-
February 20th, 2002, 06:29 AM
#1
Junior Member
How does a Anti virus work
hi there, can anybody tell me how does a anitivirus work (in detail plz) coz i know that a AV scans through a file searching for the mention of the words .exe and .com
but how does it remove it ??? does it take a backup of the original file and then compare it???
eg. if a dll is detected then how does norton delete it and replace with the original one
????
PLZ help
-
February 20th, 2002, 06:39 AM
#2
well for one.. i have a txt files of exploits and source codes of thousands of viruses.. and the scanner picks it up even its not in its final form yet.. so im thinkin the AV has a database of the source codes.. and if it sees somefin dat looks like the source codes of da virus files it has.. it picks it up.. fixing it is not that hard.. it just removes the "foregin" entries in the file.. normally when a file is infected the size gets bigger.. dat means somefin is added to it.. it juz takes away that foreighn codes and puts it back to normal..
-
February 20th, 2002, 07:23 AM
#3
Senior Member
there's 3 basic ways thats antiviruses work:
1. scanners - all programs, including viruses, will contain sets of instructions unique to that program, called it's signiture. scanners will have a database of known signitures, and will scan your files looking for matches. the problem with scanners is that it won't detect anything not in it's database, or it could be possible to modify it's database.
2. integrity checkers - will examine all the files on your hard disck and calculate a value called a checksum based on it's size and structure. if a virus modifies the file, the next time the checker examines the file, it will notice that the new checksum won't match the old, and will give you a warning. the problem with integrity checkers is that it generates many false positives.
3. heuristic - will look for instructions that "shouldn't be there". for example, an mp3 player that looks at your file registry. again, the problem here is that it generates a lot of false positives.
the best antivirus software will be one that uses a combination of these parts.
U suk at teh intuhnet1!!1!1one
-
February 20th, 2002, 07:28 AM
#4
Mainly two ways. I does'nt have to be technical.
They:
1. Look for virii and trojan definitions. Basically a fingerprint of the asembled code or unassembled code.
2. Hiuristics. It's looks for unusual code changes. Ie...changes in file sizes etc...
Go here for a downloadable e-book. They have several on a few topics including virii.
http://members.iinet.net.au/~shanev/Main.html
The COOKIE TUX lives!!!!
Windows NT crashed,I am the Blue Screen of Death.
No one hears your screams.
-
October 13th, 2004, 05:13 PM
#5
think i got a solution for that! and not only that if u want to know about working of anything you can just visit the website:
www.howstuffworks.com
happy surfing
-
October 13th, 2004, 05:19 PM
#6
Originally posted here by akshayakrsh
think i got a solution for that! and not only that if u want to know about working of anything you can just visit the website:
www.howstuffworks.com
happy surfing
Please look at the date of the threads you are posting to.
Seemingly trying to jack up a post count...??
You have pasted the same answer in several very old posts!!
Try reading the AO site FAQ please.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|