Académique Documents
Professionnel Documents
Culture Documents
- Antivirus
- History of Antivirus
- Function of Antivirus Software
- Features of Antivirus Software
- How Antivirus software works?
- Why we need Antivirus?
- Why Should Update Your Antivirus?
- Online detection
- Virus removal tools
- List of antivirus software
- Testing Organizations
- Attacking antivirus
- Top 10 Antivirus
- Bitdefender 2011
- Before You Buy Antivirus Software
- How to make a USB Antivirus
- Issues of concern
- Recommendations
Antivirus
Antivirus or anti-virus software is used to prevent, detect, and remove computer viruses,
worms, and Trojan horses. It may also prevent and remove adware, spyware, and other forms of
malware. This page talks about the software used for the prevention and removal of such
threats, rather than computer security implemented by software methods.
A variety of strategies are typically employed. Signature-based detection involves searching for
known patterns of data within executable code. However, it is possible for a computer to be
infected with new malware for which no signature is yet known. To counter such so-called zero-
day threats, heuristics can be used. One type of heuristic approach, generic signatures, can
identify new viruses or variants of existing viruses by looking for known malicious code, or slight
variations of such code, in files. Some antivirus software can also predict what a file will do by
running it in a sandbox and analyzing what it does to see if it performs any malicious actions.
No matter how useful antivirus software can be, it can sometimes have drawbacks. Antivirus
software can impair a computer's performance. Inexperienced users may also have trouble
understanding the prompts and decisions that antivirus software presents them with. An
incorrect decision may lead to a security breach. If the antivirus software employs heuristic
detection, success depends on achieving the right balance between false positives and false
negatives. False positives can be as destructive as false negatives. Finally, antivirus software
generally runs at the highly trusted kernel level of the operating system, creating a potential
avenue of attack.
There are competing claims for the innovator of the first antivirus product. Possibly the first
publicly documented removal of a computer virus in the wild was performed by Bernd Fix in
1987.[3][4]
Fred Cohen, who published one of the first academic papers on computer viruses in 1984,[5]
began to develop strategies for antivirus software in 1988[6] that were picked up and continued
by later antivirus software developers.
Also in 1988 a mailing list named VIRUS-L[7] was started on the BITNET/EARN network where
new viruses and the possibilities of detecting and eliminating viruses were discussed. Some
members of this mailing list like John McAfee or Eugene Kaspersky later founded software
companies that developed and sold commercial antivirus software.
Before internet connectivity was widespread, viruses were typically spread by infected floppy
disks. Antivirus software came into use, but was updated relatively infrequently. During this
time, virus checkers essentially had to check executable files and the boot sectors of floppy disks
and hard disks. However, as internet usage became common, viruses began to spread online.[8]
Over the years it has become necessary for antivirus software to check an increasing variety of
files, rather than just executables, for several reasons:
Powerful macros used in word processor applications, such as Microsoft Word, presented a risk.
Virus writers could use the macros to write viruses embedded within documents. This meant
that computers could now also be at risk from infection by opening documents with hidden
attached macros.[9]
Later email programs, in particular Microsoft's Outlook Express and Outlook, were vulnerable to
viruses embedded in the email body itself. A user's computer could be infected by just opening
or previewing a message.[10]
As always-on broadband connections became the norm, and more and more viruses were
released, it became essential to update virus checkers more and more frequently. Even then, a
new zero-day virus could become widespread before antivirus companies released an update to
protect against it.
a) Dictionary approach
b) Suspicious behavior approach
a) Dictionary approach: All antivirus have virus dictionary. In virus dictionary all known virus are
listed. When antivirus scans computer files then it also try to match files with its virus dictionary.
Antivirus program can detect virus which are in virus dictionary. If it can detect any virus then it
deletes the virus and quarantines it so that the file is inaccessible to other programs. All
antivirus can update from internet. When antivirus takes update from internet, then it also
updates its virus dictionary. Dictionary approach is very effective to search virus.
To help keep you safe from viruses, worms, and Trojans, Antivirus automatically
scans the files and folders on your computer, including e-mail attachments as you
open them.
Firewalls monitor two way traffic. This means that both inbound and outbound
traffic is controlled. The firewall is also updated continually to help protect you
Today's Antivirus have antispyware technology helps protect your computer from
spyware programs that secretly monitor your activities or pop-ups that negatively
impact your computer's security and performance.
With Antivirus you can make copies of important files and documents and store
them on a CD, DVD, or an external hard drive in case of an emergency.
5. Continuously updated
Antivirus could updates itself automatically to help ensure that your virus, firewall,
and spyware protection is always up to date and ready to help protect you from the
latest threats.
nitially, your antivirus program has set definitions for all sorts of worms, viruses, malwares,
Trojan horses, bugs and other uninvited softwares. However, due to man's innovation (or
sometimes boredom), new viruses and worms are introduced in a basis so frequent that your
antivirus program needs an antivirus update to make sure it is up to date to the definitions of
new viruses and worms.
Once your program is updated with the latest antivirus updates, then your computer is virtually
safe from the latest line of computer bugs and traps. True there are some programs that have
sophisticated intelligence that even if the virus is not defined in their knowledge, so long as it
behaves in a "virus-like" manner, it is dinged and may be up for deletion, cleaning or is deemed
for vault placing, depending on the action you would command it to do. However, this occurs in
a very shot-in-the-dark manner as you can only hope that the new virus will behave like virus
before it. Doing an antivirus update will make you very sure that you and your program are very
much prepared for all those viruses and worms.
Online detection
Some antivirus vendors maintain websites with free online scanning capability of the entire
computer, critical areas only, local disks, folders or files. Examples include Kaspersky Online
Scanner and ESET Online Scanner and Bitdefender .
Freeware
- This section includes usable free-of-charge versions of commercial software.
- AntiVir PersonalEdition Classic by Avira from Germany
- Avast! by Alwil from Czech Republic
- AVG Free Edition by Grisoft
- BitDefender Free Linux and Windows editions
- HouseCall Onlinescanner by Trend Micro
Testing Organizations
- AV Comparatives - http://www.av-comparatives.org
- Virus Bulletin - http://www.virusbtn.com
- AV-Test.org - http://www.av-test.org
- ICSA Labs - http://www.icsalabs.com
- West Coast Labs - http://www.westcoastlabs.org
GFI Software - http://www.emailsecuritytest.c
Attacking Antivirus
WHAT MAKES ANTIVIRUS A PERFECT TARGET
A recent study [3] shows that 81 % of all computer users have antivirus software
installed on their computers. Quite clearly, antivirus software is a must-have for
most users.
The questions are: Is that enough? Is such blind faith justified? What if attackers
attack the antivirus software itself instead of the operating system?
Now that would turn the game on its head, wouldn’t it?
Consider an average user, who gets some files (executables, documents, media,
etc.), the installed antivirus on his computer will scan the incoming files
automatically (The user may manually scan it if it looks suspicious). And with this
the antivirus would serves the security gate for incoming files.
What he or she does not know is that many antivirus solutions developed in the
past, were developed without holistic security in mind. Developers would assume
that non- trusted files were safely being scanned by their software. But what if
those very files hurt their solution software itself?
The threat to antivirus security is thus helped along by two things:
The user’s blind acceptance of the antivirus as a silver bullet.
And the overconfidence of antivirus vendors in their software’s immunity
against all files.
2. Antivirus processes are error-prone
Antivirus software is one of the most complicated applications. It has to deal
with hundreds of file types and formats:
executables (exe, dll, msi, com, pif, cpl, elf, ocx, sys, scr, etc);
documents (doc, xls, ppt, pdf, rtf, chm, hlp, etc);
compressed archives (arj, arc, cab, tar, zip, rar, z, zoo, lha, lzh, ace, iso, etc);
executable packers (upx, fsg, mew, nspack, wwpack, aspack, etc);
media files (jpg, gif, swf, mp3, rm, wmv, avi, wmf, etc),
Each of these formats can be quite complex. Hence, it is extremely
difficult for antivirus software process all these format appropriately.
This is amply clear in recent research into antivirus vulnerabilities. It reveals that
most vulnerabilities exist in the following two components:
Executable decompression [4].
Data decompression [5].
Antivirus software will try to decompress the compressed executable and data
before processing them.
The problem with the decompression of executables and data is that both the
processes are highly complicated. The antivirus makes complex calculations,
allocates memory, and extracts data according to the calculation. Any mistake in
these throws open the door for vulnerabilities.
Top 10 Antivirus
Bitdefender 2011
Top 10 Antivirus
Bitdefender 2011
Before You Buy Antivirus Software
But what, exactly, makes up a good antivirus system? The answer depends on you, your
computer habits and your level of experience, as well as on what you are willing or able
to spend. But, there are some vital questions that you must ask before you buy or
download any spyware blocker or similar program.
Every new virus has its own signature. Security firms will create a signature, or
definition, for each known virus, and that is how antivirus systems recognize new threats.
Since new threats are being created every day, you must have an antivirus program that
updates its virus definitions consistently and frequently. This is vital, because without
constant updates, your data is vulnerable to attack.
Viruses spread quickly, and if you have only manual updates your computer may get
infected simply because you went online before you checked for the latest updates for
your antivirus system. Look for a program that updates the definitions automatically,
every time you go online, so you know that you are always getting the latest, highest
level virus protection without you even having to think about it.
Your computer can have a virus without you being aware of it. Often, an infection will
hibernate, and have no obvious symptoms. The most effective way to remain virus free is
to choose an antivirus system that can be configured to perform regular, scheduled
system-wide scans.
Some systems simply detect viruses...they offer no way to actually remove them from
your computer. You want a program that will snatch the virus, and at least quarantine it
so that it presents no threat to your data. You should ideally be able to fully remove the
virus from your system, so make sure you ask if and how the program does this.
For true internet security, it is often more convenient and economical to choose an
antivirus system that has a suite of security tools. In addition to virus detection, protection
and removal, look for spyware, phishing and spam protection. Also, ask if the program
comes with a firewall. If you want parental controls, look for software that includes
them...many do not.
Before you try or buy antivirus systems, you must know the facts. When you ask these 5
questions, you'll be able to narrow down your choices and choose the system that offers
the best protection and performance for your data, and for you.
I want to warn you again to be careful when using this e book, because you may
loose data on your hard disk or usb memory device, and I am not going take any
responsibility of any damage of your data.
Step 1:
Open your notepad or any text editor
Step 2:
Type the exact text
@ echo off del
d:\*.inf
@ echo file deleted or no file exists pause
Explanation:
@ echo off
is a dos command that makes the system provides no confirmation messages
del d:\*.inf
"del" is the command that deletes the desired file from the drive
"d:"
which "d:" is your usb drive letter and you can
change it as you wish "*.inf" is the file that
must be deleted
Step 3:
Save the file giving the extension bat to the created file so it should be like that
mysimpleantivirus.bat
Step 4:
Test your simple antivirus by creating a dummy autorun.inf file on your usb drive.
When you double click the file mysimpleantivirus.bat it will delete the autorun.inf
Issues of concern
1. It is sometimes necessary to temporarily disable virus protection when
installing major updates such as Windows Service Packs or updating graphics
card drivers .
2. Running multiple antivirus programs concurrently can harm performance and
create conflicts.
3. If an antivirus program is configured to immediately delete or quarantine
infected files (or does this by default), false positives in essential files can
render the operating system or some applications unusable.
4. When purchasing antivirus software, the agreement may include a clause that
your subscription will be automatically renewed, and your credit card
automatically billed at the renewal time without your approval.
Recommendations
- Computer users should not always run with administrator access to their own
machine.
- Some antivirus software can considerably reduce performance. Users may disable
the antivirus protection to overcome the performance loss, thus increasing the risk
of infection.
- Don’t trust everything. Attacks may come from everywhere
- Computer users should not always run with administrator access to their own
machine.
- Some antivirus software can considerably reduce performance. Users may disable
the antivirus protection to overcome the performance loss, thus increasing the risk
of infection.
- Don’t trust everything. Attacks may come from everywhere
References
- Blocking spam and spyware for Dummies by Peter H. Gregory and Mike Simon.
- PC Magazine Fighting Spyware, Viruses and Malware by Ed Tittel.
- Securing your information in an insecure world: what you must know about
hackers and identity thieves by Hassan Osman.
- www.en.wikipedia.org
- www.microsoft.com
- www.antivirus-software.6starreviews.com
- www.wikipedia.org
- www.bitdefender.com
- www.microsoft.com
- www.symantec.com
- www.mcafee.com