be errased with any kind of program, software or spyware.
Emulation
One approach to overcome the limitations of code analysis is for the antivirus software to run suspect sections of code in a safe "memory box" and observe the behaviour. This can be orders of magnitude faster than analysing the same code.Generic signatures
Generic signatures are signatures that are specific to certain behaviour rather than a specific item of malware. Most new malware is not totally unique, but is a variation on earlier malware, or contains code from one or more earlier examples of malware. Thus the results of previous analysis can be used against new malware.Competitiveness in the antivirus software industry
It is generally accepted in the antivirus industry that the signature-based protection of most vendors is identically effective. If a signature is available for an item of malware, then every product (unless dysfunctional) should detect it.However, there is a wide range of effectiveness in terms of zero day virus protection. The German
Germany
Germany , officially the Federal Republic of Germany , is a federal parliamentary republic in Europe. The country consists of 16 states while the capital and largest city is Berlin. Germany covers an area of 357,021 km2 and has a largely temperate seasonal climate...
computer magazine c't found that detection rates for zero day viruses varied from 20% to 68%. It is primarily in the area of zero day virus performance that manufacturers now compete.