Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Operating System (http://www.go4expert.com/articles/operating-system/)
-   -   How Anti-Viruses Works (http://www.go4expert.com/articles/anti-viruses-t24942/)

lionaneesh 11Feb2011 10:23

How Anti-Viruses Works
 
Anti-Virus is a software or a program that can scan your files and data in your computer prevent you from firmwares and viruses...

How Does it works



Anti-Virus uses 2 different techniques to accomplish its tasks :-
  1. Examining Files and comparing its signature/structure to that of viruses present in a database or a text file...This is called a virus-dictionary..
  2. Identifying some suspicious behavior from any Program or Software sitting on the system

Virus-dictionary Method

In a Virus-dictionary Method a Anti-Virus starts by examining a file and checking up the dictionary of known viruses...

Every Binary/ELF/.exe has its own signature if they have different functionality...
Actually by signature we means some data in the bin file..This is a set of opcodes which the computer understands..These are different in every unique program..

When the Anti-Virus gets the signature of the file it then checks for the same signature in the dictionary of known-viruses(reported signatures) if it matches any signature in the dictionary then it is reported as a virus and the required task is performed(Dis-infection , removal ,etc etc..)

For this method to be successful , The virus-dictionary needs to be updated as a new virus-signature is reported.

This Method is quite common in most of the anti-viruses out there but it is not so successful now as its really easy to bypass this protection by using binders (These are the program that binds one program to another) , packers (Packs the signature , simply compresses the opcodes and make it difficult to detect) , encoders (These are the main cause of concern for the Anti-Virus developers out there as its quite a powerful approach , the encoders change the opcodes to something similar which provides the same functionality...It drastically changes the bin signatures and makes it almost undetectable..)

Another con of this Method is that it takes a lot of time and system resources to scan and compare all the files sitting on our system..

The Suspicious – Behaviors Method

In this method the anti-virus simply check for some suspicious – behavior happening on the system.. For checking this the anti-virus today has many modules like :-
  1. Network Traffic Monitors
  2. System Files Monitors
  3. Process Monitors etc etc..

Network Traffic Monitors

Network Traffic Monitors simply monitors the incoming and ongoing network traffic from the system to other systems or the internet...

For eg :-

If there is a trojan sitting on the system..It will certainly listen for the attackers call ..As it receives the attackers call (in the form of a TCP , UDP etc packets) It simply send down the data to the attacker system (most of the trojans) This fluctuates the network traffic and Anti-Virus catches the trojan and performs the required task..

System Files Monitors

The System files Monitors simply checks for the files sitting on the system ..

Eg :-

If there is a virus sitting on a system and it checks for some system files and tries to dlete them then this will Report as a suspicious behaviour to the anti-virus..Then the anti-virus performs the required task..

Process Monitors

The Process Monitors check the process tree of the system and checks if there are some hidden programs running..If it finds something suspicious it reports the anti-virus core and then the required task is performed..

Eg :-

There is a key-logger sitting on the system. Most of the key-loggers have hidden processes and simply reads the key-strokes a user makes..This would be undetectable without the use of Process Monitors..

Actually these were only the features on a basic anti-virus Most of the anti-virus today have Millions of protection systems and features and its not in the scope of this article..

But I hope this aticle made you understand something about the working of anti-viruses..

Stay tuned for more..

lionaneesh 12Feb2011 10:56

Re: How Anti-Viruses Works
 
Hope everybody like this...
Please comment guyz..

nikhil389 13Feb2011 12:13

Re: How Anti-Viruses Works
 
This article was really helpful.

lionaneesh 13Feb2011 12:16

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by nikhil389 (Post 79206)
This article was really helpful.

Thanks a ton..
And if you guyz like it ..
Please press the thanks button under the end of the article

MOHIDEEN THASTHAHIR 14Feb2011 07:24

Re: How Anti-Viruses Works
 
it is very useful of my knowledge;).how to use the linux commends:confused:

lionaneesh 14Feb2011 11:02

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by MOHIDEEN THASTHAHIR (Post 79221)
it is very useful of my knowledge;).how to use the linux commends:confused:

Thanks about that...
And if you want to learn some unix commands Check Here

teritaylor 17Feb2011 16:08

Re: How Anti-Viruses Works
 
Thanks for the info because I always have problems with my pc

lionaneesh 17Feb2011 16:42

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by teritaylor (Post 79473)
Thanks for the info because I always have problems with my pc

My Pleasure..

And what problems are you facing post it on G4E and maybe we can help!!!!!!!

William9 7Mar2011 18:05

Re: How Anti-Viruses Works
 
Yeah this was fantastic post lionaneesh, I wonder how easily you reveled this critical working structure of a Anti-Virus.

lionaneesh 8Mar2011 14:42

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by William9 (Post 80354)
Yeah this was fantastic post lionaneesh, I wonder how easily you reveled this critical working structure of a Anti-Virus.

My Pleasure...
Please read my other articles too!!!
and keep the encouraging comments coming!!

lokanadham 11Mar2011 22:45

Re: How Anti-Viruses Works
 
thank you.....send ebooks for antivirus project....it is kind request sir

lionaneesh 12Mar2011 00:25

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by lokanadham (Post 80580)
thank you.....send ebooks for antivirus project....it is kind request sir

I cant understand your request clearly but i suppose you are asking me to send you some ebooks on Anti-Virus project...

Try a few results on google

Try and write some code implementing some features in the article and we'll be there to guide/help you!!

suarezlyka 28Mar2011 16:36

Re: How Anti-Viruses Works
 
love your post:)

bhavanaets 8Apr2011 17:54

Re: How Anti-Viruses Works
 
An antivirus would be useful on a network if a user intentionally or unintentionally allows a virus to execute onto the system. Most antivirus software packages have regular updates to ensure protection against the newest types of virus's, and can will scan a system to ensure it is virus free.

anandkumar 8Apr2011 18:28

Re: How Anti-Viruses Works
 
Mind blowing dear its really useful. this answer satisfy me. Really antivirus play vital role to save our computer.

Ana_Campos 18Apr2011 14:32

Re: How Anti-Viruses Works
 
Although it's a little on the conspiracy side of things i think that the companies that make anti-viruses and software are the same one that release the viruses they fight against us.
The motive: simple, the very best strategy of selling products!

bhavanaets 18Apr2011 18:11

Re: How Anti-Viruses Works
 
Hi,

An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software.

Anti-virus software typically uses two different techniques to accomplish this:

* Examining files to look for known viruses by means of a virus dictionary
* Identifying suspicious behavior from any computer program which might indicate infection

lionaneesh 20Apr2011 20:20

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by anandkumar (Post 81711)
Mind blowing dear its really useful. this answer satisfy me. Really antivirus play vital role to save our computer.

Thanks!

jhon11 24Jun2011 17:09

Re: How Anti-Viruses Works
 
Thanks good one.

boby12 2Jul2011 14:37

Re: How Anti-Viruses Works
 
This forum is so good , the view is wright and important in our life,I also learn creative knowledge about the forum.


MOHIDEEN THASTHAHIR 8Jul2011 07:01

Re: How Anti-Viruses Works
 
Dear Friend ,
it is really helpfull. thanks for your information.
Regards,
Mohideen Thasthahir.

lionaneesh 8Jul2011 10:30

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by MOHIDEEN THASTHAHIR (Post 84822)
Dear Friend ,
it is really helpfull. thanks for your information.
Regards,
Mohideen Thasthahir.

My Pleasure

aman1 20Aug2011 10:43

Re: How Anti-Viruses Works
 
i think ,
anti virus scan for software and other derives in which files. mainly point for anti virus are monthly update. then computer are very precious.

lionaneesh 17Oct2011 07:09

Re: How Anti-Viruses Works
 
Quote:

Originally Posted by neogills (Post 88027)
Thanks dude.....I learned something new with that write up

My pleasure

Naresh Twanabasu 27Sep2012 06:34

Re: How Anti-Viruses Works
 
Its really good stuff.
But how can we edit virus dictionary and what are the ways to work in shealth mode ie in unsuspicious mode?


All times are GMT +5.5. The time now is 05:29.