Post on 03-Sep-2014
description
POWERPOINT POWERPOINT PRESENTATIONPRESENTATION
ONON
ANTI-VIRUS ENGINEANTI-VIRUS ENGINE
SUBMITTED BYSUBMITTED BY
SHILPA CSHILPA CCP1117CP1117
11stst semester semester Msc.ComputerScienceMsc.ComputerScience
ANTI-VIRUS ENGINEANTI-VIRUS ENGINE
What is a Virus?What is a Virus?
• A virus is basically an executable file is designed such that of all it should be infect documents, then it has to have the ability to survive by replicating itself and then it should also be avoid detection.
Basics about the virus……..Basics about the virus……..
• Virus is program that self-replicate.• Virus is not a data.• You can only catch the virus by running a
program.• Your computer can run all kinds of programs.• Most viruses are difficult to detect.• Computer viruses not inherently destructive.• Viruses are designed to corrupt or delete data on
the hard disk.
Types of virusesTypes of viruses
1. File or program virus.2. Boot Sector Virus (MBR or Master Boot
Record).3. Multipartite Virus.4. Stealth Virus.5. Polymorphic Virus.6. Macro Virus.
Functional elements of virus.Functional elements of virus.
Fig 1.Functional diagram of a virus.
virus
Anti detection routines
copy search
NOTESNOTES
• Every visible computer virus must have at least 2 basic parts (subroutine).
1.A search routine 2.A copy routine 3.An anti-detection routine
Virus In Detail…..Virus In Detail…..
1.File or program virus some programs are in disguise ,when
they load the memory along with the program and perform some steps and infect the system. They infect the program files like
.COM, .BIN, .DRV, .EXE AND .SYS.
FFFFHFFFFH
• Fig 2. Memory map just before executing a COM file.
sp Stack area
Uninitialized data
COM file image
PSP ip 100 H
OH
cs=ds=es=ss
Uninfected host COM file
mov dx , 257 H
BEFORE AFTER
mov dx,257H
Timed virus
Infected host COM file
Jmp 154AH100H100H
Fig 3.Replacing the first bytes in a COM file.
EXE File Header
Relocation pointer table
EXE Load module
Fig 4.The layout of an EXE File
22.. Boot sector virusBoot sector virus
• Boot sector virus can be the simplest or the most sophisticated of all computer Viruses.
•Boot sector is the first code to gain control after the ROM startup.
•It is very difficult to stop before it loads.
3.Multipartite virus3.Multipartite virus
•A hybrid verity virus.
•Only infects files and boot sector.
•More destructive.
•More difficult to remove.
•Once it infect to the boot sector it never stops.
•Example: invader,Flip.
4.Stealth virus4.Stealth virus•They are stealth in nature.
•They have various methods to hide themselves.
•They highly avoid detection.
•Sometimes they reduce the file size sometimes increases.
•Though it try to avoid detection from scanners.
•Example: whale virus.
5.Polymorphic virus5.Polymorphic virus
•They are the most difficult virus to detect.
•They have the ability to mutate.
•Anti viruses which look for the specific virus code are not able to detect such viruses.
6.Macro virus6.Macro virus
•A macro is an executable program embedded in a word processing document or other type of file.
•Once the macro is running it can copy to other documents, deleting files etc.
•Example: Have a Nice Day, concept.
Anti-virus EngineAnti-virus Engine
Anti-virus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.
Anti-virus ApproachesAnti-virus Approaches
• Detection
• Identification
• Removal
Anti-virus TechniquesAnti-virus Techniques
• Scanars
• Monitors
• Integrity Checking
Basic virus defenseBasic virus defense
• Install antivirus softwares.• Do not open e-mail attachments.• Do not install new programs without first
notifying IT.• Install a firewall on your workstation.• Scan your system regularly.• Do not visit unauthorized web sites.
Thank You………Thank You………