Communicate | Collaborate | Secure Data

MailSafi Glossary of Terms

Begin Your 30 Day Free Trial


Polymorphism; Means shape-shifting.

Ordinarily, antivirus and other internet security programs use patterns and other criteria to create definitions that they use to recognize viruses, worms, and other types of malicious software (malware). Polymorphism is a tactic used by cybercriminals to prevent their malicious code (malware) from being detected in this way.

Cybercriminals now also use polymorphic engines to make the code mutate each time it runs, while keeping the original purpose of the malware the same. Effectively, the malware can self-replicate endlessly, changing just enough to avoid detection.

If a security program (antivirus, antimalware or other security software) relies only on definitions to detect malware, it will miss out on detecting the polymorphic variants.

The best way to stay safe from polymorphic threats is with a security solution that detects malware using behavioral analysis or heuristics, not definitions. In this case, beyond just looking at the file definitions to see whether it matches any previously identified malware, the security program would look at a file’s behavior, not just its code, to see whether it behaves like a virus.

Meanwhile, heuristic analysis would examine all the components of a file to identify those that a threat might share, rather than trying to run a one-to-one match-up with existing definitions.