Virus1.ppt

Embed Size (px)

Citation preview

  • 7/27/2019 Virus1.ppt

    1/17

    Virus and Antivirus

    Team members:

    - Muzaffar Malik- Kiran Karki

  • 7/27/2019 Virus1.ppt

    2/17

    Virus

    Computer viruses are small software programsdesigned to transfer from one computer toanother.

    A virus is simply a computer program that isintentionally written to attach itself to other

    programs and replicate whenever thoseprograms are executed .

    Viruses can easily spread by e-mail attachmentor instant messaging messages.

    Virus can be spread by downloading unnecessaryfiles from Internet.

    Viruses can be disguised as attachments of funnyimages, greeting cards, or audio and video files.

  • 7/27/2019 Virus1.ppt

    3/17

  • 7/27/2019 Virus1.ppt

    4/17

    History

    The creeper virus was first detected on

    ARPANET, in early 1970s

    Propagated from TENEX operating

    system.( modem are dialed and connected to remote computers and infect them )

    The first pc virus was a boot sector virus

    called brain, created by Basit and Amjad

    Farooq Alvi, in 1986, Lahore, Pakistan.

    This virus copies itself from the software.

  • 7/27/2019 Virus1.ppt

    5/17

    Traditional computer viruses

    First widely seen in the late 1980s,

    Technology development encouraged

    virus creation.

    Development of personal computers.

    Due to the internet.

    Development of floppy disks.

  • 7/27/2019 Virus1.ppt

    6/17

    How Virus Works?

    When we run infected program it loads into thememory and stars running as well. It also has

    an ability to infect other programs. When virus runs unidentified programs it adds

    itself to it.

    When we transfer some programs and files to

    our friend either through email, cd, and floppydisk, our friends computer can also be affectedas well.

  • 7/27/2019 Virus1.ppt

    7/17

    Type

    Trojan horses

    A Trojan horse is a simple computer program. Theprogram damage when we run it. It can even damagehard disk. Trojan horses cant replicate automatically.

    E-mail virusesAn e-mail virus travels as an attachment to email-message and usually replicates itself by automaticallymailing itself to the entire contact list on our email

    address book. Some e-mail viruses don't even require adouble- click. If we hit once, it directly passes to system.

  • 7/27/2019 Virus1.ppt

    8/17

    Type cont..

    Worms

    A worm is a small piece of software that usescomputer networks and security holes to replicate itself.

    A copy of the worm scans the network for anothermachine that has a specific security hole. It copies itselfto the new machine using the security hole, and thenstarts replicating from there, as well.

    Cross-site scripting viruses are among the new virus.They use cross-site scripting for propagation. Myspace andYahoo are most affected sites due to this virus.

  • 7/27/2019 Virus1.ppt

    9/17

    Safety measures for Viruses

    Run a secure operating system like UNIX. Buy virus protection software and install in PCs.

    Avoid program from unknown sources (INTERNET).

    Use commercial software.

    For Microsoft application, Macro Virus Protection

    should be enabled.

    Never download unknown email attachment.

    Block receiving and sending executable codes.

    Solution is Antivirus software

  • 7/27/2019 Virus1.ppt

    10/17

    Antivirus-Software

    Softwares that attempt to identify and

    eliminate computer viruses and other

    malicious software (malware).

    Sophisticated - But virus creators are

    always one step ahead.

    Detection - This is the key to antivirus

    software.

  • 7/27/2019 Virus1.ppt

    11/17

    Detection Techniques

    Scanning

    Integrity Checking

    Interception/ Heuristic Detection

    Scanning is the most commonly used

    technique in antivirus software.

  • 7/27/2019 Virus1.ppt

    12/17

    Scanning

    Also known as Virus Dictionary Approach.

    Scanner scans the hard disk, memory,

    boot sector for code snippets.

    If code snippet in a file matches any virus

    in the dictionary, appropriate action is

    taken.

  • 7/27/2019 Virus1.ppt

    13/17

  • 7/27/2019 Virus1.ppt

    14/17

    Integrity Checker

    Keeps track of threats by monitoring

    changes to files.

    Maintains information about important files

    on disk, usually by calculating checksums

    If a file changes due to virus activity, its

    checksum will change.

    E.g. Norman Virus Control.

  • 7/27/2019 Virus1.ppt

    15/17

    Integrity Checker

    Advantages

    - Constants updates are not necessary.

    - Can be used to detect new viruses.

    - Can also detect other damages to data e.g. corruption.

    Disadvantages

    - False Positives.- Cant differentiate between corrupted and infected data.

  • 7/27/2019 Virus1.ppt

    16/17

    Heuristic Virus Checking

    Generic mechanism for virus detection.

    Rule based.

    Rules differentiate a virus from a nonvirus.

    If a code snippet follows the defined rules,

    it is marked as a virus. E.g. F-secure antivirus software.

  • 7/27/2019 Virus1.ppt

    17/17

    Heuristic Virus Checking

    Advantages

    - No need to download updated list of viruses weekly.

    - Can be used to detect new viruses.

    Disadvantages

    - False Positives.

    - Virus creators can write viruses that do not follow the

    rules.