Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Operating System (http://www.go4expert.com/articles/operating-system/)
-   -   How Anti-Viruses Works (http://www.go4expert.com/articles/anti-viruses-t24942/)

lionaneesh 11Feb2011 10:23

How Anti-Viruses Works
 
Anti-Virus is a software or a program that can scan your files and data in your computer prevent you from firmwares and viruses...

How Does it works



Anti-Virus uses 2 different techniques to accomplish its tasks :-
  1. Examining Files and comparing its signature/structure to that of viruses present in a database or a text file...This is called a virus-dictionary..
  2. Identifying some suspicious behavior from any Program or Software sitting on the system

Virus-dictionary Method

In a Virus-dictionary Method a Anti-Virus starts by examining a file and checking up the dictionary of known viruses...

Every Binary/ELF/.exe has its own signature if they have different functionality...
Actually by signature we means some data in the bin file..This is a set of opcodes which the computer understands..These are different in every unique program..

When the Anti-Virus gets the signature of the file it then checks for the same signature in the dictionary of known-viruses(reported signatures) if it matches any signature in the dictionary then it is reported as a virus and the required task is performed(Dis-infection , removal ,etc etc..)

For this method to be successful , The virus-dictionary needs to be updated as a new virus-signature is reported.

This Method is quite common in most of the anti-viruses out there but it is not so successful now as its really easy to bypass this protection by using binders (These are the program that binds one program to another) , packers (Packs the signature , simply compresses the opcodes and make it difficult to detect) , encoders (These are the main cause of concern for the Anti-Virus developers out there as its quite a powerful approach , the encoders change the opcodes to something similar which provides the same functionality...It drastically changes the bin signatures and makes it almost undetectable..)

Another con of this Method is that it takes a lot of time and system resources to scan and compare all the files sitting on our system..

The Suspicious – Behaviors Method

In this method the anti-virus simply check for some suspicious – behavior happening on the system.. For checking this the anti-virus today has many modules like :-
  1. Network Traffic Monitors
  2. System Files Monitors
  3. Process Monitors etc etc..

Network Traffic Monitors

Network Traffic Monitors simply monitors the incoming and ongoing network traffic from the system to other systems or the internet...

For eg :-

If there is a trojan sitting on the system..It will certainly listen for the attackers call ..As it receives the attackers call (in the form of a TCP , UDP etc packets) It simply send down the data to the attacker system (most of the trojans) This fluctuates the network traffic and Anti-Virus catches the trojan and performs the required task..

System Files Monitors

The System files Monitors simply checks for the files sitting on the system ..

Eg :-

If there is a virus sitting on a system and it checks for some system files and tries to dlete them then this will Report as a suspicious behaviour to the anti-virus..Then the anti-virus performs the required task..

Process Monitors

The Process Monitors check the process tree of the system and checks if there are some hidden programs running..If it finds something suspicious it reports the anti-virus core and then the required task is performed..

Eg :-

There is a key-logger sitting on the system. Most of the key-loggers have hidden processes and simply reads the key-strokes a user makes..This would be undetectable without the use of Process Monitors..

Actually these were only the features on a basic anti-virus Most of the anti-virus today have Millions of protection systems and features and its not in the scope of this article..

But I hope this aticle made you understand something about the working of anti-viruses..

Stay tuned for more..

lionaneesh 12Feb2011 10:56

Re: How Anti-Viruses Works
 
Hope everybody like this...
Please comment guyz..

nikhil389 13Feb2011 12:13

Re: How Anti-Viruses Works
 
This article was really helpful.

lionaneesh 13Feb2011 12:16

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by nikhil389 (Post 79206)
This article was really helpful.

Thanks a ton..
And if you guyz like it ..
Please press the thanks button under the end of the article

MOHIDEEN THASTHAHIR 14Feb2011 07:24

Re: How Anti-Viruses Works
 
it is very useful of my knowledge;).how to use the linux commends:confused:

lionaneesh 14Feb2011 11:02

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by MOHIDEEN THASTHAHIR (Post 79221)
it is very useful of my knowledge;).how to use the linux commends:confused:

Thanks about that...
And if you want to learn some unix commands Check Here

teritaylor 17Feb2011 16:08

Re: How Anti-Viruses Works
 
Thanks for the info because I always have problems with my pc

lionaneesh 17Feb2011 16:42

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by teritaylor (Post 79473)
Thanks for the info because I always have problems with my pc

My Pleasure..

And what problems are you facing post it on G4E and maybe we can help!!!!!!!

William9 7Mar2011 18:05

Re: How Anti-Viruses Works
 
Yeah this was fantastic post lionaneesh, I wonder how easily you reveled this critical working structure of a Anti-Virus.

lionaneesh 8Mar2011 14:42

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by William9 (Post 80354)
Yeah this was fantastic post lionaneesh, I wonder how easily you reveled this critical working structure of a Anti-Virus.

My Pleasure...
Please read my other articles too!!!
and keep the encouraging comments coming!!


All times are GMT +5.5. The time now is 08:08.