| Detection Technique | Signature Recognition | Integrity Checking | Generic Behavior Recognition | Emulation |
| Approach | Compares stored code strings to files on disk or in Random Acess Memory (RAM) | Uses Cyclic Redundancy Check (CRC), digital signature or checksum to detect changes to files. | Monitors system and analyses code for a threshold of likely malicious or viral behavior. | Emulate process or code to entice virus. |
| Primary Strength | Finds all kind of known viruses, provides the malicious code identity. | Fast first step in detection process. | Detect unidentifiable malicious code: unknown, encrypted or polymorphic. | Catches a virus early as it decrypts and before infection. |
| Primary Challenge | Overhead for end user and administrator: time, computer resources, management | Need other technology to positively identify virus presence. | Accuracy: misinterprets legal behavior as malicious, or vice versa. | Narrow application. |
HOME > Support
