-
March 4th, 2003, 05:44 PM
#1
Banned
How Antivirus works?
What is in a virus that defines it to a virus scanner?
eg. Size, Name..........
-
March 4th, 2003, 06:00 PM
#2
AntiVirus software uses things called "signatures" ... Most Virii / Worms will have signature (within the code) that will alert the anti-virus...
These signatures are virii specific, so updates are mandatory to keep your system clean!
yeah, I\'m gonna need that by friday...
-
March 4th, 2003, 06:33 PM
#3
Junior Member
Re: How Antivirus works?
Originally posted here by ACHT_2003
What is in a virus that defines it to a virus scanner?
eg. Size, Name..........
Like tampabay420 said, there are this signatures which basically work like this:
|------------------------------------------------------------------|
| Executable .... | attached virus .. 01 02 03 04 05 ...|
|------------------------------------------------------------------|
What I am trying to say by this pathetic drawing is that the virus attached to the executable has one CONSTANT string 01 02 ... which can be always found in every infected file... That is the signature.
Of course, there are polymophic viruses, which modify themselves with each generation, so finding a signature for them is (nearly) impossible... To find them AV had developed Code Emulation Systems and heuristical methods... Look on Google, you'll find lots of infos.
-
March 5th, 2003, 02:56 AM
#4
Banned
Is there a way to make that sig change bases upon like time or somthing?
-
March 5th, 2003, 08:00 AM
#5
Well basically the scanner trys to read code of program for info that its contain inside to make it copy itself to other progs. That why some virii use encrpytion techinques to defeat this but if it is polymorphic then it looks for the decrpytor within the code beening spreaded to other progs. The signatures carry other known techinques of other virii that are not in the wild.
Oh yea, check for updates as the last ? dunno:|
-
June 5th, 2003, 06:19 AM
#6
Junior Member
Actually, signature scanners only find viruses that are already known or very similar and derivative of known viruses. Viruses in the wild, or on the "wild list" should be found by all major antivirus programs signature scanners. Heuristic engines are the methods that have problems with encrypted viruses.
-
December 6th, 2003, 10:52 PM
#7
Banned
Once I got a virus that even infected my own Norton Anti Virus.I wonder how that happened........
-
December 6th, 2003, 11:05 PM
#8
Member
Most worms and Virii go for vulnerabilities in running services or software programs. Most often worms are a buffer overflow of some kind and Virii are executables that install themselves once they are activated. There are more ways to activate them than I really care to list right now but use your imagination, they run from a user clicking on something to open it to scheduled events, to being called by other services Etc, Etc, Etc....
Any way if your Norton was Infected then either someone used a known vulnerability in one of the Symantec services that run in the background, or it was coded to look for default Norton directories and files when it was activated.
\"If you take a starving dog in off the street and make him prosperous he will not bite you, this is the principle difference between a dog and a man\" - Mark Twain
-
December 7th, 2003, 10:08 PM
#9
Banned
I guess you're right.Whatever it was,it sucked!
-
December 7th, 2003, 11:16 PM
#10
The method of virus detection that has not been mentioned is "behavioural". This method looks at what an unknown is about to do (e.g. write to the Registry). Some sophisticated methods will put the suspected item in a "sandbox", let it run, and see what it tries to do.
The main point is that IMHO you cannot rely on a firewall and AV alone.....you need secondary defences.
http://www.winpatrol.com
http://www.diamondcs.com.au
Try Win Patrol and Registry Prot
Good Luck
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|