1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

How Anti-Viruses Works

Discussion in 'Operating System' started by lionaneesh, Feb 11, 2011.

  1. lionaneesh

    lionaneesh New Member

    Anti-Virus is a software or a program that can scan your files and data in your computer prevent you from firmwares and viruses...

    How Does it works



    Anti-Virus uses 2 different techniques to accomplish its tasks :-

    1. Examining Files and comparing its signature/structure to that of viruses present in a database or a text file...This is called a virus-dictionary..
    2. Identifying some suspicious behavior from any Program or Software sitting on the system

    Virus-dictionary Method

    In a Virus-dictionary Method a Anti-Virus starts by examining a file and checking up the dictionary of known viruses...

    Every Binary/ELF/.exe has its own signature if they have different functionality...
    Actually by signature we means some data in the bin file..This is a set of opcodes which the computer understands..These are different in every unique program..

    When the Anti-Virus gets the signature of the file it then checks for the same signature in the dictionary of known-viruses(reported signatures) if it matches any signature in the dictionary then it is reported as a virus and the required task is performed(Dis-infection , removal ,etc etc..)

    For this method to be successful , The virus-dictionary needs to be updated as a new virus-signature is reported.

    This Method is quite common in most of the anti-viruses out there but it is not so successful now as its really easy to bypass this protection by using binders (These are the program that binds one program to another) , packers (Packs the signature , simply compresses the opcodes and make it difficult to detect) , encoders (These are the main cause of concern for the Anti-Virus developers out there as its quite a powerful approach , the encoders change the opcodes to something similar which provides the same functionality...It drastically changes the bin signatures and makes it almost undetectable..)

    Another con of this Method is that it takes a lot of time and system resources to scan and compare all the files sitting on our system..

    The Suspicious – Behaviors Method

    In this method the anti-virus simply check for some suspicious – behavior happening on the system.. For checking this the anti-virus today has many modules like :-

    1. Network Traffic Monitors
    2. System Files Monitors
    3. Process Monitors etc etc..

    Network Traffic Monitors

    Network Traffic Monitors simply monitors the incoming and ongoing network traffic from the system to other systems or the internet...

    For eg :-

    If there is a trojan sitting on the system..It will certainly listen for the attackers call ..As it receives the attackers call (in the form of a TCP , UDP etc packets) It simply send down the data to the attacker system (most of the trojans) This fluctuates the network traffic and Anti-Virus catches the trojan and performs the required task..

    System Files Monitors

    The System files Monitors simply checks for the files sitting on the system ..

    Eg :-

    If there is a virus sitting on a system and it checks for some system files and tries to dlete them then this will Report as a suspicious behaviour to the anti-virus..Then the anti-virus performs the required task..

    Process Monitors

    The Process Monitors check the process tree of the system and checks if there are some hidden programs running..If it finds something suspicious it reports the anti-virus core and then the required task is performed..

    Eg :-

    There is a key-logger sitting on the system. Most of the key-loggers have hidden processes and simply reads the key-strokes a user makes..This would be undetectable without the use of Process Monitors..

    Actually these were only the features on a basic anti-virus Most of the anti-virus today have Millions of protection systems and features and its not in the scope of this article..

    But I hope this aticle made you understand something about the working of anti-viruses..

    Stay tuned for more..
     
    Last edited by a moderator: Mar 10, 2011
  2. lionaneesh

    lionaneesh New Member

    Hope everybody like this...
    Please comment guyz..
     
  3. nikhil389

    nikhil389 New Member

    This article was really helpful.
     
  4. lionaneesh

    lionaneesh New Member

    Thanks a ton..
    And if you guyz like it ..
    Please press the thanks button under the end of the article
     
  5. MOHIDEEN THASTHAHIR

    MOHIDEEN THASTHAHIR New Member

    it is very useful of my knowledge;).how to use the linux commends:confused:
     
  6. lionaneesh

    lionaneesh New Member

    Thanks about that...
    And if you want to learn some unix commands Check Here
     
  7. teritaylor

    teritaylor New Member

    Thanks for the info because I always have problems with my pc
     
  8. lionaneesh

    lionaneesh New Member

    My Pleasure..

    And what problems are you facing post it on G4E and maybe we can help!!!!!!!
     
  9. William9

    William9 New Member

    Yeah this was fantastic post lionaneesh, I wonder how easily you reveled this critical working structure of a Anti-Virus.
     
  10. lionaneesh

    lionaneesh New Member

    My Pleasure...
    Please read my other articles too!!!
    and keep the encouraging comments coming!!
     
  11. lokanadham

    lokanadham New Member

    thank you.....send ebooks for antivirus project....it is kind request sir
     
  12. lionaneesh

    lionaneesh New Member

    I cant understand your request clearly but i suppose you are asking me to send you some ebooks on Anti-Virus project...

    Try a few results on google

    Try and write some code implementing some features in the article and we'll be there to guide/help you!!
     
  13. suarezlyka

    suarezlyka New Member

    love your post:)
     
  14. bhavanaets

    bhavanaets Banned

    An antivirus would be useful on a network if a user intentionally or unintentionally allows a virus to execute onto the system. Most antivirus software packages have regular updates to ensure protection against the newest types of virus's, and can will scan a system to ensure it is virus free.
     
  15. anandkumar

    anandkumar New Member

    Mind blowing dear its really useful. this answer satisfy me. Really antivirus play vital role to save our computer.
     
  16. Ana_Campos

    Ana_Campos New Member

    Although it's a little on the conspiracy side of things i think that the companies that make anti-viruses and software are the same one that release the viruses they fight against us.
    The motive: simple, the very best strategy of selling products!
     
  17. bhavanaets

    bhavanaets Banned

    Hi,

    An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software.

    Anti-virus software typically uses two different techniques to accomplish this:

    * Examining files to look for known viruses by means of a virus dictionary
    * Identifying suspicious behavior from any computer program which might indicate infection
     
  18. lionaneesh

    lionaneesh New Member

    Thanks!
     
  19. jhon11

    jhon11 New Member

    Thanks good one.
     
  20. boby12

    boby12 New Member

    This forum is so good , the view is wright and important in our life,I also learn creative knowledge about the forum.

     

Share This Page