Antivirus - Virus detection and removal methods


Published on

Antivirus software uses different detction and prevention methods for detecting and preventing virus and protects system from virus attacks.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Antivirus - Virus detection and removal methods

  1. 1. ANTIVIRUS Author: Somnath G. Kavalase Junior Software developer at PBWebvsion PVT.LTD.
  2. 2.  What is Virus ?  Sources of virus  Types of virus  What is Antivirus ?  Antivirus Features  Virus Identification Methods Signature Based Detection Heuristic Based Detection
  3. 3. What is Virus ?  We define a computer 'virus' as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself  Every program that gets infected may also act as a virus and thus the infection grows  Viruses mostly corrupt data and interfere with the performance of hardware and software
  4. 4. Sources of virus? Flash Drive Floppy Disk CD/DVD Pirated Software Internet/FTP LAN/File Sharing
  5. 5. Types of Virus  Boot viruses  Program viruses  Multipartite viruses  Stealth viruses  Polymorphic viruses  Macro viruses  Active X viruses  Trojan / Trojan Horse – Back Orifice  Worm – Red Code
  6. 6. What is Antivirus?  computer software used to prevent, detect and remove malicious computer viruses  Most software described as antivirus also works against other types of malware, such as malicious Browser Helper Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, troja n horses, worms, malicious adware and spyware  example of antivirus are Avast, BitDefender, AVG, Nod32, ZoneAlarm, and Kaspersky
  7. 7. Features of Antivirus  Real time Scanner  On-access Scanner  On-Demand Scanner  Heuristic Scanner  Compressed File Scanner  Scheduled Scans  Script Blocking  POP3 Email Scanning  Webmail Protection  Instant Messaging Protection  Automatic Virus Updates  Automatic Program Updates
  8. 8. Virus Identification Methods  Signature Based Detection: ◦ uses key aspects of an examined file to create a static fingerprint of known malware ◦ To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures ◦ A signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus ◦ Format: <Virus CRC16/CRC32 Hash Value> | <Virus Name> 0095C3A4|STONED.LESZOP.A 0086C7BE|STONED.MARCH6.A
  9. 9. Signature based Scan Working Search Memory Search File Search Registry Search Content Based Icon Based
  10. 10. Database Design  To store the virus signature a collection of flat file can used and the attributes are separated by each other using pipeline “ | ‘’ symbol  Some Example are mentioned below, 5B110B72|DENZUK.E 5B0DE15C|PINGPONG.A 5BEB04FF|WIN95.TWINNY.1638449 5B807327|WIN32.BOLZANO.3628 5B33914C|GENE.948  Where the first portion before ‘|’ (Pipeline), is used virus signature in CRC16 form and another portion is mentioned as virus code name
  11. 11. Limitations:  A major limitation of signature-based detection is that, by itself, this method is unable to flag malicious files for which signatures have not yet been developed  With this in mind, modern attackers frequently mutate their creations to retain malicious functionality by changing the file’s signature
  12. 12. Heuristic Based Detection Method  A heuristic scan is used to detect new, unknown viruses in the system that have not yet been identified  Heuristic analysis is an expert based analysis that determines the susceptibility of a system towards particular threat/risk using various decision rules or weighing methods  Heuristic method identifies a general signature rather than a specific signature for a particular virus
  13. 13. Working of Heuristic based method  Virus detection is based on recognition of a signature or string of code which identifies a certain virus  to detect an unknown virus, a particular signature or recognized code does not yet exist. For this reason a heuristic scan is used  Heuristic methods are based on the piece-by-piece examination of a virus, looking for a sequence or sequences of instructions that differentiate the virus from ‘normal’ programs.
  14. 14. Advantages and Limitations  The principle advantage of this method is the ability to detect known and unknown viruses, based on common characteristics shared by different viruses  Yet heuristic scans have their share of inconveniences, such as the length of time the scan takes, which is longer than other types  Also, depending on data an increased number of false positives can occur
  15. 15. Conclusion o Virus are very dangerous which harm to the system and may crash the system or corrupt the data. So that the antivirus software must be dynamically changes its database as well as its detection methods to detect and remove it.