|
| Antivirus-software |
| |
| |
Anti-virus
software consists of computer programs that attempt to identify,
thwart and eliminate computer viruses and other malicious
software (malware).
Anti-virus software typically uses two different
techniques to accomplish this:
|
|
Examining (scanning)
files to look for known viruses matching definitions
in a virus dictionary |
|
Identifying
suspicious behavior from any computer program which
might indicate infection. Such analysis may include
data captures, port monitoring and other methods. |
|
Most
commercial anti-virus software uses both of these approaches,
with an emphasis on the virus dictionary approach.
Historically, the term anti-virus has also
been used for benign computer viruses that spread and combated
malicious viruses. This was common on the Amiga computer platform.
|
| |
| |
| |
In
the virus dictionary approach, when the anti-virus software
examines a file, it refers to a dictionary of known viruses
that the authors of the anti-virus software have identified.
If a piece of code in the file matches any virus identified
in the dictionary, then the anti-virus software can take one
of the following actions: |
 |
attempt to repair the file by removing
the virus itself from the file |
|
quarantine the file (such that the
file remains inaccessible to other programs and its virus
can no longer spread) |
|
delete the infected file |
|
To
achieve consistent success in the medium and long term, the
virus dictionary approach requires periodic (generally online)
downloads of updated virus dictionary entries. As civically
minded and technically inclined users identify new viruses
"in the wild", they can send their infected files
to the authors of anti-virus software, who then include information
about the new viruses in their dictionaries.
Dictionary-based anti-virus software typically
examines files when the computer's operating system creates,
opens, closes or e-mails them. In this way it can detect a
known virus immediately upon receipt. Note too that a System
Administrator can typically schedule the anti-virus software
to examine (scan) all files on the user's hard disk on a regular
basis.
Although the dictionary approach can effectively
contain virus outbreaks in the right circumstances, virus
authors have tried to stay a step ahead of such software by
writing "oligomorphic", "polymorphic"
and more recently "metamorphic" viruses, which encrypt
parts of themselves or otherwise modify themselves as a method
of disguise, so as to not match the virus's signature in the
dictionary.
|
| |
The
suspicious behavior approach, by contrast, doesn't attempt
to identify known viruses, but instead monitors the behavior
of all programs. If one program tries to write data to an
executable program, for example, the anti-virus software can
flag this suspicious behavior, alert a user and ask what to
do.
Unlike the dictionary approach, the suspicious
behavior approach therefore provides protection against brand-new
viruses that do not yet exist in any virus dictionaries. However,
it can also sound a large number of false positives, and users
probably become desensitized to all the warnings. If the user
clicks "Accept" on every such warning, then the
anti-virus software obviously gives no benefit to that user.
This problem has worsened since 1997, since many more nonmalicious
program designs came to modify other .exe files without regard
to this false positive issue. Thus, most modern anti-virus
software uses this technique less and less.
|
| |
Some
antivirus-software uses of other types of heuristic analysis.
For example, it could try to emulate the beginning of the
code of each new executable that the system invokes before
transferring control to that executable. If the program seems
to use self-modifying code or otherwise appears as a virus
(if it immediately tries to find other executables, for example),
one could assume that a virus has infected the executable.
However, this method could result in a lot of false positives.
Yet another detection method involves using
a sandbox. A sandbox emulates the operating system and runs
the executable in this simulation. After the program has terminated,
software analyzes the sandbox for any changes which might
indicate a virus. Because of performance issues, this type
of detection normally only takes place during on-demand scans.
Some virus scanners can also warn a user
if a file is likely to contain a virus based on the file type.
|
| |
| |
| |
Antivirus
software is a fairly recent innovation. However, new cyber
threats appear regularly, requiring more and newer forms of
antivirus protection, intrusion detection and spam filtering.
Kaspersky Lab is dedicated to deflecting
cyber threats: old, new - each and every one. A multinational
research team works round-the-clock to develop new techniques
that protect users against malicious programs, such as viruses,
worms, Trojans, hackers, and other forms of unsanctioned intrusion
and data leaks.
Spam, the latest scourge of the Internet
is also targeted by Kaspersky Lab: we have designed a spam
filter that works on 6 levels to provide users with clean
mail.
|
| |
| |
|
| |
"Do
you think you have a virus? First, don't worry unnecessarily.
Many times, odd things computers do are blamed on computer
viruses, especially if no other explanation seems to make
sense. However, in most cases, when an anti-virus program
is used to check, no virus is actually found. So, unless you
have checked, and confirmed that a virus is actually present,
don't panic. It's true that some viruses can cause: unusual
screen displays or messages, slower operation of the computer,
drives to be accessed unexpectedly (and the drive's light
to go on), or a reduction in the amount of memory normally
shown for the system. However, even such strange behavior
can be caused by legitimate software, by harmless prank programs,
or by hardware faults. On the other hand, a usually reliable
indicator of a virus problem would be changes in the length,
content, or file dates of executable (*.com/*.exe/*.sys) files
in the Directory listing. However, not seeing such changes
doesn't mean there's no problem, since many common viruses
don't infect files, and some of those which do can avoid showing
changes they've made to files, especially if they're active
in memory. Keep searching and you will find the best free anti virus software, free anti virus downloads. There are plenty of anti virus websites on the net and pleanty of them are free." |
| |
|
|
