From the very beginning, in the 1980s, signatures as a concept were not clearly defined. Even now, they don\u2019t have a devoted Wikipedia page, and the entry on malware<\/a> uses the term without defining signatures, as if were such common knowledge as to go without explanation.<\/p>\n So: Let\u2019s define signatures at last! A virus signature is a continuous sequence of bytes that is common for a certain malware sample. That means it\u2019s contained within the malware or the infected file and not in unaffected files.<\/p>\n A characteristic sequence of bytes<\/p><\/div>\n Nowadays, signatures are far from sufficient to detect malicious files. Malware creators obfuscate, using a variety of techniques to cover their tracks. That\u2019s why modern antivirus products must use more advanced detection methods. Antivirus databases still contain signatures (they account for more than half of all database entries), but they include more sophisticated entries as well.<\/p>\n As a matter of habit, everyone still calls such entries \u201csignatures.\u201d There\u2019s no harm in that, as long as we remember that the term is shorthand for a gamut of techniques that make up a much more robust arsenal.<\/p>\n Ideally, we\u2019d stop using the word signature<\/em> to refer to any entry in the antivirus database, but it\u2019s so commonly used \u2014 and a more accurate term doesn\u2019t yet exist \u2014 so the practice persists.<\/p>\n #MachineLearning<\/a> is fundamental to #cybersecurity<\/a>. Here are some interesting facts about them: https:\/\/t.co\/5BV78lc737<\/a> #ai_oil<\/a> pic.twitter.com\/6frMGOzUgL<\/a><\/p>\n \u2014 Eugene Kaspersky (@e_kaspersky) September 26, 2016<\/a><\/p><\/blockquote>\n![\"Antivirus](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2016\/10\/06021417\/malanov-1.png\")
<\/a>\n