Antivirus Programs

Mr.Anuj B. Pawar.

Contents: What is Computer virus ? Types of viruses Introduction to Antivirus Program How an Antivirus works What to do when suspecting virus attack General precautions you should take

What is a Computer Virus?

A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. With an ability to replicate itself, thus continuing to spread. Also, known as Malicious Software, a program that can cause damage to a computer.

The computer viruses can damage or corrupt data, modify existing data, or degrade the performance of the system by utilizing resources such as memory or disk space.

Classification of Computer viruses: Boot sector virus Master Boot Record virus (MBR) File infector virus Multipartite virus Macro virus Worms Trojans

Boot sector virus Boot sector viruses generally hide in the

boot sector, either in the bootable disk or the hard drive.

Error message “Invalid system disk”

E.g. Form, Disk Killer, Michelangelo, Stoned.

Master Boot Record (MBR) virus MBR viruses are memory-resident viruses

that infect disks in the same manner as boot sector viruses.

E.g. AntiEXE, Unashamed, NYB

File infector virus File infector viruses infect program files.

Normally infect executable code, such as .COM, .SYS, .BAT and .EXE files.

E.g. Snow.A, Jerusalem, Cascade

Multipartite virus Multipartite (also known as polypartite)

viruses infect both boot records and program files.

E.g. One_Half, Emperor, Anthrax, Tequilla.

Macro virus Macro viruses infect files that are created

using certain applications or programs that contain macros.

They infect documents created from Microsoft Office Word, Excel, PowerPoint and Access files.

E.g.W97M.Melissa, Bablas, WM.NiceDay, W97M.Groov.

Computer Worms Worms are programs that replicate

themselves from system to system without the use of a host file. The worms are spread through networks like LAN, WAN and also through Internet. There are various ways by which a worm spreads, through Internet like E-mails, Messaging and Chats.

Worms almost always cause harm to the network, like consuming network bandwidth.

E.g.W32.Mydoom.AX@mm

Computer Trojans Trojan horses are impostors: files that claim to be something

desirable but, in fact, are malicious. Trojan horse programs do not replicate themselves. Trojan horses contain malicious code that when triggered cause loss, or even theft, of data.

E.g. Trojan.Vundo

Retrieving user’s critical information. i.e. name, password.

Spreading malware programs i.e. ‘dropper’ or ‘vector’.

Erasing or overwriting data on a computer.

Spying on a user to gather his information like browsing habits, sites visited etc. These are called Spyware.

Antivirus Software

An antivirus software is a computer program that identify and remove computer viruses, and other malicious software like Worms and Trojans from an infected computer. Not only this, an antivirus software also protects the computer from further virus attacks.

We should regularly run an antivirus program to scan and remove any possible virus attacks from a computer.

Some popular Antivirus..

How an Antivirus works Using dictionary Approach:

The antivirus software examines each and every file in a computer and examines its content with the virus definitions stored in its virus dictionary.

A virus dictionary is an inbuilt file belonging to an antivirus software that contains code identified as a virus by the antivirus authors.

Using Suspicious Behavior Approach:

Antivirus software will constantly monitors the activity of all the programs.

If any program tries to write data on an executable file, the antivirus software will flag the program having a suspicious behavior, means the suspected program will be marked as a virus.

The advantage of this approach is that it can safeguard the computer against unknown viruses also.

The disadvantage is that it may create several false alerts too.

When selecting an Antivirus Software

Real-Time Scanning The antivirus software is automatically

running in the background on a continuous basis, scanning files and folders for possible virus attacks as they are opened or executed, and checking e-mails as they are downloaded.

Most commercial antivirus software provide real time scanning.

Virus Updates Providing regular updates for the virus

dictionary. You should look for antivirus program that provides free virus updates on a periodic basis.

With the current outburst in macro and script-based viruses, virus updates that address the latest threats are essential.

Most commercial antivirus software in today’s scenario provide virus updates on daily basis.

Configuring your Antivirus software

Adjust the settings to scan all (*all*) files. Also, ensure that real time scanning is enabled by default.

Create a recovery/reference/cure disk because if a boot sector or MBR virus attack the system, it may fail to boot. In that case, recovery cure disk can be used to boot the system and remove the virus.

Read the vendors manual. This will help you to understand the advanced options and how to use them according to your preference.

What to do on Suspecting Virus attack?

Disconnect the suspected computer system from the Internet as well as from the Local Network.

Start the system in Safe Mode or from the Windows boot disk, if it displays any problem in starting.

Take backup of all crucial data to an external drive.

Install antivirus software if you do not have it installed.

Now, download the latest virus definitions updates from the internet. (do it on a separate computer)

Perform a full system scan.

General precautions you should take When inserting removable media (floppy, CD,

flash drive etc.) scan the whole device with the antivirus software before opening it.

If you have internet access, make sure you use internet security software.

Get Windows updates. From time to time, update your installed

software to their latest version. E.g. (MS Office, Adobe Reader, java, Flash player etc.)

Last but not least, you should have an updated antivirus guarding your PC all time.

Thank You….

_ap