Results 1 to 2 of 2
  1. 22-08-11, 06:26 AM #1
    Pallav
    Pallav is offline
    Administrator
    Join Date
    Jan 2010
    Posts
    35

    Question How Anti-Virus Software Works





    Before any virus can be dealt with it has to be identified. How does a software application do this ? With all the code that's shooting through a computer at any given time, how does it know which is and isn't harmful? Well there are ways to make this work, the simplest of them being by identifying signatures.

    What a virus signature actually is:

    All viruses have what is known as a signature. These are ways that a string of malware code can be identified. When viruses are discovered for the first time, the antivirus software maker can analyse it, find that signature, and then send it as an update to all the people who are using that application. The signatures are stored in a directory of sorts and when the software does a scan, it checks all of the code it comes across against that directory.

    The whistling method:

    Those who make viruses have been getting better at it and signatures aren't always the best way to track them down. Not only are they creating ways to avoid detection, but it's also not possible to identify a virus that way until it's already struck. A new method has emerged recently for protecting against viruses that's known as whistling. In this method, the software tracks executable code that's been deemed safe and whenever something that's not on the safe list tries to launch, the user is asked for permission.

    Casting suspicion:

    Here, the antivirus software looks for executable files that are operating in a suspicious manner. This way they don't need to rely solely on signatures of known viruses but they can identify unknown ones as well. A problem with this is that viruses have been finding ways around this tactic, and worse, users have become trained to ignore the warnings because they can happen a lot of the time during false positives.

    The heuristic approach:

    This approach is taken by the more advanced types of antivirus software at times. It analyses code and discovers what it is designed to do. Much like searching for suspicious behaviours, this method searches for suspicious intent. This method can also involve running a certain piece of code on a virtual system so as to see what it actually does, thereby taking it away from the target at that moment.
    Reply With Quote Reply With Quote
  2. 18-03-12, 03:29 PM #2
    TheMightyEddy
    TheMightyEddy is offline
    Junior Member
    Join Date
    Mar 2012
    Posts
    6
    Very good Pallav! And about the virus signatures, it's really easy these days to string some kind of code or hash to a program and people without noticing it will download the program which turns out to be a virus. So be careful everyone as you never know what your downloading might be harmful or helpful.
    Reply With Quote Reply With Quote
 

 
« Previous Thread | Next Thread »

LinkBacks (?)

  1. How Anti-Virus Software Works
    Refback This thread
    22-08-11, 11:46 AM

Similar Threads

  1. How-to Check if your Anti-virus is working or not
    By Pallav in forum General
    Replies: 2
    Last Post: 04-06-10, 12:33 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

© HCK.IN Forums
All times are GMT. The time now is 10:57 AM.