Just like every other type of technology, malicious code has grown increasingly sophisticated and complex. The antivirus industry must try to stay one step ahead, especially since it is often easier to produce malicious code than it is to detect it. This white paper provides an overview of the evolving combat tactics used in the antivirus battle, giving both simplified explanations of technological approaches as well as a broad chronological perspective.

Many of the technologies and principles discussed in the paper are still current today, not only in the antivirus world, but also in the wider context of computer security systems. The early malicious code detection technology was based on signatures - segments of code that act as unique identifiers for individual malicious programs. Using signatures is a relatively primitive and repetitive technology which requires little explanation and is widely understood.