How Anti-Virus Softwares work

Posted In Info - By Mohseen On Wednesday, December 19th, 2012 With 2 Comments

Anti Virus Software Working

AV

Many of you reading this article already (may) possess an Anti-Virus (AV) Software , but may also be curious as to how it works.

Here is a brief and simple explanation to the mechanisms that your AV uses inorder to protect you.

Out of the many AV that exists many of them use these common mechanisms to fish out Spywares , viruses , etc.

  • Signature based Detection

signature detection


This mechanism requires the presence of an extensive and up-to-date database on popular viruses observed. The AV compares the signature of a program from its database and checks if a particular sequence matches that of Virus.Its like searching of a particular part of the code as used by a virus.

Many Scipt kiddies simply embed the virus and call upon it as per some action performed by the user , it simply disguises it from the user.

So most of the virus are caught in this manner , but an update AV is needed.

Although useful , it cannot solve all problems the Zero Day Attack or highly complex viruses like Stuxnet are examples that such mechanism dont always work.

Zero Day

  •  Heuristic based Detection


The AV will analyse the behaviour of a program and then determine whether it is malicious or not.

The program is run in a virtual environment and its every action is logged . This way it determines whether to warn the user or not.

Detection

Although an effective technique , it has a predetermined criteria of tests it conducts , anyone with this knowledge can program improved viruses to circumvent the tests.

Keyloggers for example are detected by their behaviour and hence newer ones are difficult to detect while older one are easily caught by an updated AV.

But , even the best AV can’t save you from a defect they don’t anticipate , a Zero Day Attack will exploit a vulnerability yet not anticipated.

Then we are….

Screwed

 

Displaying 2 Comments
Have Your Say

  1. Jack Dorse says:

    Great article on AntiVirus. Thanks for sharing!

    • Mohseen says:

      Appreciate your response.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Email
WP Socializer Aakash Web