Most Valued Members peteyt 396 Posted April 18, 2019 Most Valued Members Posted April 18, 2019 Hi there I was just wondering the other day if virus signatures are ever deleted? As definitions are updated daily, I've seen some worry that definitions could become too big. Some due to this prefer whitelisting but it has its flaws. So I was curious if signatures ever get deleted e.g. if a virus is extremely old, possibly designed for a system no longer used or a version of an operating system no longer supported etc. From the basics that I do know, some signatures are sometimes merged together e.g. signatures based on the same or similar virus but that's all I know.
Administrators Marcos 5,408 Posted April 19, 2019 Administrators Posted April 19, 2019 Yes. Especially trivial detections are replaced with more sophisticated ones that can cover many more variants of the malware.
Most Valued Members peteyt 396 Posted April 19, 2019 Author Most Valued Members Posted April 19, 2019 1 hour ago, Marcos said: Yes. Especially trivial detections are replaced with more sophisticated ones that can cover many more variants of the malware. What about old malware e.g. something from 10, 20 years ago. Do AVs need to protect against these in the chance someone is infected
Administrators Marcos 5,408 Posted April 19, 2019 Administrators Posted April 19, 2019 6 minutes ago, peteyt said: What about old malware e.g. something from 10, 20 years ago. Do AVs need to protect against these in the chance someone is infected We keep detections even for very old DOS (com) viruses.
Most Valued Members peteyt 396 Posted April 20, 2019 Author Most Valued Members Posted April 20, 2019 On 4/19/2019 at 10:44 AM, Marcos said: We keep detections even for very old DOS (com) viruses. Nice to know. Hypothetically could a database ever become too large due to the amount of signatures or does the fact that one signature can cover multiple variants prevent this
Administrators Marcos 5,408 Posted April 21, 2019 Administrators Posted April 21, 2019 13 hours ago, peteyt said: Nice to know. Hypothetically could a database ever become too large due to the amount of signatures or does the fact that one signature can cover multiple variants prevent this It would take probably dozens of years for the engine to increase significantly. However, with technical advance and development also the limits change and the standard for hw configurations improves so a 100MB engine in let's say 5-10 years won't be a problem if an average amount of installed memory in office computers reaches 128 GB for instance.
Recommended Posts