Traditional antivirus packages are pattern matching. A virus file will come in and it will have certain characteristics in that file. And your antivirus will look at it. Look at the first, 10, 20, 40 bytes of that file and say it matches this virus, I’m going to quarantine that. And that will catch, probably 95% of viruses.
But viruses, antivirus, and things like that, have been around, crikey, now 40 years. But a lot of the people who are writing viruses nowadays are writing viruses that mutate, do something called obfuscate themselves. You wouldn’t see those bytes every time that the virus comes out to you.
We now need to look at running that virus in a, sort of inside like a fortress, it’s what’s called a sandbox, and look at those characteristics, what it’s trying to do, and if those characteristics match behaviours that look like it’s gonna be a virus, we then quarantine it. That would be the 95% up to 99%.