Вы находитесь на странице: 1из 5

If your computer exhibits any of these symptoms, you probably have a virus or spyware!

Your computer is considerably slower than it used to be You get constant pop-up ads, or pop up ads when you are not connected to the internet Your computer crashes, locks-up, or freezes for no apparent reason You see strange error messages Internet Explorer looks different or has 'toolbars' that you did not put there Your internet 'home page' has changed for no apparent reason Your computer "just isn't right"

AntiVirus Software
Antivirus software is used to prevent, detect, and remove malware and other computer viruses. Anti virus software systems detections involve searching for known malicious patterns in executable code. it is possible for a user to be infected with new viruses that have no sign or symptoms or existence. To counter this problem of zero day threats, anti virus systems can be used to detect these viruses when you don't even know that they are there.

1. Generic Scanning Technique

Most of the old viruses and some new viruses and trojans have a recognizable pattern or signature (sequence of bytes) which anti-virus software looks for. Anti-virus software has a library of signature against which it matches the applications, boot sectors and other possible locations of infection. If it can detect a match it will then signal the end-user with the virus details and location where it was found. Anti-virus software's update these signatures at regular intervals. Unfortunately mutating and polymorphic viruses evade simple signature detection by continuously changing their code. They are detected by advanced techniques discussed below.

Signature detection is simple and fast. Anti-virus software can look for virus signature in large number of files in a very short period of time. This is what makes it a popular option with anti-virus vendors.

Virus creators today mostly code polymorphic viruses which changes the code, while retaining the functionality, thereby evading signature detection algorithm. There are virus toolkits available for free which allows even a script-kiddie to code a polymorphic virus with minimal expertise. This can be a useful technique only in conjunction with other techniques but not alone. It is in some ways similar to comment spam detection or email spam detection using keyword matching for typical spam words like viagra.

2. Integrity Checking Technique

Some anti-virus softwares can maintain a log file about important files under Windows. The integrity information of those files are stored in their database and are recorded by checksumming. If a virus tries to modify a system file, the anti-virus software at once notifies the user by this technique. The best part of this technique is, even if a system file gets corrupt (weirdly as it does sometimes without the initiative of Mr. virus) suddenly and tries to change and modify the boot sectors or say registry, the integrity of the files will be violated and the anti-virus will warn the user about that too.

The integrity checking technique perhaps is the most foolproof of them all, as it can determine if a file has been damaged by a virus or not.

The problem with this is, not many softwares can implement such precise and perfect technique. A data loss or a damage due to corruption can not be distinguished with a case where the file is damaged by a virus. But, there is a boon in the bane. Not any harmful activities within your computer gets unnoticed.

3. Heuristic Scanning
Heuristic Scanning follows the behavioral pattern of a virus and has different set of rule for different viruses. If any file is observed to be following that set of particular activities then it infers that the particular file is infected. The most advanced part of Heuristic Scanning is that it can work against highly randomized polymorphic viruses too. Heuristic scanning technique has the potential to detect any future virus with ease. F-Secure Anti-virus quite successfully implements this technique.

The advantage of this scanning is that, its very it has the prospect of being the only algorithm of all the anti-virus softwares in the future because it can lead us to very accurate virus detection if properly coded. It doesn't need anti-viruses to download weekly virus database because it can detect viruses from behavioral pattern from the set of rules.

Te disadvantages of heuristic search techniques are that they are very complex to implement. And again, a virus coder can make a virus that will not obey the set of rules a heuristic scanner hopes it will. Then the virus will be infecting without being noticed. Again, chances of false alarms are more with heuristic search techniques.

4. Interception Technique
This is the newest technique which continuously monitors your files for suspicious activities. Imagine if a virus is hidden in a CD-ROM. Then how on earth would other anti-viruses come to know about it? But interceptors watches all external drives, data devices as well as internet download or even file download from email. That is why it provides real-time protection to your computer. When a virus comes from a DVD or a pen drive, be rest assured that an anti-virus software that has implemented interception technique will detect it immediately and warn you about it. Most of them will prevent you from running infected programs too. The key feature of an interceptor is that it has to be very fast to avoid degrading user experience. But most of the modern day anti-virus software implementing the technique do it fairly well like for example Nod 32. NAV was at one time known to slow down your computer due to sluggish performance in interception. I heard it has improved over the years.

Gives your computer a Real Time Protection. Any chance of a virus coming from an external drive (CD ROM, pen drive etc) is done away with.

Interceptors can be very easily disabled if it is not very fast to react against threats and most of the viruses do so with perfection. It is a nuisance for a fast and busy user as it keeps coming with logs and warning messages on trivial issues and that too very frequently.

What is a software firewall? A software firewall gives you one thing that no hardware firewall can: Outbound protection. In the event that you somehow end up with a virus, trojan, worm, or some form of spy ware on your PC, a software firewall will notify you of the OUTBOUND or outgoing connection to the internet that the spyware/virus/trojan/worm is attempting to make. Each time something on your PC tries to connect to the internet a software firewall will give you a message saying "Hey! that program you just installed is trying to get on the internet and send some information!" You then have the option of telling your software firewall if you want that program to 'phone home' or not. This feature of a software firewall has saved my PC many times, and I'm a geek! In my opinion, you need the protection of both a hardware and a software firewall.

Spyware is software that is installed on your computer without your knowledge, remains hidden, and is difficult to remove. The purpose of spy-ware is usually to gather information about your web-surfing habits, your email addresses, or other personal information, and then transmit the information to it's "mother-ship" to be sold for marketing purposes. Although spyware usually does not intentionally cause damage to your PC, it often slows it down or cause it to crash unexplainably. If you are using Microsoft Windows or Microsoft Internet Explorer, and your are an average user, and if you have not taken steps to prevent it, I can virtually guarantee that you have spyware on your PC right now!

The Virus:
A virus is simply a program that someone creates (usually a geek that has crossed over to the darkside) that has the ability to spread to other computers. A virus usually (but not always) is destructive in some way. For example, a virus may search an infected computer for email addresses, email itself to all those addresses, then on some predetermined day, erase the entire computer! The people that received the email that was automatically sent may open that email, infect their computer, and repeat the process. Although a virus is able to spread on it's own, it needs some sort of human interaction to infect a computer. Usually this means someone has to 'run' (double-click) the virus program. Virus writers usually use some kind of social-engineering to trick people into doubleclicking their virus programs. This is why it is important to never open an email attachment that you were not expecting - EVEN if it appears to be from someone you know.

The Worm:

The worm is similar to the virus except for one detail. The worm requires no human help or intervention to spread itself! Worms rely on security 'holes' in Microsoft Windows, Microsoft Internet Explorer, or other systems/programs that allow them to automatically spread themselves over the internet. A security hole is simply an error or oversight in a program that when manipulated in just the right way, can be made to take control of the computer. Microsoft Windows and Microsoft Internet Explorer seem to have an abundance of this type of hole - however Microsoft usually calls them 'features'.

The Trojan Horse:

A trojan-horse is program that can do damage like a Virus or a Worm, but it does not have the ability to spread to other computers. Instead, the Trojan is disguised as something that it isn't - such as a fun game, sexy picture-file, etc. The user thinks he or she is getting something for free, when in reality they are getting much more than they imagined.

what is anti-malware / anti-virus software?

anti-malware is basically the idea of being against malware, it's creation, it's malicious dissemination, etc... anti-malware software, therefore, is software meant to stop, detect, or otherwise clean up after malware... it's an umbrella term that covers basically all technologies that can be used in the fight against malware... the term anti-virus arose at a time when almost all malware was viral in nature (in fact at a time before there was even a need for an umbrella term like malware) and so anti-virus software was antimalware software for the single type of malware that was an issue... over time malware has diversified into many different types and as that has occurred anti-virus software has branched out into dealing with those other types as well... further, the underlying concepts behind virtually all of today's antimalware technology originally came from the anti-virus field... as such anti-virus is basically a synonym for anti-malware...

what is a sandbox?
in the anti-malware sense a sandbox is a (generally) simulated computer environment in which untrusted software (ie. potential malware) can be run while still keeping the trusted host environment isolated from it...