31-08-2012, 05:02 PM
ANTIVIRUS SOFTWARE
antivirus.docx (Size: 16.04 KB / Downloads: 45)
From the early viruses, created as experiments in the eighties, to the latest malicious code, one of the biggest worries for all computer users is the threat of viruses entering their systems.
To prevent viruses from entering a system there are basically just two options. The first of these is to place the computer in a protective 'bubble'. This in practice means isolating the machine; disconnecting it from the Internet or any other network, not using any floppy disks, CD-ROMs or any other removable disks. This way you can be sure that no virus will get into your computer. You can also be sure that no information will enter the computer, unless it is typed in through the keyboard. So you may have a fantastic computer, the perfect data processing machine...but with no data to process. If you're happy with that, your computer will be about as much use as a microwave oven.
The second option is to install an antivirus program. These are designed to give you the peace of mind that no malicious code can enter your PC. But how do they do it? How does the program let you install a game, but prevent a virus from copying itself to disk? Well, this is how it works..
An antivirus program is no more than a system for analyzing information and then, if it finds that something is infected, it disinfects it. The information is analyzed (or scanned) in different ways depending on where it comes from. An antivirus will operate differently when monitoring floppy disk operations than when monitoring e-mail traffic or movements over a LAN. The principal is the same but there are subtle differences.
How does anti-virus software work?
An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware).
Anti-virus software typically uses two different techniques to accomplish this:
• Examining files to look for known viruses by means of a virus dictionary
• Identifying suspicious behavior from any computer program which might indicate infection
Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Virus dictionary approach
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.
To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.
Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.
Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.
antivirus.docx (Size: 16.04 KB / Downloads: 45)
From the early viruses, created as experiments in the eighties, to the latest malicious code, one of the biggest worries for all computer users is the threat of viruses entering their systems.
To prevent viruses from entering a system there are basically just two options. The first of these is to place the computer in a protective 'bubble'. This in practice means isolating the machine; disconnecting it from the Internet or any other network, not using any floppy disks, CD-ROMs or any other removable disks. This way you can be sure that no virus will get into your computer. You can also be sure that no information will enter the computer, unless it is typed in through the keyboard. So you may have a fantastic computer, the perfect data processing machine...but with no data to process. If you're happy with that, your computer will be about as much use as a microwave oven.
The second option is to install an antivirus program. These are designed to give you the peace of mind that no malicious code can enter your PC. But how do they do it? How does the program let you install a game, but prevent a virus from copying itself to disk? Well, this is how it works..
An antivirus program is no more than a system for analyzing information and then, if it finds that something is infected, it disinfects it. The information is analyzed (or scanned) in different ways depending on where it comes from. An antivirus will operate differently when monitoring floppy disk operations than when monitoring e-mail traffic or movements over a LAN. The principal is the same but there are subtle differences.
How does anti-virus software work?
An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer viruses and other malicious software (malware).
Anti-virus software typically uses two different techniques to accomplish this:
• Examining files to look for known viruses by means of a virus dictionary
• Identifying suspicious behavior from any computer program which might indicate infection
Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Virus dictionary approach
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.
To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.
Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis.
Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.