An armored virus is a computer virus that contains a variety of mechanisms specifically coded to make its detection and decryption very difficult. One of these methods involves fooling anti-virus software into believing that the virus is resides somewhere other than its real location, which makes it difficult to detect and remove. Another kind of armor is implemented by adding complicated and confusing code, which has no other purpose other than to mask the virus and prevent virus researchers from creating an effective countermeasure.
Anti-virus researchers find out how a virus works by examining and following the code of the virus. An armored virus makes this difficult by making it hard to disassemble the virus. This gives the virus more time to propagate itself before researchers can create a countermeasure. Armored viruses are very complex and have significant code involved, which adds to their armor. Although quite effective, all this armor creates a very large virus that can be detected more easily before it has a chance to infect anything.But if an armored virus does manage to infect a computer, it is very difficult both to pinpoint where it is and to find a way to remove it. If it is a new virus and has different signatures than similar known viruses, then researchers trying to create countermeasures can have a difficult time finding the virus, decoding it and finding a fix for it. Reverse engineering or dissembling the code of an armored virus is usually made more difficult because of the extra code added by the virus writers that hides the actual virus code. Because the virus can propagate itself within the longer period required before fixes can be made, all of these measures taken to subvert detection and decoding may really be effective.
Read More ยป
Get Techopedia delivered to your inbox!