I am curious why some anti-viruses detect viruses and some do not. From what I found online, antiviruses parse the binary files and check the sequence of code which is malicious(exists in virus database).
What is there any difference in how do they treat files?
Also what are virus encoders? Do they have anything with my question.
Thank you
You described one type of anti-virus software: signature based AVs. These anti-viruses look for suspicious sections of binaries that match known viruses. However, each AV has it's own list of "known viruses", so they may catch different viruses. There is no universal list of viruses that each AV can check against.
The other type of anti-virus looks for suspicious behavior in any running programs. Each AV program will look for it's own definition of "suspicious behavior" and so the results of each AV may differ.
The majority of Antivirus technologies use Signature based detection. Essentially a list of known viruses and their variants at a given point in time. Signature based detection can be very effective, but cannot identify malware unless it already knows and has created a signature for this piece of malware. As a result, this detection method is not useful against unknown and newly developed variants/viruses.
If Signature databases are not updated regularly there is a very real chance of infection. Most good AV vendors will release updates every day. Some AV vendors purchase 'subscriptions' to integrate into their products instead of developing their own signatures however this delays the time needed to deploy the signatures sometimes.
Most AV's will treat suspicious files in the same way running them through different technologies including Heuristic engines. Some more advanced engines exist in certain products while others do not have these features. Again, another reason why there may be differences between products.
Additionally, some viruses are created to bypass specific anti virus engines (for example a common enterprise AV solution is McAfee) and thus will be picked up by other AV's but not McAfee specifically.
With regards to 'virus encoders', i assume you are referring to 'crypting' which is the process of encrypting/obfuscating the payload of a virus in order to bypass detection. This can be picked up by AV engines who recognize the crypting technology and flag it as suspicious, however it is possible to defeat AV engines using this technique. See here for more
I'd recommend reading through the wikipedia article here and this link Computer Virus Stategies and Detection Methods for more understanding on this topic.
