What is a Signature Virus?

In the antivirus world, a signature is an algorithm or a hash (a number derived from a text string) that uniquely identifies a specific virus. Depending on the type of scanner used, a static hash may be, at its simplest, a numerical value computed for a unique virus code snippet. Or, less commonly, the algorithm may be behavior-based i.e. if this file tries to do X, Y, Z, mark it as suspicious and prompt the user to make a decision. Depending on the antivirus vendor, the signature might be referred to as a signature, profile, or DAT file.

A single signature may be compatible with a large number of viruses. This allows the scanner to detect a new virus that it has never seen before. This ability is generally referred to as either heuristics or general disclosure. Specific detection is unlikely to be effective against completely new viruses and is more effective in detecting new members of an already known "virus" family (a group of viruses that share many of the same properties and some of the same codes). The ability to explore or dynamically detect is important, given that most scanners now contain more than 250,000 signatures and the number of new viruses being discovered increases dramatically year after year.

Frequent need to update

Every time a new virus is detected that is not detectable by an existing signature, or it may be discoverable but cannot be removed properly because its behavior is not fully compatible with previously known threats, a new signature must be created. After the new signature is created and tested by the antivirus vendor, it is pushed to the customer in the form of signature updates. These updates add detection capability to the scan engine. In some cases, a previously submitted signature may be removed or replaced with a new signature to better provide detection or disinfection capabilities.

Depending on the survey vendor, updates may be offered hourly, daily, or sometimes weekly. The need to provide signatures varies by type of scanner, that is, with what is loaded on the scanner. For example, no adware and spyware infiltrating more than a large number of viruses, and it usually provides your scanner programs spyware/spyware updates weekly for signature (or even less frequently). Conversely, the virus scanner has to deal with thousands of new threats that are discovered every month, and therefore, signature updates must be provided at least daily.

Of course, it is simply impractical to issue an individual signature for every new virus discovered, and thus antivirus vendors tend to release a specific schedule, covering all of the new malware they encounter within that timeframe. If a particularly prevalent threat or threat is detected between regularly scheduled updates, vendors will usually analyze the malware, create the signature, test it, and release it out of range (which means, freeing it outside of their regular update schedule).

To maintain the highest level of protection, configure the total security to check for updates whenever allowed. Keeping signatures up-to-date does not guarantee that a new virus will never slip down, but it does make it much less likely.