The document details how computer viruses operate, their types, history, and safety measures for protection. It outlines the mechanisms of traditional viruses, trojan horses, email viruses, and worms, as well as the significance of antivirus software and various detection techniques such as scanning, integrity checking, and heuristic detection. Additionally, it emphasizes the history of viruses and the importance of maintaining secure systems to prevent infections.

1. HOW ANTIVIRUS
WORKS

2. • Viruses can also replicate themselves.
• All computer viruses are manmade.
• A simple virus is dangerous because it will quickly
use all available memory and bring the system
down.
• Virus can damage: files, can format hard drives,
and can also scramble partition tables, etc.

3. VIRUS
• Computer viruses are small software programs designed to transfer
from one computer to another.
• “A virus is simply a computer program that is intentionally written
to attach itself to other programs and replicate whenever those
programs are executed ”.
• Viruses can easily spread by e-mail attachment or instant messaging
messages.
• Virus can be spread by downloading unnecessary files from Internet.
• Viruses can be disguised as attachments of funny images, greeting
cards, or audio and video files.

4. HISTORY
• The creeper virus was first detected on ARPANET, in early 1970s
• Propagated from TENEX operating system.( modem are dialed and
connected to remote computers and infect them )
• The first pc virus was a boot sector virus called “brain”, created by Basit
and Amjad Farooq Alvi, in 1986, Lahore, Pakistan.
• This virus copies itself from the software.

5. TRADITIONAL COMPUTER VIRUSES
• First widely seen in the late 1980s,
• Technology development encouraged virus creation.
• Development of personal computers.
• Due to the internet.
• Development of floppy disks.

6. HOW VIRUS WORKS?
• When we run infected program it loads into the memory and stars
running as well. It also has an ability to infect other programs.
• When virus runs unidentified programs it adds itself to it.
• When we transfer some programs and files to our friend either through
email, cd, and floppy disk, our friend’s computer can also be affected as
well.

7. TYPE
• Trojan horses –
A Trojan horse is a simple computer program. The program
damage when we run it. It can even damage hard disk. Trojan horses
can’t replicate automatically.
• E-mail viruses –
An e-mail virus travels as an attachment to email-message and
replicates itself by automatically mailing itself to the entire contact list
on our email address book. Some e-mail viruses don't even require a
double- click. If we hit once, it directly passes to system.

8. TYPE CONT..
• Worms –
A worm is a small piece of software that uses computer networks
and security holes to replicate itself. A copy of the worm scans the
network for another machine that has a specific security hole. It copies
itself to the new machine using the security hole, and then starts
replicating from there, as well.
• Cross-site scripting viruses are among the new virus. They use cross-site
scripting for propagation. Myspace and Yahoo are most affected sites due
this virus.

9. SAFETY MEASURES FOR VIRUSES
• Run a secure operating system like UNIX.
• Buy virus protection software and install in PCs.
• Avoid program from unknown sources (INTERNET).
• Use commercial software.
• For Microsoft application, Macro Virus Protection should be
enabled.
• Never download unknown email attachment.
• Block receiving and sending executable codes.
• Solution is Antivirus software

10. ANTIVIRUS-SOFTWARE
• Softwares that attempt to identify and eliminate computer viruses and
other malicious software (malware).
• Sophisticated - But virus creators are always one step ahead.
• Detection - This is the key to antivirus software.

11. DETECTION TECHNIQUES
• Scanning
• Integrity Checking
• Interception/ Heuristic Detection
• Scanning is the most commonly used technique in antivirus software.

12. SCANNING
• Also known as Virus Dictionary Approach.
• Scanner scans the hard disk, memory, boot sector for code snippets.
• If code snippet in a file matches any virus in the dictionary, appropriate
action is taken.

13. SCANNING
• Advantages
- Viruses can be found before execution.
- False alarms are rare.
- Quick at detecting known viruses.
• Disadvantages
- Polymorphic Viruses.
- Virus executes at least once.
- Continuous updates necessary.

14. INTEGRITY CHECKER
• Keeps track of threats by monitoring changes to files.
• Maintains information about important files on disk, usually by
calculating checksums
• If a file changes due to virus activity, its checksum will change.
• E.g. Norman Virus Control.

15. INTEGRITY CHECKER
• Advantages
- Constants updates are not necessary.
- Can be used to detect new viruses.
- Can also detect other damages to data e.g. corruption.
• Disadvantages
- False Positives.
- Cant’ differentiate between corrupted and infected data.

16. HEURISTIC VIRUS CHECKING
• Generic mechanism for virus detection.
• Rule based.
• Rules differentiate a virus from a non virus.
• If a code snippet follows the defined rules, it is marked as a virus.
• E.g. F-secure antivirus software.

17. HEURISTIC VIRUS CHECKING
• Advantages
- No need to download updated list of viruses weekly.
- Can be used to detect new viruses.
• Disadvantages
- False Positives.
- Virus creators can write viruses that do not follow the
rules.

18. THANK YOU
•Team Members
1. Chinmay Kelkar
2. Siddhant Pockle
3. Swapnil Joshi
4. Gautam naik