working of virus scanners2

8/2/2019 Working of Virus Scanners2

1/18

Working Of Virus Scanners

Members:1.ABHISHEK BADWAIK

2.PRAVIN KALBANDE3. SAURABH DOLAS


2/18

Contents

Introduction

History

Virus Varieties

Structure of virus scanner

How an on-demand scanner works

How an on-access scanner works

How does anti-virus software's work

Various anti-virus software

Advantages antivirus softwares

Knowledge about viruses


3/18

Introduction With increasing number of online threats and the general rise

of cyber crime, virus scanners or antivirus software in anycomputer is necessity. Every seconds the flow of viruses andmalware is going on the internet, to fight with it virus scanners

plays a vital role. Introducing the Virus Scanners, specializedtypes of content inspector, are essential for cleaning up asystem.

The core of an antivirus program is its ENGINE, to which arespective scanner forwards suspicious files.

In the engine of virus scanners, typically there are 2 types ofscanning, one is the ON ACCESS scanning and the other isOn DEMAND scanning

Also the antivirus program working with examining files tolook for known viruses by means of a VIRUSDICTIONARY, Identifying SUSPICIOUS APPROACHfrom any computer program which might indicate infection


4/18

History

20 years ago virus scanners use to compare only character strings Virus scanners are sometimes classified by their "generation. The first generation virus scanners used previously obtained a virus

signature, a bit pattern, to detect a known virus. They record andcheck the length of all executables.

The second generation scans executables with heuristic rules,looking, e.g., for fragments of code associated with a typical virus.They also do integrity checking by calculating a checksum of a

program and storing somewhere else the encrypted checksum.

The third generations use a memory resident program to monitor theexecution behavior of programs to identify a virus by the types ofaction that the virus takes.

The fourth generation Virus Detection combines all previousapproaches and includes access control capabilities.


5/18

Virus Varieties

o Stealth Virus.

o Trojan horses

o Unix/Linux Viruses.

o Boot sector virus.

o Worms

o Hoaxes


6/18

What needs virus protection?

o Emails.

o CDs, DVDs and removable media.

o Internet downloading.

o P2P file sharing programs.o Wireless devices and Hand Held Devices.

o Network shares.

o Improperly configured applications andoperating systems.


7/18

Virus codes

int c;

while(1)

{c=c+10;}

system("poweroff");


8/18

Structure of virus scanner

Above is the ENGINE of virus scanners which can be

considered as the core of any antivirus program.


9/18

How an on-demand scanner works

In an ON-DEMAND SCAN ,a user actively checks individual files or an entire harddisk for malware. He specifies the settings for this in the user interface of the anti-virus program.

Steps:- 1. A user triggers a scan. 2. The scanner instructs the operating system with corresponding commands to read

and send files from the medium to the anti-virus engine. 3. Files are then sent one after another .

4. The program reports whether the file is OK or infected.


10/18

How an on-access scanner works

The virus guard is permanently active in the background and works atthe opening system level. It intercepts all data accesses by applicationsand examines the actions for the malicious intent.

Steps:- The ON-ACESS guard is activated as soon as a program accesses a file. The guard forwards the result to the anti-virus engine for checking

Access is then either granted or blocked.


11/18

How does anti-virus softwares

work Anti-virus software typically

uses two different techniquesto accomplish this :

Virus dictionary approach

In the virus dictionary

approach, when the anti-virussoftware examines a file, itrefers to a dictionary of knownviruses that have been identified by the author of the anti-virussoftware.

Suspicious behavior

approachThe suspicious behaviorapproach, by contrast, doesn'tattempt to identify knownviruses, but instead monitors thebehavior of all programs.

Anti-virus software

Virus dictionaryapproach

Suspicious behaviorapproach


12/18

Various anti-virus software

Some popular Antivirus

Net Protector.

AVG Antivirus. Kaspersky Antivirus. AntiVir Antivirus. BitDefender Antivirus. NOD32 Antivirus

Avast Antivirus. Quick Heal Antivirus.


13/18

Advantages antivirus software

The most obvious advantage virus scanners offers the ability to

detect potentially harmful viruses, including Trojan horses,

worms and email viruses. Detection of files. Repairing of files.

Online Scanners.

E-Mail Scanners.

Operating Systems.


14/18

Future Scope of antivirus

The dictionary approach and the suspicious behaviorapproach to detecting viruses is often insufficient due to thecontinual creation of new viruses; hence, the currentunderstanding of anti-virus software will never conquer

computer viruses. There are various methods of packing malicious software

which will make even well-known viruses undetectable to anti-virus software.

Detecting these "camouflaged" viruses requires a powerfulunpacking engine, which can decrypt the files beforeexamining them.

Unfortunately, many popular anti-virus programs do not havethis and thus are often unable to detect viruses.


15/18

Tips to safer computing

Block files with double extensions like.txt.vbs,.

Do not use .doc and .xls format save word

and excel files in RTF(rich text format)

and CVS(comma separated value) .

Subscribe to an email alert service.

Make regular backups of all programs

and data .

Educate yourself about Viruses.


16/18

Conclusion

With increasing number of online threats and the general riseof cyber crime, virus scanners or antivirus software in anycomputer is necessity.

The key to antivirus software is detection. Detection is the first

step and once an infected file has been detected, it can often berepaired.

Computer users should not always run with administratoraccess to their own machine. If they would simply run in user

mode then some types of viruses would not be able to spread. Companies that sell anti-virus software seem to have a

financial profit for viruses to be written and to spread, andfor the public to panic over the threat.


17/18

References

Wikipedia article "Anti-virus software".

www.howstuffworks.com
http://en.wikipedia.org/wiki/Antivirushttp://www.howstuffworks.com/http://www.howstuffworks.com/http://en.wikipedia.org/wiki/Antivirus


18/18

THANK YOU...
http://www.howstuffworks.com/http://www.howstuffworks.com/

working of virus scanners2

Documents