Utility Software: Anti-malware - Fetch Decode Explain - Computing and IT Revision | Homework

Anti-malware software (AKA Antivirus) scans a computers files and any incoming files. The files stored in secondary storage are compared to a database of virus signatures, if the file matches a signature in the database then it is identified as a virus and can then be removed.

Anti-malware software must be kept up to date so that new viruses can be identified, however the software can also carry out heuristic analysis to identify malware that has not yet been identified. There's two types of heuristic analysis:

Static analysis: decompiles a file and reads it’s source code - this is compared to known virus source code and if part of it is matched it is flagged as a virus
Dynamic analysis: runs the file in a controlled “sandboxed” environment and is monitored for its actions. If it duplicates or alters files it is flagged as a virus.

Many anti-malware applications will use bothsignature and heuristic analysis to provide the greatest chance of protecting a computer

Included in the following specifications:

Edexcel GCSE Computer Science