Signature-based anti-malware detection compares file contents against a database of known malware. True or False?

Signature-based anti-malware detection indeed compares file contents against a database of known malware signatures. This method involves analyzing files and their behavior by referencing a pre-existing library of known malware characteristics. When a file is scanned, the detection system checks for unique patterns or signatures that match with those documented in the database. If a match is found, it's an indication that the file may be malicious, allowing the system to take appropriate action, such as quarantining or deleting the file.

This approach is effective for identifying known threats, but it does rely heavily on maintaining an updated database of signatures to ensure that newly identified malware can also be detected. Due to its nature, signature-based detection is generally limited to previously identified threats and may not be effective against zero-day exploits or unknown malware that does not have a corresponding signature.