The first serious point of this system lies in that always provides a solution afterwards: need a computer virus to reach a degree of considerable dispersion to be sent (by skilled users, specialists, or distributors of the product) to the developers of anti-virus. They will analyze it, extract the piece of code that will identify it, and antivirus will be included in the next version of your program. This process may take months from the time the virus begins to have a considerable dispersion, lapse in which can cause serious damage unless it can be identified. In addition, this model consists of an infinite succession of partial and momentary solutions (whose sum will never constitute a definitive solution), which should be regularly updated due to the emergence of new viruses. In synthesis, scanning technique is highly inefficient, but continues to be used since it allows you to quickly identify the presence of known viruses and, as they are those of greater dispersion, allows an important range of possibilities. A typical example of a virus of this kind is McAfee’s Viruscan. By virtue of soon technical exhaustion of the technique of scanning, antivirus software developers have endowed their creations of methods for searches of computer viruses (and activities), which do not identify specifically the virus but some of its general characteristics and universalizados behavior.
This type of method crawls routines of alteration of information which can not be controlled by the user, modification of critical sectors of the storage units (master boot record, boot sector, FAT, among others), etc. An example of this type of methods is which uses heuristic algorithms. In fact, this nature of procedures search, quite efficiently, potentially belonging to a computer virus instruction codes. It is effective for the detection of known viruses and is one of the solutions used by the antivirus to detect new viruses.