Your SlideShare is downloading. ×
  • Like
Antivirus - Virus detection and removal methods
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Antivirus - Virus detection and removal methods

  • 174 views
Published

Antivirus software uses different detction and prevention methods for detecting and preventing virus and protects system from virus attacks.

Antivirus software uses different detction and prevention methods for detecting and preventing virus and protects system from virus attacks.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
174
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ANTIVIRUS Author: Somnath G. Kavalase Junior Software developer at PBWebvsion PVT.LTD.
  • 2.  What is Virus ?  Sources of virus  Types of virus  What is Antivirus ?  Antivirus Features  Virus Identification Methods Signature Based Detection Heuristic Based Detection
  • 3. What is Virus ?  We define a computer 'virus' as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself  Every program that gets infected may also act as a virus and thus the infection grows  Viruses mostly corrupt data and interfere with the performance of hardware and software
  • 4. Sources of virus? Flash Drive Floppy Disk CD/DVD Pirated Software Internet/FTP LAN/File Sharing
  • 5. Types of Virus  Boot viruses  Program viruses  Multipartite viruses  Stealth viruses  Polymorphic viruses  Macro viruses  Active X viruses  Trojan / Trojan Horse – Back Orifice  Worm – Red Code
  • 6. What is Antivirus?  computer software used to prevent, detect and remove malicious computer viruses  Most software described as antivirus also works against other types of malware, such as malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, troja n horses, worms, malicious adware and spyware  example of antivirus are Avast, BitDefender, AVG, Nod32, ZoneAlarm, and Kaspersky
  • 7. Features of Antivirus  Real time Scanner  On-access Scanner  On-Demand Scanner  Heuristic Scanner  Compressed File Scanner  Scheduled Scans  Script Blocking  POP3 Email Scanning  Webmail Protection  Instant Messaging Protection  Automatic Virus Updates  Automatic Program Updates
  • 8. Virus Identification Methods  Signature Based Detection: ◦ uses key aspects of an examined file to create a static fingerprint of known malware ◦ To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures ◦ A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus ◦ Format: <Virus CRC16/CRC32 Hash Value> | <Virus Name> 0095C3A4|STONED.LESZOP.A 0086C7BE|STONED.MARCH6.A
  • 9. Signature based Scan Working Search Memory Search File Search Registry Search Content Based Icon Based
  • 10. Database Design  To store the virus signature a collection of flat file can used and the attributes are separated by each other using pipeline “ | ‘’ symbol  Some Example are mentioned below, 5B110B72|DENZUK.E 5B0DE15C|PINGPONG.A 5BEB04FF|WIN95.TWINNY.1638449 5B807327|WIN32.BOLZANO.3628 5B33914C|GENE.948  Where the first portion before ‘|’ (Pipeline), is used virus signature in CRC16 form and another portion is mentioned as virus code name
  • 11. Limitations:  A major limitation of signature-based detection is that, by itself, this method is unable to flag malicious files for which signatures have not yet been developed  With this in mind, modern attackers frequently mutate their creations to retain malicious functionality by changing the file’s signature
  • 12. Heuristic Based Detection Method  A heuristic scan is used to detect new, unknown viruses in the system that have not yet been identified  Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods  Heuristic method identifies a general signature rather than a specific signature for a particular virus
  • 13. Working of Heuristic based method  Virus detection is based on recognition of a signature or string of code which identifies a certain virus  to detect an unknown virus, a particular signature or recognized code does not yet exist. For this reason a heuristic scan is used  Heuristic methods are based on the piece-by-piece examination of a virus, looking for a sequence or sequences of instructions that differentiate the virus from ‘normal’ programs.
  • 14. Advantages and Limitations  The principle advantage of this method is the ability to detect known and unknown viruses, based on common characteristics shared by different viruses  Yet heuristic scans have their share of inconveniences, such as the length of time the scan takes, which is longer than other types  Also, depending on data an increased number of false positives can occur
  • 15. Conclusion o Virus are very dangerous which harm to the system and may crash the system or corrupt the data. So that the antivirus software must be dynamically changes its database as well as its detection methods to detect and remove it.