Seminar Report Anti-virus 1.INTRODUCTION Dangers loom everywhere on the internet, and when surfing the net, It is always better to be safe than sorry. Even though you may not Intentionally visit suspicious websites, one wrong click to a seemingly innocent site can still leave your computer infected with a malicious computer virus or malware. Once on your computer, these harmful programs can steal your sensitive information and destroy your files. Often, infected machines need to have their hard drives wiped completely clean in order to truly eradicate the virus. This results in the loss of files, photos and other vital data. Hackers and other 1 | SUBHADIP BHADRA(1070097) MCA 4th Semester
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Seminar Report Anti-virus
1.INTRODUCTION
Dangers loom everywhere on the internet, and when surfing the net,
It is always better to be safe than sorry. Even though you may not
Intentionally visit suspicious websites, one wrong click to a
seemingly innocent site can still leave your computer infected with a
malicious computer virus or malware. Once on your computer, these
harmful programs can steal your sensitive information and destroy
your files. Often, infected machines need to have their hard drives
wiped completely clean in order to truly eradicate the virus. This
results in the loss of
files, photos and other
vital data.
Hackers and other
miscreants are constantly
churning out new viruses
and malware that is
designed to steal financial
information, website passwords
and other sensitive informatio
from innocent victims. Millions
of new viruses pop up each
year and new threats are discovered every day. In this constantly changing
environment, it is impossible to completely avoid the threat of
viruses, but using trustworthy antivirus software can minimize your
risk for infection and the damage done.
1 | SUBHADIP BHADRA(1070097) MCA 4th Semester
Seminar Report Anti-virus
2. ANTIVIRUS
2.1 THE BASICS OF ANTIVIRUS PROGRAM
An antivirus program is designed to protect our computer from possible
virus infection. Since most viruses are designed to run in the
background, most users do not know when their computer is infected.Virus
protection programs serve to search for, detect, and remove these viruses.
Antivirus programs must be kept up-to-date in order for them to able to
Detect new viruses.
Antivirus: What exactly is a Antivirus?
Antivirus software is a computer program that identify and remove
computer virus and other malicious software like worms and Trojans from
an infected computer.Not only this,an antivirus software also protects the
computer from further virus attacks.Anti-virus system detects viruses
from system like svchost.exe,servicemgr.exe,lsass.exe,storevirus
generated by autorun.inf,.Generally Antivirus first check the size &
according to it if match the size with it’s data base then it find out the
pattern from that file if so then it will delete it.
2.2 FEATURES OF ANTIVIRUS
1.Antivirus system is a dedicated,system i-specific.
2.It provides full protection against the standard pc types of virus for files
and programs used to store on the system.
2 | SUBHADIP BHADRA(1070097) MCA 4th Semester
Seminar Report Anti-virus
3.In antivirus there is automatic virus signature update via the internet.
4.Proactive virus signature updates via the network for internet isolated
servers.
5.Antivirus can scan the entire libraries.
6.Antivirus support definition of automatic,pre-schelduled periodic scans
2.3 CLASSIFICATION OF ANTIVIRUS PROGRAM
Computer antivirus programs can be classified by their behaviour (Helenius
1994c, pp. 25-26). The definition has been extended from Kauranen's (1990,
pp. 25) definition. Antivirus programs are often designed to identify a
virus,inwhich case the program detects a virus known to the program.
Moreover, aprogram may be designed to find a virus based on the general
behaviour ofviruses. In this latter case the virus is not known to the program
and such products do not identify the virus by name although the program
can give some information based on the behaviour of the virus. Another
aspect is that a product can detect a virus after infection has occurred or
before the infection to new objects occurs. From the identification and
prevention mechanisms we can construct two dimensional table.However it
is important to note that antivirus product typically contain several types of
different program and the program are often integrated
3 | SUBHADIP BHADRA(1070097) MCA 4th Semester
construct a two-dimensional table (Table 1). However, it is important to note
Seminar Report Anti-virus
Table 1:Two-dimensional classification antivirus program
.
3. HOW ANTIVIRUS WORKS
An anti-virus software program is a cprogram that can be used to scan files
to identify and eliminate computer viruses and other malicious software
(malware).Anti-virus software typically uses two different techniques to
accomplish this:
Examining files to look for known viruses by means of a viru
dictionary
Identifying suspicious behavior from anycomputer program
which might indicate infection
3.1Virus dictionary approach:
In the virus dictionary approach, when the anti-virus software examines a
4 | SUBHADIP BHADRA(1070097) MCA 4th Semester
Seminar Report Anti-virus
file, it refers to a dictionary of known viruses that have been identified by
the author of the anti-virus software. If a piece of code in the file matches
any virus identified in the dictionary, then the anti-virus software can then
either delete the file, quarantine it so that the file is inaccessible to other
programs and its virus is unable to spread, or attempt to repair the file by
removing the virus itself from the file.
To be successful in the medium and long term, the virus dictionary
approach requires periodic online downloads of updated virus dictionary
entries. As new viruses are identified "in the wild", civically minded and
technically inclined users can send their infected files to the authors of anti-
virus software, who then include information about the new viruses in their
dictionaries.
Dictionary-based anti-virus software typically examines files when the
computer's operating system creates, opens, and closes them; and when the
files are e-mailed. In this way, a known virus can be detected immediately
upon receipt. The software can also typically be scheduled to examine all
files on the user's hard disk on a regular basis.
Although the dictionary approach is considered effective, virus authors have
tried to stay a step ahead of such software by writing "polymorphic viruses",
which encrypt parts of themselves or otherwise modify themselves as a
method of disguise, so as to not match the virus's signature in the dictionary.
3.2 Suspicious behavior approach:
The suspicious behavior approach, by contrast, doesn't attempt to identify
known viruses, but instead monitors the behavior of all programs. If one
program tries to write data to an executable program, for example, this is
flagged as suspicious behavior and the user is alerted to this, and asked what
5 | SUBHADIP BHADRA(1070097) MCA 4th Semester
Seminar Report Anti-virus
to do.
Unlike the dictionary approach, the suspicious behavior approach therefore
provides protection against brand-new viruses that do not yet exist in any
virus dictionaries. However, it also sounds a large number of false positives,
and users probably become desensitized to all the warnings. If the user clicks
"Accept" on every such warning, then the anti-virus software is obviously
useless to that user. This problem has especially been made worse over the
past 7 years, since many more nonmalicious program designs chose to
modify other .exes without regards to this false positive issue.Thus,most
modern anti virus software uses this technique less and less.
Other ways to detect viruses:
Some antivirus-software will try to emulate the beginning of the code of
each new executable that is being executed before transferring control to the
executable. If the program seems to be using self-modifying code or
otherwise appears as a virus (it immeadeatly tries to find other executables),
one could assume that the executable has been infected with a virus.
However, this method results in a lot of false positives.
Yet another detection method is using a sandbox. A sandbox emulates the
operating system and runs the executable in this simulation. After the
program has terminated, the sandbox is analysed for changes which might
indicate a virus. Because of performance issues this type of detection is
normally only performed during on-demand scans.
The dictionary approach to detecting virus is often insufficient due to the
continual creation of new viruses,yet the suspicious behaviour approach is
ineffective due to detect false positive alarm;hence,the current understanding
of anti-virus software will never conquer computer virus.
6 | SUBHADIP BHADRA(1070097) MCA 4th Semester
Seminar Report Anti-virus
4.ANTIVIRUS PRODUCT VIRUS DETECTION
ANALYSIS
Each product type requires different analysis approaches.A virus test bed
can be used for evaluating products which will detect or prevent known
viruses.A virus test bed can be utilised for products which will detect or
prevent unknown viruses,but vulnerability analysis is also required.If the
virus test bed are divide into different categories,this can be utilised while
analysing antivirus products.The different virus categories of the test bed
are examples and the classification can be differerent depending on the
analysis method and products evaluated .If the test bed is divided into
different categories ,this will help analysis of product.
Antivirus product catego Current antivirus product
7 | SUBHADIP BHADRA(1070097) MCA 4th Semester
Seminar Report Anti-virus
represent the category
Detecting known virus: known virus scanner
Preventing known virus: memory resident known virus