3. In the mid-eighties, so legend has it, the Amjad brothers of
Pakistan ran a computer store.
Frustrated by computer piracy, they wrote the first computer
virus, a boot sector virus called Brain.
4. Symptoms of Virus Attack
Computer runs slower then usual
Computer no longer boots up
Screen sometimes flicker
PC speaker beeps periodically
System crashes for no reason
Files/directories sometimes disappear
Denial of Service (DoS)
5. Fast Infector Fast infector viruses, when active in memory, infect not
only executed programs, but also those that are merely
opened. Thus running an application, such as anti-virus
software, which opens many programs but does not execute
them, can result in all programs becoming infected.
Macro Virus
A macro virus is a malicious series of instructions
designed to simplify repetitive tasks within a program.
Macro viruses are written a macro programming
language and attach to a document file (such as Word or
Excel). When a document or template containing the
macro virus is opened in the target application, the virus
runs, does its damage and copies itself into other
documents. Continual use of the program results in the
spread of the virus
Mutating Virus A virus that stays in memory after it executes and
infects other files when certain conditions are met.
TYPES
6. Resident Virus A resident virus loads into memory and
remains inactive until a trigger event. When the
event occurs the virus activates, either infecting
a file or disk, or causing other consequences.
All boot viruses are resident viruses and so are
the most common file viruses.
Trojan Horse
Program
A Trojan horse program is a malicious program that
pretends to be a benign application; a Trojan horse
program purposefully does something the user does
not expect. Trojans are not viruses since they do not
replicate, but Trojan horse programs can be just as
destructive.
Worm Worms are parasitic computer programs that replicate,
but unlike viruses, do not infect other files. Worms
can create copies on the same computer, or can send
the copies to other computers via a network.
7. Zoo Virus A zoo virus exists in the collections
of researchers and has never
infected a real world computer
system
8. Virus detection problems
The following are undecidable:
Detection of virus by its appearance
Detection of virus by its behaviour
Detection of evolution of a known virus
Detection of evolution of a known triggering
mechanism
Detection of evolution of known viral detector
9. Antivirus software are those softwares that attempt to identify,
neutralize or eliminate malicious software. The term "antivirus" is
used because the earliest examples were designed exclusively to
combat computer viruses; however most modern antivirus software is
now designed to combat a wide range of threats, including worms,
phishing attacks, rootkits, Trojans, often described collectively as
malware
Antivirus scanning software, or a virus scanner, is a program which
examines all files in specified locations, the contents of memory, the
operating system, the registry, unexpected program behavior, and
anywhere else relevant with the intention of identifying and removing
any malware.
10. In the virus dictionary approach, when the antivirus software looks
at a file, it refers to a dictionary of known viruses that the authors of
the antivirus software have identified. If a piece of code in the file
matches any virus identified in the dictionary, then the antivirus
software can take one of the following actions:
attempt to repair the file by removing the virus itself from the
file
quarantine the file (such that the file remains inaccessible to
other programs and its virus can no longer spread), or
delete the infected file.
11. The suspicious behavior approach, by contrast, doesn't attempt to identify
known viruses, but instead monitors the behavior of all programs. If one
program tries to write data to an executable program, for example, the
antivirus software can flag this suspicious behavior, alert a user, and ask
what to do.
Unlike the dictionary approach, the suspicious behavior approach
therefore provides protection against brand-new viruses that do not yet
exist in any virus dictionaries. However, it can also sound a large number
of false positives, and users probably become desensitized to all the
warnings. If the user clicks "Accept" on every such warning, then the
antivirus software obviously gives no benefit to that user. This problem
has worsened since 1997, since many more non-malicious program
designs came to modify other .exe files without regard to this false
positive issue. Therefore, most modern antivirus software uses this
technique less and less
12. The regular appearance of new malware is certainly in the
financial interest of vendors of commercial antivirus software, but
there is no evidence of collusion.
Some antivirus software can considerably reduce performance.
Users may disable the antivirus protection to overcome the
performance loss, thus increasing the risk of infection. For
maximum protection, the antivirus software needs to be enabled all
the time — often at the cost of slower performance .
It is important to note that one should not have more than one
memory-resident antivirus software solution installed on a single
computer at any given time. Otherwise, the computer may be
crippled and further damaged.
13. It is sometimes necessary to temporarily disable virus protection when
installing major updates such as Windows Service Packs or updating
graphics card drivers. Active antivirus protection may partially or
completely prevent the installation of a major update.
When purchasing antivirus software, the agreement may include a
clause that the subscription will be automatically renewed, and the
purchaser's credit card automatically billed, at the renewal time without
explicit approval.
Some commercial antivirus software programs contain adware.
Most widely-accepted antivirus programs often do not detect newly-
created viruses.
Anti-virus manuafacturers have been criticised for fear mongering by
exaggerating the risk that virus pose to consumers.