System information
Threats to computer security 35
METHODS OF DETECTING INFECTED,
SUSPICIOUS AND POTENTIALLY DANGEROUS
OBJECTS BY THE APPLICATION
Kaspersky Lab's application detects malware programs in the objects using two
methods: reactive (using databases) and proactive (using heuristic analysis).
Bases are files with records that are used to identify the presence of hundreds of
thousands known threats in the detectable objects. These records contain
information about the control sections of the malware programs' code and
algorithms used for disinfecting objects in which these programs are contained.
Kaspersky Lab's anti-virus analysts detect hundreds of new malware programs
on a daily basis, create records that identify them and include them into the
database updates.
If Kaspersky Lab's application detects in a detectable object sections of code that
fully coincide with the control code sections of a malware program based on the
information provided in the base, it will find such object infected, and, if it
coincides only partially (in accordance with some conditions) – suspicious.
Using the proactive method the application can detect newest malicious
programs information of which is not yet entered into the database.
Kaspersky Lab's application detects objects containing new malware programs
based on their behavior. It would not be true to say that the code of such object
fully or partially coincides with the code of a known malware program, but it does
contain some command sequences characteristic of malware programs, such as
opening a file or writing to a file or interception of interrupt vectors. The
application determines for example hat a file seems to be infected with an
unknown boot virus.
Objects detected using the proactive method are calledpotentially dangerous.
INTERNET THREATS
Kaspersky Lab's application uses special technologies in order to prevent the
following computer security threats:
spam unsolicited incoming mail (see section "Unsolicited incoming mail
or Spam" on page 36);