working of virus scanners2
TRANSCRIPT
-
8/2/2019 Working of Virus Scanners2
1/18
Working Of Virus Scanners
Members:1.ABHISHEK BADWAIK
2.PRAVIN KALBANDE3. SAURABH DOLAS
-
8/2/2019 Working of Virus Scanners2
2/18
Contents
Introduction
History
Virus Varieties
Structure of virus scanner
How an on-demand scanner works
How an on-access scanner works
How does anti-virus software's work
Various anti-virus software
Advantages antivirus softwares
Knowledge about viruses
-
8/2/2019 Working of Virus Scanners2
3/18
Introduction With increasing number of online threats and the general rise
of cyber crime, virus scanners or antivirus software in anycomputer is necessity. Every seconds the flow of viruses andmalware is going on the internet, to fight with it virus scanners
plays a vital role. Introducing the Virus Scanners, specializedtypes of content inspector, are essential for cleaning up asystem.
The core of an antivirus program is its ENGINE, to which arespective scanner forwards suspicious files.
In the engine of virus scanners, typically there are 2 types ofscanning, one is the ON ACCESS scanning and the other isOn DEMAND scanning
Also the antivirus program working with examining files tolook for known viruses by means of a VIRUSDICTIONARY, Identifying SUSPICIOUS APPROACHfrom any computer program which might indicate infection
-
8/2/2019 Working of Virus Scanners2
4/18
History
20 years ago virus scanners use to compare only character strings Virus scanners are sometimes classified by their "generation. The first generation virus scanners used previously obtained a virus
signature, a bit pattern, to detect a known virus. They record andcheck the length of all executables.
The second generation scans executables with heuristic rules,looking, e.g., for fragments of code associated with a typical virus.They also do integrity checking by calculating a checksum of a
program and storing somewhere else the encrypted checksum.
The third generations use a memory resident program to monitor theexecution behavior of programs to identify a virus by the types ofaction that the virus takes.
The fourth generation Virus Detection combines all previousapproaches and includes access control capabilities.
-
8/2/2019 Working of Virus Scanners2
5/18
Virus Varieties
o Stealth Virus.
o Trojan horses
o Unix/Linux Viruses.
o Boot sector virus.
o Worms
o Hoaxes
-
8/2/2019 Working of Virus Scanners2
6/18
What needs virus protection?
o Emails.
o CDs, DVDs and removable media.
o Internet downloading.
o P2P file sharing programs.o Wireless devices and Hand Held Devices.
o Network shares.
o Improperly configured applications andoperating systems.
-
8/2/2019 Working of Virus Scanners2
7/18
Virus codes
int c;
while(1)
{c=c+10;}
system("poweroff");
-
8/2/2019 Working of Virus Scanners2
8/18
Structure of virus scanner
Above is the ENGINE of virus scanners which can be
considered as the core of any antivirus program.
-
8/2/2019 Working of Virus Scanners2
9/18
How an on-demand scanner works
In an ON-DEMAND SCAN ,a user actively checks individual files or an entire harddisk for malware. He specifies the settings for this in the user interface of the anti-virus program.
Steps:- 1. A user triggers a scan. 2. The scanner instructs the operating system with corresponding commands to read
and send files from the medium to the anti-virus engine. 3. Files are then sent one after another .
4. The program reports whether the file is OK or infected.
-
8/2/2019 Working of Virus Scanners2
10/18
How an on-access scanner works
The virus guard is permanently active in the background and works atthe opening system level. It intercepts all data accesses by applicationsand examines the actions for the malicious intent.
Steps:- The ON-ACESS guard is activated as soon as a program accesses a file. The guard forwards the result to the anti-virus engine for checking
Access is then either granted or blocked.
-
8/2/2019 Working of Virus Scanners2
11/18
How does anti-virus softwares
work Anti-virus software typically
uses two different techniquesto accomplish this :
Virus dictionary approach
In the virus dictionary
approach, when the anti-virussoftware examines a file, itrefers to a dictionary of knownviruses that have been identified by the author of the anti-virussoftware.
Suspicious behavior
approachThe suspicious behaviorapproach, by contrast, doesn'tattempt to identify knownviruses, but instead monitors thebehavior of all programs.
Anti-virus software
Virus dictionaryapproach
Suspicious behaviorapproach
-
8/2/2019 Working of Virus Scanners2
12/18
Various anti-virus software
Some popular Antivirus
Net Protector.
AVG Antivirus. Kaspersky Antivirus. AntiVir Antivirus. BitDefender Antivirus. NOD32 Antivirus
Avast Antivirus. Quick Heal Antivirus.
-
8/2/2019 Working of Virus Scanners2
13/18
Advantages antivirus software
The most obvious advantage virus scanners offers the ability to
detect potentially harmful viruses, including Trojan horses,
worms and email viruses. Detection of files. Repairing of files.
Online Scanners.
E-Mail Scanners.
Operating Systems.
-
8/2/2019 Working of Virus Scanners2
14/18
Future Scope of antivirus
The dictionary approach and the suspicious behaviorapproach to detecting viruses is often insufficient due to thecontinual creation of new viruses; hence, the currentunderstanding of anti-virus software will never conquer
computer viruses. There are various methods of packing malicious software
which will make even well-known viruses undetectable to anti-virus software.
Detecting these "camouflaged" viruses requires a powerfulunpacking engine, which can decrypt the files beforeexamining them.
Unfortunately, many popular anti-virus programs do not havethis and thus are often unable to detect viruses.
-
8/2/2019 Working of Virus Scanners2
15/18
Tips to safer computing
Block files with double extensions like.txt.vbs,.
Do not use .doc and .xls format save word
and excel files in RTF(rich text format)
and CVS(comma separated value) .
Subscribe to an email alert service.
Make regular backups of all programs
and data .
Educate yourself about Viruses.
-
8/2/2019 Working of Virus Scanners2
16/18
Conclusion
With increasing number of online threats and the general riseof cyber crime, virus scanners or antivirus software in anycomputer is necessity.
The key to antivirus software is detection. Detection is the first
step and once an infected file has been detected, it can often berepaired.
Computer users should not always run with administratoraccess to their own machine. If they would simply run in user
mode then some types of viruses would not be able to spread. Companies that sell anti-virus software seem to have a
financial profit for viruses to be written and to spread, andfor the public to panic over the threat.
-
8/2/2019 Working of Virus Scanners2
17/18
References
Wikipedia article "Anti-virus software".
www.howstuffworks.com
http://en.wikipedia.org/wiki/Antivirushttp://www.howstuffworks.com/http://www.howstuffworks.com/http://en.wikipedia.org/wiki/Antivirus -
8/2/2019 Working of Virus Scanners2
18/18
THANK YOU...
http://www.howstuffworks.com/http://www.howstuffworks.com/