A Trust System Based on Multi Level Virus Detection
As the number of viruses grew, the old scanning methods had to include larger and larger signature databases and scanning became intolerably slow. Consequently, the developers began to streamline scanners. Instead of scanning the entire file, the entry point is examined for any pointers that would point to a virus if infected. Generic decryptions for encrypted viruses were developed and actions that reflect virus behavior, like writing to the boot block of a disk were trapped and examined (Shea, 2003). Viruses generally have two phases: Infection and attack. When a virus is released it infect available programs and files, then depending on the virus, searches for other victims each time those programs and files are opened.