How Antivirus works?
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: How Antivirus works?

  1. #1

    How Antivirus works?

    What is in a virus that defines it to a virus scanner?
    eg. Size, Name..........

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    AntiVirus software uses things called "signatures" ... Most Virii / Worms will have signature (within the code) that will alert the anti-virus...

    These signatures are virii specific, so updates are mandatory to keep your system clean!
    yeah, I\'m gonna need that by friday...

  3. #3
    Junior Member
    Join Date
    Feb 2003
    Posts
    19

    Re: How Antivirus works?

    Originally posted here by ACHT_2003
    What is in a virus that defines it to a virus scanner?
    eg. Size, Name..........
    Like tampabay420 said, there are this signatures which basically work like this:

    |------------------------------------------------------------------|
    | Executable .... | attached virus .. 01 02 03 04 05 ...|
    |------------------------------------------------------------------|

    What I am trying to say by this pathetic drawing is that the virus attached to the executable has one CONSTANT string 01 02 ... which can be always found in every infected file... That is the signature.

    Of course, there are polymophic viruses, which modify themselves with each generation, so finding a signature for them is (nearly) impossible... To find them AV had developed Code Emulation Systems and heuristical methods... Look on Google, you'll find lots of infos.

  4. #4
    Is there a way to make that sig change bases upon like time or somthing?

  5. #5
    Banned
    Join Date
    Dec 2002
    Posts
    394
    Well basically the scanner trys to read code of program for info that its contain inside to make it copy itself to other progs. That why some virii use encrpytion techinques to defeat this but if it is polymorphic then it looks for the decrpytor within the code beening spreaded to other progs. The signatures carry other known techinques of other virii that are not in the wild.

    Oh yea, check for updates as the last ? dunno:|

  6. #6
    Junior Member
    Join Date
    Apr 2003
    Posts
    7
    Actually, signature scanners only find viruses that are already known or very similar and derivative of known viruses. Viruses in the wild, or on the "wild list" should be found by all major antivirus programs signature scanners. Heuristic engines are the methods that have problems with encrypted viruses.

  7. #7
    Banned
    Join Date
    Dec 2003
    Posts
    138
    Once I got a virus that even infected my own Norton Anti Virus.I wonder how that happened........

  8. #8
    Member
    Join Date
    Jun 2003
    Posts
    57
    Most worms and Virii go for vulnerabilities in running services or software programs. Most often worms are a buffer overflow of some kind and Virii are executables that install themselves once they are activated. There are more ways to activate them than I really care to list right now but use your imagination, they run from a user clicking on something to open it to scheduled events, to being called by other services Etc, Etc, Etc....

    Any way if your Norton was Infected then either someone used a known vulnerability in one of the Symantec services that run in the background, or it was coded to look for default Norton directories and files when it was activated.
    \"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain

  9. #9
    Banned
    Join Date
    Dec 2003
    Posts
    138
    I guess you're right.Whatever it was,it sucked!

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    The method of virus detection that has not been mentioned is "behavioural". This method looks at what an unknown is about to do (e.g. write to the Registry). Some sophisticated methods will put the suspected item in a "sandbox", let it run, and see what it tries to do.

    The main point is that IMHO you cannot rely on a firewall and AV alone.....you need secondary defences.

    http://www.winpatrol.com
    http://www.diamondcs.com.au

    Try Win Patrol and Registry Prot

    Good Luck
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides