There are multiple strategies antivirus vendors use for malware detection.
These can be roughly broken down into those that can be performed without running the program (static analysis) and those that can only be performed after the program is executed (dynamic analysis).
Anti-malware solutions usually use a combination of these methods, but only static analysis allows for immediate detection with a guarantee for no data theft, because the file doesn’t have to be executed.
Static analysis methods and signature-based detection in particular has been the bread and butter strategy for malware detection, because it allows for quick and painless detection and virus identification.
How signature-based detection works
Here we will only concern ourselves with signature-based detection, because it is easiest to demonstrate and likely used by all common antivirus solutions.
When using this method, file contents are cross-referenced against a …