antivirus & antispyware

8/11/2019 Antivirus & Antispyware

http://slidepdf.com/reader/full/antivirus-antispyware 1/15



ANTIVIRUS ???

• Antivirus (or anti-virus) software is used to prevent, detect, and

remove malware, including computer viruses, worms, and trojanhorses.

• Such programs may also prevent and remove adware, spyware, andother forms of malware.

• Before Internet connectivity was widespread, viruses were typicallyspread by infected floppy disks. Antivirus software came into use, but

was updated relatively infrequently.

• However, as internet usage became common, initially through the useof modems, viruses spread throughout the Internet.

• Now, a user's computer could be infected by just opening or previewinga message.



IDENTIFICATION METHODS

There are several methods which antivirus software can use toidentify malware such as :

• Signature based detection To identify viruses and othermalware, antivirus software compares the contents of a file to adictionary of virus signatures. Because viruses can embed themselvesin existing files, the entire file is searched, not just as a whole, but also

in pieces.

• Heuristic-based detection like malicious activity detection, canbe used to identify unknown viruses.

• File emulation involves executing a program in a virtualenvironment and logging what actions the program performs.Depending on the actions logged, the antivirus software can determineif the program is malicious or not and then carry out the appropriatedisinfection actions.



ISSUES OF CONCERN

• Unexpected renewal costs Some commercial antivirus softwareend-user license agreements include a clause that the subscription will be

automatically renewed, and the purchaser's credit card automaticallybilled, at the renewal time without explicit approval.

** Open source and free software applications, such as Clam AV, provideboth the scanner application and updates free of charge and so there is

no subscription to renew.

• Rogue security applications Some antivirus programs are actuallymalware masquerading as antivirus software, such as WinFixer and MSAntivirus.

• False positives A false positive is identifying a file as a virus when itis not a virus.

• System related issues Running multiple antivirus programsconcurrently can degrade performance and create conflicts.



OTHER METHODS

• Cloud antivirus CloudAV would be able to send programs ordocuments to a network cloud where it will use multiple antivirus and

behavioural detection simultaneously. It is more thorough and also hasthe ability to check the new document or programs access history.

• Network firewall They may protect against infection from outsidethe protected computer or LAN, and limit the activity of any malicious

software which is present by blocking incoming or outgoing requests oncertain TCP/IP ports. A firewall is designed to deal with broader systemthreats that come from network connections into the system and is not analternative to a virus protection system.

• Online scanning Some antivirus vendors maintain websites with freeonline scanning capability of the entire computer, critical areas only, localdisks, folders or files. Examples include Kaspersky Online Scanner[30]and ESET Online Scanner.



ANTISPYWARE ???

• Spyware is a type of malware that is installed on computers and

collects information about users without their knowledge.

• Spywares such as keyloggers are installed by the owner of a shared,corporate, or public computer on purpose in order to secretly monitorother users.

• Spyware programs can collect various types of personal information,such as Internet surfing habits and sites that have been visited, butcan also interfere with user control of the computer in other ways, suchas installing additional software and redirecting Web browser activity.

• Spyware is known to change computer settings, resulting in slowconnection speeds, different home pages, and/or loss of Internet or

functionality of other programs.

• Unlike viruses and worms, spyware does not usually self-replicate.Like many recent viruses.



ROUTES OF INFECTIONS

• Spyware does not directly spread in the manner of a computer virusor worm: generally, an infected system does not attempt to transmit

the infection to other computers. Instead, spyware gets on a systemthrough deception of the user or through exploitation of softwarevulnerabilities.

• Most spyware is installed without users' knowledge. Some "rogue"

spyware programs masquerade as security software.

• of spyware usually presents the program as a useful utility—forinstance as a "Web accelerator" or as a helpful software agent.

• Spyware can also come bundled with other software. The userdownloads a program and installs it, and the installer additionallyinstalls the spyware. Although the desirable software itself may do noharm, the bundled spyware does.



EFFECTS AND BEHAVIOURS

• A spyware infestation can create significant unwanted CPU activity,disk usage, and network traffic. Stability issues, such as applicationsfreezing, failure to boot, and system-wide crashes, are also common.

• Spyware, which interferes with networking software commonlycauses difficulty connecting to the Internet.

• In some infections, the spyware is not even evident. Users assume

in those situations that the issues relate to hardware, Windowsinstallation problems, or another infection.

• The cumulative effect, and the interactions between spywarecomponents, causes the symptoms which slows to a crawl,overwhelmed by the many parasitic processes running on it.

• some types of spyware disable software firewalls and anti-virussoftware, and/or reduce browser security settings, thus opening thesystem to further opportunistic infections, much like an immunedeficiency disease.



EXAMPLE OF SPYWARE

• CoolWebSearch a group of programs, takes advantage of Internet

Explorer vulnerabilities. The package directs traffic to advertisements onWeb sites including coolwebsearch.com. It displays pop-up ads, rewritessearch engine results, and alters the infected computer's hosts file todirect DNS lookups to these sites.

• HuntBar (WinTools) or Adware.Websearch was installed by an

ActiveX drive-by download at affiliate Web sites, or by advertisementsdisplayed by other spyware.

• Zlob trojan (Zlob) downloads itself to a computer via an ActiveXcodec and reports information back to Control Server[citation needed].Some information can be the search-history, the Websites visited, andeven keystrokes.



REMEDIES AND PREVENTION

As the spyware threat has worsened, a number of techniques have

emerged to counteract it. These include programs designed to remove orto block spyware, as well as various user practices which reduce thechance of getting spyware on a system.

• Anti-spyware programs have released products dedicated to remove orblock spyware.

• Major anti-virus firms such as Symantec, McAfee and Sophos havecome later to the table, adding anti-spyware features to their existinganti-virus products.

• Integrated anti-spyware solution to some versions of the AVG Anti-Virus family of products, and a freeware AVG Anti-Spyware Free Edition

available for private and non-commercial use.



HOW DOES IT WORK ???

Anti-spyware programs can combat spyware in two ways:

• They can provide real time protection against the installation ofspyware software on your computer. This type of spyware protectionworks the same way as that of anti-virus protection in that the anti-spyware software scans all incoming network data for spyware software

and blocks any threats it comes across.

• Anti-spyware software programs can be used solely for detection andremoval of spyware software that has already been installed onto yourcomputer. With this spyware protection software you can scheduleweekly, daily, or monthly scans of your computer to detect and removeany spyware software that has been installed on your computer.



SECURITY PRACTICES

• Many system operators install a web browser other than IE, such as

Opera, Google Chrome or Mozilla Firefox.

• Use network firewalls and web proxies to block access to Web sitesknown to install spyware.

• Some users install a large hosts file which prevents the user'scomputer from connecting to known spyware-related web addresses.

• Spyware may get installed via certain shareware programs offered fordownload. Downloading programs only from reputable sources canprovide some protection from this source of attack.

• Put a computer on "lockdown". This can be done in various ways, such

disconnecting computer from the internet. Disconnecting the internetprevents controllers of the spyware from being able to remotely controlor access the computer.



OTHER TYPES OF PROTECTION

• Cryptography - A process associated with scramblingplaintext (ordinary text, or cleartext) into ciphertext (a

process called encryption), then back again (known asdecryption).

• Firewall - Normally the firewall will block the downloadand upload files activities if you are using instantmessaging like Yahoo messenger.



Security Risks Descriptions

Unauthorized access and use• Unauthorized access - the use of a computer or networkwithout permission.• Unauthorized use – the use of a computer or its data forunapproved or possibly illegal activities.

Hardware Theft and Vandalism• Hardware theft – the act of stealing computer equipment.• Hardware vandalism – the act of destroying computerequipment.

Identity Theft When someone steals personal or confidential

information.Software Theft When someone• steals software media• intentionally erases programs• illegally copies a program

antivirus & antispyware

Documents