POWERPOINT POWERPOINT PRESENTATIONPRESENTATION

ONON

ANTI-VIRUS ENGINEANTI-VIRUS ENGINE

SUBMITTED BYSUBMITTED BY

SHILPA CSHILPA CCP1117CP1117

11stst semester semester Msc.ComputerScienceMsc.ComputerScience

ANTI-VIRUS ENGINEANTI-VIRUS ENGINE

What is a Virus?What is a Virus?

• A virus is basically an executable file is designed such that of all it should be infect documents, then it has to have the ability to survive by replicating itself and then it should also be avoid detection.

Basics about the virus……..Basics about the virus……..

• Virus is program that self-replicate.• Virus is not a data.• You can only catch the virus by running a

program.• Your computer can run all kinds of programs.• Most viruses are difficult to detect.• Computer viruses not inherently destructive.• Viruses are designed to corrupt or delete data on

the hard disk.

Types of virusesTypes of viruses

1. File or program virus.2. Boot Sector Virus (MBR or Master Boot

Record).3. Multipartite Virus.4. Stealth Virus.5. Polymorphic Virus.6. Macro Virus.

Functional elements of virus.Functional elements of virus.

Fig 1.Functional diagram of a virus.

virus

Anti detection routines

copy search

NOTESNOTES

• Every visible computer virus must have at least 2 basic parts (subroutine).

1.A search routine 2.A copy routine 3.An anti-detection routine

Virus In Detail…..Virus In Detail…..

1.File or program virus some programs are in disguise ,when

they load the memory along with the program and perform some steps and infect the system. They infect the program files like

.COM, .BIN, .DRV, .EXE AND .SYS.

FFFFHFFFFH

• Fig 2. Memory map just before executing a COM file.

sp Stack area

Uninitialized data

COM file image

PSP ip 100 H

OH

cs=ds=es=ss

Uninfected host COM file

mov dx , 257 H

BEFORE AFTER

mov dx,257H

Timed virus

Infected host COM file

Jmp 154AH100H100H

Fig 3.Replacing the first bytes in a COM file.

EXE File Header

Relocation pointer table

EXE Load module

Fig 4.The layout of an EXE File

22.. Boot sector virusBoot sector virus

• Boot sector virus can be the simplest or the most sophisticated of all computer Viruses.

•Boot sector is the first code to gain control after the ROM startup.

•It is very difficult to stop before it loads.

3.Multipartite virus3.Multipartite virus

•A hybrid verity virus.

•Only infects files and boot sector.

•More destructive.

•More difficult to remove.

•Once it infect to the boot sector it never stops.

•Example: invader,Flip.

4.Stealth virus4.Stealth virus•They are stealth in nature.

•They have various methods to hide themselves.

•They highly avoid detection.

•Sometimes they reduce the file size sometimes increases.

•Though it try to avoid detection from scanners.

•Example: whale virus.

5.Polymorphic virus5.Polymorphic virus

•They are the most difficult virus to detect.

•They have the ability to mutate.

•Anti viruses which look for the specific virus code are not able to detect such viruses.

6.Macro virus6.Macro virus

•A macro is an executable program embedded in a word processing document or other type of file.

•Once the macro is running it can copy to other documents, deleting files etc.

•Example: Have a Nice Day, concept.

Anti-virus EngineAnti-virus Engine

Anti-virus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.

Anti-virus ApproachesAnti-virus Approaches

• Detection

• Identification

• Removal

Anti-virus TechniquesAnti-virus Techniques

• Scanars

• Monitors

• Integrity Checking

Basic virus defenseBasic virus defense

• Install antivirus softwares.• Do not open e-mail attachments.• Do not install new programs without first

notifying IT.• Install a firewall on your workstation.• Scan your system regularly.• Do not visit unauthorized web sites.

Thank You………Thank You………