-
7/27/2019 Virus1.ppt
1/17
Virus and Antivirus
Team members:
- Muzaffar Malik- Kiran Karki
-
7/27/2019 Virus1.ppt
2/17
Virus
Computer viruses are small software programsdesigned to transfer
from one computer toanother.
A virus is simply a computer program that isintentionally
written to attach itself to other
programs and replicate whenever thoseprograms are executed .
Viruses can easily spread by e-mail attachmentor instant
messaging messages.
Virus can be spread by downloading unnecessaryfiles from
Internet.
Viruses can be disguised as attachments of funnyimages, greeting
cards, or audio and video files.
-
7/27/2019 Virus1.ppt
3/17
-
7/27/2019 Virus1.ppt
4/17
History
The creeper virus was first detected on
ARPANET, in early 1970s
Propagated from TENEX operating
system.( modem are dialed and connected to remote computers and
infect them )
The first pc virus was a boot sector virus
called brain, created by Basit and Amjad
Farooq Alvi, in 1986, Lahore, Pakistan.
This virus copies itself from the software.
-
7/27/2019 Virus1.ppt
5/17
Traditional computer viruses
First widely seen in the late 1980s,
Technology development encouraged
virus creation.
Development of personal computers.
Due to the internet.
Development of floppy disks.
-
7/27/2019 Virus1.ppt
6/17
How Virus Works?
When we run infected program it loads into thememory and stars
running as well. It also has
an ability to infect other programs. When virus runs
unidentified programs it adds
itself to it.
When we transfer some programs and files to
our friend either through email, cd, and floppydisk, our friends
computer can also be affectedas well.
-
7/27/2019 Virus1.ppt
7/17
Type
Trojan horses
A Trojan horse is a simple computer program. Theprogram damage
when we run it. It can even damagehard disk. Trojan horses cant
replicate automatically.
E-mail virusesAn e-mail virus travels as an attachment to
email-message and usually replicates itself by automaticallymailing
itself to the entire contact list on our email
address book. Some e-mail viruses don't even require adouble-
click. If we hit once, it directly passes to system.
-
7/27/2019 Virus1.ppt
8/17
Type cont..
Worms
A worm is a small piece of software that usescomputer networks
and security holes to replicate itself.
A copy of the worm scans the network for anothermachine that has
a specific security hole. It copies itselfto the new machine using
the security hole, and thenstarts replicating from there, as
well.
Cross-site scripting viruses are among the new virus.They use
cross-site scripting for propagation. Myspace andYahoo are most
affected sites due to this virus.
-
7/27/2019 Virus1.ppt
9/17
Safety measures for Viruses
Run a secure operating system like UNIX. Buy virus protection
software and install in PCs.
Avoid program from unknown sources (INTERNET).
Use commercial software.
For Microsoft application, Macro Virus Protection
should be enabled.
Never download unknown email attachment.
Block receiving and sending executable codes.
Solution is Antivirus software
-
7/27/2019 Virus1.ppt
10/17
Antivirus-Software
Softwares that attempt to identify and
eliminate computer viruses and other
malicious software (malware).
Sophisticated - But virus creators are
always one step ahead.
Detection - This is the key to antivirus
software.
-
7/27/2019 Virus1.ppt
11/17
Detection Techniques
Scanning
Integrity Checking
Interception/ Heuristic Detection
Scanning is the most commonly used
technique in antivirus software.
-
7/27/2019 Virus1.ppt
12/17
Scanning
Also known as Virus Dictionary Approach.
Scanner scans the hard disk, memory,
boot sector for code snippets.
If code snippet in a file matches any virus
in the dictionary, appropriate action is
taken.
-
7/27/2019 Virus1.ppt
13/17
-
7/27/2019 Virus1.ppt
14/17
Integrity Checker
Keeps track of threats by monitoring
changes to files.
Maintains information about important files
on disk, usually by calculating checksums
If a file changes due to virus activity, its
checksum will change.
E.g. Norman Virus Control.
-
7/27/2019 Virus1.ppt
15/17
Integrity Checker
Advantages
- Constants updates are not necessary.
- Can be used to detect new viruses.
- Can also detect other damages to data e.g. corruption.
Disadvantages
- False Positives.- Cant differentiate between corrupted and
infected data.
-
7/27/2019 Virus1.ppt
16/17
Heuristic Virus Checking
Generic mechanism for virus detection.
Rule based.
Rules differentiate a virus from a nonvirus.
If a code snippet follows the defined rules,
it is marked as a virus. E.g. F-secure antivirus software.
-
7/27/2019 Virus1.ppt
17/17
Heuristic Virus Checking
Advantages
- No need to download updated list of viruses weekly.
- Can be used to detect new viruses.
Disadvantages
- False Positives.
- Virus creators can write viruses that do not follow the
rules.
