Anti Virus

There are many anti virus programs but before comparing those programs (software) we should know, what is the anti virus and why today's world keen to install.

Virus

Self-replicating SW that eludes detection and is designed to attach itself to other files.
• Infects files on a computers through:
– Floppy disks, CD-ROMs, or other storage media
– The Internet or other networks
• Viruses cause tens of billions of dollars of damage each year
• One such incident in 2001 – the LoveBug virus – had an estimated cleanup/lost productivity cost of US$8.75 billion
• The first virus that spread world-wide was the Brain virus, and was allegedly designed by someone in Lahore

Antivirus software (alternate spelling anti-virus) mainly prevent and remove computer viruses, including worms and trojan horses. Such programs may also detect and remove adware, spyware, and other forms of malware.

A variety of strategies are typically employed. Signatures involve searching for known malicious patterns in executable code. However, signatures can only be updated as viruses are created; users can be infected in the time it takes to create and distribute a signature. To counter such zero-day viruses, heuristics may be used to essentially guess if the file is truly malicious. Generic signatures look for known malicious code and use wild cards to identify variants of a single virus. An antivirus may also emulate a program in a sandbox, monitoring for malicious behavior. Success depends on striking a balance between false positive and false negatives. False positives can be as destructive as false negatives. In one case a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.

Antivirus software can have drawbacks. If it is of the type that scans continuously, antivirus software may cause a significant decline in computer performance, it may present computer users with a decision the user may not understand. Antivirus software generally works at the highly trusted kernel level of the operating system, creating a potential avenue of attack.

The effectiveness of antivirus software is a contentious issue. One study found that the detection success of major antivirus software dropped over a one-year period

One Way of Classifying Viruses
• Malicious
– The type that grabs most headlines
– May destroy or broadcast private data
– May clog-up the communication channels
– May tie-up the uP to stop it from doing useful work
Neutral
– May display an annoying, but harmless message
Helpful
– May hop from one computer to another while searching for and destroying malicious viruses
Anatomy of a Virus
• A virus consists of 2 parts:
• Transmission mechanism
• Payload
Transmission Mechanism
• Viruses attach themselves to other computer programs or data files (termed as hosts)
• They move from one computer to another with the hosts and spring into action when the host is executed or opened
Payload
• The part of the virus that generally consists of malicious computer instructions
• The part generally has two further components:
– Infection propagation component:
• This component transfers the virus to other files residing on the computer
– Actual destructive component:
• This component destroys data or performs or other harmful operations
Commonsense Guidelines
• Download SW from trusted sites only
• Do not open attachments of unsolicited eMails
• Use floppy disks and CDROMs that have been used in trusted computers only
• When transferring files from your computer to another, use the write-protection notches
• Stay away from pirated SW
• Regularly back your data up
• Install Antivirus SW; keep it and its virus definitions updated
Antivirus SW
• Designed for detecting viruses & inoculating
• Continuously monitors a computer for known viruses and for other tell-tale signs like:
– Most – but, unfortunately not all – viruses increase the size of the file they infect
– Hard disk reformatting commands
– Rewriting of the boot sector of a hard disk
• The moment it detects an infected file, it can automatically inoculate it, or failing that, erase it
Other Virus-Like Programs
• There are other computer programs that are similar to viruses in some ways but different in some
others
• Three types:
– Trojan horses
– Logic- or time-bombs
– Worms
Trojan Horses
• Unlike viruses, they are stand-alone programs
• The look like what they are not
• They appear to be something interesting and harmless (e.g. a game) but when they are executed,
destruction results
Logic- or Time-Bombs
• It executes its payload when a predetermined event occurs
• Example events:
• A particular word or phrase is typed
– A particular date or time is reached
Worms
• Harmless in the sense that they only make copies of themselves on the infected computer
• Harmful in the sense that it can use up available computer resources (i.e. memory, storage,
processing), making it slow or even completely useless
• Designing, writing, or propagating malicious code or participating in any of the fore-mentioned
activities can result in criminal prosecution, which in turn, may lead to jail terms and fines!