Академический Документы
Профессиональный Документы
Культура Документы
works
By- John Gaikwad
FYBMS
Roll no.:15
John Gaikwad
Wilson College
07-12-2014
John Gaikwad
Wilson College
Classification of Viruses
07-12-2014
John Gaikwad
Wilson College
John Gaikwad
Wilson College
John Gaikwad
Wilson College
John Gaikwad
Wilson College
Multipartite Virus
Also known as polypartite viruses they infect
both boot records and program files.
Particularly difficult to repair. If boot area is
repaired and files are still infected then boot
area will get reinfected.
Vice-Versa.
07-12-2014
John Gaikwad
Wilson College
Macro Virus
Macro are mini programs which help to
automate series of programs which help in
multi tasking and saves time as all are
performed at the same time.
Infect files that are created using certain
applications or programs that use macros.
Platform independent since they are written
in the language of program and not OS.
Infect documents created in Microsoft Office.
07-12-2014
John Gaikwad
Wilson College
07-12-2014
John Gaikwad
Wilson College
10
John Gaikwad
Wilson College
11
07-12-2014
ANTI-VIRUS
John Gaikwad
Wilson College
12
Uses
Used to prevent, detect or remove malware
and/or malicious programs or software from a
computer and to protect it.
Signature-based detection
Searches for known patterns within
executable code.
Heuristics
Used for new malware with no known
signatures.
07-12-2014
John Gaikwad
Wilson College
13
History
Early viruses were limited to self-reproduction
and had no specific damage routine built into
the code.
This changed with more and more
programmers getting acquainted with
programs and creating dangerous viruses.
The first recorded removal of a computer virus
was by Bernd Fix in 1987.
Fred Cohen published papers which were used
by future anti-virus programmers.
07-12-2014
John Gaikwad
Wilson College
14
Identification Methods
There are several methods which antivirus software can use
to identify malware:
Signature based identification is the most common
method.
To identify viruses and other malware, antivirus
software compares the contents of a file to a dictionary of
virus signatures. Because viruses can embed themselves in
existing files, the entire file is searched.
Heuristic-based detection, like malicious activity
detection, can be used to identify unknown viruses.
File emulation is another heuristic approach. File
emulation involves executing a programming a virtual
environment and logging what actions the program
performs.
John Gaikwad
07-12-2014
15
Wilson College
Signature-based Identification
Traditionally, antivirus software heavily relied
upon signatures to identify malware.
This can be very effective, but cannot defend
against malware unless samples have already
been obtained and signatures created.
Because of this, signature-based approaches
are not effective against new, unknown
viruses.
07-12-2014
John Gaikwad
Wilson College
16
Heuristic-based identification
While it may be better to identify a specific virus, it
can be quicker to detect a virus family through a
generic signature or through an inexact match to
an existing signature.
Virus researchers find common areas that all
viruses in a family share uniquely and can thus
create a single generic signature.
These signatures often contain non-contiguous
code, using wildcard characters where differences
lie. These wildcards allow the scanner to detect
viruses even if they are padded with extra,
meaningless code
07-12-2014
John Gaikwad
Wilson College
17
07-12-2014
John Gaikwad
Wilson College
18
07-12-2014
John Gaikwad
Wilson College
19
Comparisons
07-12-2014
John Gaikwad
Wilson College
20
Market Share(2013)
07-12-2014
John Gaikwad
Wilson College
21
07-12-2014
John Gaikwad
Wilson College
22
Thank You
07-12-2014
John Gaikwad
Wilson College
23