4. INTRODUCTION
•DON’T ALLOW VIRUS OR BLOCK THE VIRUS.
•The key to protecting your computer against
infection from viruses, is understanding how
they spread.
6. BEST APPROACHES:
• DETECTION: Determine the infection and locate the virus.
• IDENTIFICATION: Determine the specific virus that has infected a
program.
• REMOVAL: Remove the traces of virus and restore the original file.
8. GENERATIONS OF ANITIVIRUS SOFTWARES
• Antivirus software's depend on virus.
• Previously, virus attacks were simple so antivirus packages used to treat
them were also simple.
• As, the virus arms race evolved, antivirus software’s have grown more
complex and sophisticated.
• There are 4 generations of antivirus software:
1.First Generation: simple scanners(record of program lengths).
2.Second Generation: heuristic scanners(integrity checking with
checksums).
3.Third Generation: activity traps(memory resident , detect infected
actions).
4.Fourth Generation: full-featured protection(access control capability).
9. First
Generation
• These anti-virus software
programs were called as
simple scanners.
• They needed a virus signature
to identify a virus.
• A variation of such programs
kept a watch on the length of
programs and looked for
changes so as to possibly
identify a virus attack.
10. Second
Generation
• These antivirus software
programs did not rely on simple
virus signatures.
• Rather, they used some rules to
look for possible virus attacks.
• The basic idea was to look for
code blocks that were commonly
associated with viruses.
• Another variation of these anti-
virus programs used to store
some identification about the file
to detect changes in the contents
of the file.
11. Third
Generation
• These anti-virus software
programs were memory
resident.
• They watched for viruses
based on their actions, rather
than their structure.
• Thus, it is not necessary to
maintain a large database of
virus signatures.
• Instead, focus on keeping a
watch on a small number of
suspect actions
12. Fourth
Generation
• These anti-virus software
programs package many
anti-virus techniques
together(example
scanning, monitoring,
filtering).
• They also contain access
control features, thus
defeating the attempts of a
virus to infect the files.
14. GENERIC DECRYPTION
• Easily detects even most complex polymorphic virus.
• It maintains fast scanning speeds.
• No damage to the personal computer.
• Contains following elements:
• CPU emulator – software based virtual computer.
• Virus signature scanner – scans target code for known signatures.
• Emulation control module – control execution of target code.
• DISADVANTAGES: We can’t determine how long to run each
interpretation and degradation of system performance.
16. DIGITAL IMMUNE SYSTEM
• Developed by IBM and refined by Symantec.
• Motivation: Internet based virus propagation.
• Antivirus was updated monthly.
• Two major trends in Internet technology have had an increasing
impact on rate of virus propagation:
• INTEGRATED MAIL SYSTEMS: Microsoft outlook, Lotus notes.
• MOBILE-PROGRAM SYSTEMS: JAVA and ActiveX.
17.
18. BEHAVIOURAL BLOCKING
SOFTWARE
• It integrates with the operating system of host computer and
monitors program behavior in real-time for malicious actions.
• It blocks malicious actions before they affect the system.
• Monitored behavior may include:
• Attempts to open , view, delete or modify the files.
• To format disk drives.
• Modifications to the logic of executable files.
• Modifications to the startup settings.
• Scripting of e-mail.
19.
20. CONCLUSION
In order to countermeasure the threats of virus , the user
should:
• Installing Anti-virus Applications.
• Often Get the data drive Scan and analyzed.
• Gaining basic knowledge about the way virus work.
• Installing Basic internet Security Applications.