Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Visual Basic for Applications
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==== Suboptimal anti-virus ==== There are different types of anti-virus (or scanners), one is the [[heuristic analysis]] anti-virus which interprets or emulates macros.<br /> Indeed, to examine all branches of macros require a [[NP-complete]] complexity<ref name="Attack prevent"/>{{rp|605}} (using [[backtracking]]), so in this case, the analysis of one document (which contains macros) would take too much time. Interpreting or emulating a macro would lead to either [[False positive#Type I error|false positive]] errors or in macro viruses not detected. Another type of anti-virus, the [[Integrity checker#Integrity verification|integrity checker]] anti-virus, in some cases, does not work: it only checks documents with extensions DOT<ref>[http://www.file-extensions.org/dot-file-extension DOT extension]</ref> or [[Microsoft Word#Filename extensions|DOC]] (indeed, some anti-virus producers suggest to their users), but Word documents can reside in others extensions than those two, and the content of the document tends to change often.<ref name="Attack prevent"/>{{rp|605}}<br /> So, like the [[heuristic analysis]], this can lead to [[False positive#Type I error|false positives]] errors, due to the fact that this type of anti-virus checks the whole document.<br /> The last type of anti-virus seen will be the [[Virus scanner#Signature-based detection|virus-specific]] scanner.<ref name="Attack prevent"/>{{rp|608}} It searches the signature of viruses, so, the type of anti-virus is weaker than the previous ones.<br /> Indeed, the viruses detected by [[Virus scanner#Signature-based detection|virus-specific]] scanners are just the ones known by the software producers (so, more updates are needed than in other types of scanners). Moreover, this type of anti-virus is weak against morphing viruses (cf.[[#Different types of macros viruses|section above]]). If a macro virus change its content (so, its signature), it cannot be detected any more by the [[Virus scanner#Signature-based detection|virus-specific]] scanners, even if it is the same virus doing the same actions. Its signature does not match the one declared in the virus scanner. Additional to the responsibility of the anti-virus is the user's responsibility: if a potential macro virus is detected, the user can choose what to do with it: ignore it, [[Quarantine (computing)|quarantine]] it or destroy it, but the last option is the most dangerous.<br /> The anti-virus can activate some destructive macro viruses which destroy some data when they are deleted by the anti-virus.<br /> So, both virus scanners and users are responsible for the security and the integrity of the documents/computer.<br /> Moreover, even if the anti-virus is not optimal in the virus detection, most macro viruses are detected and the progression in virus detection improves but with creation of new macro viruses.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)