1.INTRODUCTION
Dangers loom everywhere on the internet, and when surfing the net, It is always better to be safe than sorry. Even though you may not Intentionally visit suspicious websites, one wrong click to a seemingly innocent site can still leave your computer infected with a malicious computer virus or malware. Once on your computer, these harmful programs can steal your sensitive information and destroy your files. Often, infected machines need to have their hard drives wiped completely clean in order to truly eradicate the virus. This results in the loss of files, photos and other vital data. Hackers and other miscreants are constantly churning out new viruses and malware that is designed to steal financial information, website passwords and other sensitive informatio from innocent victims. Millions of new viruses pop up each year and new threats are discovered every day. In this constantly changing environment, it is impossible to completely avoid the threat of viruses, but using trustworthy antivirus software can minimize your risk for infection and the damage done.
2. ANTIVIRUS
2.1 THE BASICS OF ANTIVIRUS PROGRAM
An antivirus program is designed to protect our computer from possible virus infection. Since most viruses are designed to run in the background, most users do not know when their computer is infected.Virus protection programs serve to search for, detect, and remove these viruses. Antivirus programs must be kept up-to-date in order for them to able to Detect new viruses.
Each product type requires different analysis approaches.A virus test bed can be used for evaluating products which will detect or prevent known viruses.A virus test bed can be utilised for products which will detect or prevent unknown viruses,but vulnerability analysis is also required.If the virus test bed are divide into different categories,this can be utilised while analysing antivirus products.The different virus categories of the test bed are examples and the classification can be differerent depending on the analysis method and products evaluated .If the test bed is divided into different categories ,this will help analysis of product.
memory resident heuristic Sacnners,behaviour blockers and memory resident checksum calculation programs
14
6. ANTIVIRUS APPROACHES
The ideal solution to the threat of viruses is prevention. Do not allow a virus is get into the system in first place. This goal is in general difficult to achieve, although prevention can reduce the no: of successful viral attacks. The next best approach is to be able to do the following. Detection: Once the infection has occurred, determine that it has occurred and locate the virus. Identification: Once detection has been achieved, identify the specific virus 16 | SUBHADIP BHADRA(1070097) MCA 4th Semester
6.1 SCANNERS
Scanners are programs that scan the executable objects (files and boot sectors) for the presence of code sequences that are present in the known viruses. Currently, these are the most popular and the most widely used kind of anti-virus programs. There are some variations of the scanning technique, like virus removal programs (programs that can "repair" the infected objects by removing the virus from them), resident scanners (programs that are constantly active in memory and scan every file before it is executed), virus identifiers (programs that can recognize the particular virus variant exactly by keeping some kind of map of the non-modifiable parts of the virus body and their checksums), heuristic analyzers (programs that scan for particular sequences of instructions that perform some virus-like functions), and so on. The reason that this kind of anti-virus program is so widely used nowadays is that they are relatively easy to maintain. This is especially true for the programs which just report the infection by a known virus variant, without attempting exact identification or removal. They consist mainly of a searching engine and a database of code sequences (often called virus signatures or scan strings) that 17 | SUBHADIP BHADRA(1070097) MCA 4th Semester
6.2 MONITORS
The monitoring programs are memory resident programs, which constantly monitor some functions of the operating system. Those are the functions that are considered to be dangerous and indicative for virus-like behavior. Such functions include modifying an executable file, direct access of the disk bypassing the operating system, and so on. When a program tries to use such a function, the monitoring program intercepts it and either denies it completely or asks the user for confirmation. Unlike the scanners, the monitors are not virus-specific and therefore need not to be constantly updated. Unfortunately, they have other very serious drawbacks - drawbacks that make them even weaker than the scanners as an anti-virus defense and almost unusable today. The most serious drawback of the monitors is that they can be easily bypassed by the so-called tunneling viruses. The reason for this is the total lack of memory protection in most operating systems for personal computers. Any program that is being executed (including the virus) has full access to read and/or modify any area of the computer's memory - including the parts of the operating system. Therefore, any monitoring program can be disabled because the virus could simply patch it in the memory. There are other clever techniques as interrupt tracing, DOS scanning, and so on, which allow the viruses to find the original handlers of any operating system function. Afterwards, this function can be called directly, thus bypassing any monitoring programs, which watch for it. Another drawback of the monitoring programs is that they try to detect a virus by its behavior. This is essentially impossible in the general case, as proven in 20 | SUBHADIP BHADRA(1070097) MCA 4th Semester
23
24
25
26
27