Malware is short for malicious software and is used as a term to refer to any software designed to infiltrate or damage a computer system without the owner's informed consent. Malware can include computer viruses, worms, trojan horses, rootkits, adware, spyware and any other malicious or unwanted software.
Many end users make use of anti-virus software to detect and possibly remove malware. In order to detect a malware file, the anti-virus software must have some way of identifying it amongst all the other files present on a device. Typically, this requires that the anti-virus software has a database containing the “signatures” or “fingerprints” that are characteristic of individual malware program files. When the supplier of the anti-virus software identifies a new malware threat, the threat is analysed and its signature is generated. The malware is then “known” and its signature can be distributed to end users as updates to their local anti-virus software databases.
Anti-virus software typically provides on-demand scanning of files in which the user of a computer system determines when the files on the computer system should be scanned for the presence of malware. In on-demand scanning the user can activate the scanning process manually, or can configure the scanning process to start in certain circumstances. For example, the user could configure the anti-virus software to scan particular folders or directories (these terms will be used interchangeably herein) on a weekly basis, and to scan all the files on a computer system once a month. In addition, the anti-virus software can also provide real-time protection against malware by performing on-access scanning.
In on-access scanning a computer system is monitored for the presence of malware by scanning files automatically in the background as and when there is a detected access of files by one or more applications executing on the computer system. The most common file access method is read-only file-open access. This type of access is common for operations on multiple files, for example searching for/in files, start-up and during execution of an application, copying files from folder to folder (directory to directory), compressing files, etc. The following examples further illustrate some of these common operations.