Anti-Virus: What it is and how it

works
By- John Gaikwad
FYBMS
Roll no.:15

What is a computer virus

A computer virus is a small program
written to alter the way a computer
operates without the permission or
knowledge of the owner.
Has an ability to replicate itself and
hence spreads.
Also known as malicious software
known to damage computer software
like damage or corrupt data, modify
existing data or occupy disk space.
07-12-2014

John Gaikwad
Wilson College

07-12-2014

John Gaikwad
Wilson College

Classification of Viruses

Boot Sector Virus

Master Boot Record (MBR) Virus
File Infector Virus
Multipartite Virus
Macro Virus

07-12-2014

John Gaikwad
Wilson College

Boot Sector Viruses

They generally hide in the boot sector, either
in the bootable disk or hard drive.
These viruses are spread rapidly by floppy
disks and not on CD-ROM
Once copied on the memory all floppy disks
that are not write protected will get infected
when the disk is accessed.
Error message Invalid system disk
07-12-2014

John Gaikwad
Wilson College

Master Boot Record(MBR) Virus

They are memory resistant viruses that infect
disks in the same manner as boot sector
viruses.
However it infects the MBR of the system, and
gets activated when the BIOS(Basic InputOutput System) activates the Master Boot
Code.
They normally save a legitimate copy of the
MBR in a different location.
07-12-2014

John Gaikwad
Wilson College

File Infector Virus

Infect program files.
Normally infect executable code such as
.COM, .SYS etc.
Can infect other files when an infected
program is run from Floppy, Hard drive or a
network. Many of these viruses are memory
resistant.
After memory becomes infected any
uninfected file that is run becomes infected.
07-12-2014

John Gaikwad
Wilson College

Multipartite Virus
Also known as polypartite viruses they infect
both boot records and program files.
Particularly difficult to repair. If boot area is
repaired and files are still infected then boot
area will get reinfected.
Vice-Versa.

07-12-2014

John Gaikwad
Wilson College

Macro Virus
Macro are mini programs which help to
automate series of programs which help in
multi tasking and saves time as all are
performed at the same time.
Infect files that are created using certain
applications or programs that use macros.
Platform independent since they are written
in the language of program and not OS.
Infect documents created in Microsoft Office.
07-12-2014

John Gaikwad
Wilson College

Worms and Trojans

Worms are programs tat replicate themselves
without using a host file. They spread through
networks like LAN, WLAN and the internet.
They almost always cause harm to the
network like consuming network bandwidth.

07-12-2014

John Gaikwad
Wilson College

10

Worms and Trojans

Trojan horses are imposters that claim to be
something desirable but end up being
something malicious. They do not replicate
themselves but when triggered cause loss or
theft of data.
Used to retrieve users crucial information like
password, id etc.
Spreading Malware programs like vector or
dropper. Erasing data or overwriting it.
07-12-2014

John Gaikwad
Wilson College

11

07-12-2014

ANTI-VIRUS
John Gaikwad
Wilson College

12

Uses
Used to prevent, detect or remove malware
and/or malicious programs or software from a
computer and to protect it.
Signature-based detection
Searches for known patterns within
executable code.
Heuristics
Used for new malware with no known
signatures.
07-12-2014

John Gaikwad
Wilson College

13

History
Early viruses were limited to self-reproduction
and had no specific damage routine built into
the code.
This changed with more and more
programmers getting acquainted with
programs and creating dangerous viruses.
The first recorded removal of a computer virus
was by Bernd Fix in 1987.
Fred Cohen published papers which were used
by future anti-virus programmers.
07-12-2014

John Gaikwad
Wilson College

14

Identification Methods
There are several methods which antivirus software can use
to identify malware:
Signature based identification is the most common
method.
To identify viruses and other malware, antivirus
software compares the contents of a file to a dictionary of
virus signatures. Because viruses can embed themselves in
existing files, the entire file is searched.
Heuristic-based detection, like malicious activity
detection, can be used to identify unknown viruses.
File emulation is another heuristic approach. File
emulation involves executing a programming a virtual
environment and logging what actions the program
performs.
John Gaikwad
07-12-2014
15
Wilson College

Signature-based Identification
Traditionally, antivirus software heavily relied
upon signatures to identify malware.
This can be very effective, but cannot defend
against malware unless samples have already
been obtained and signatures created.
Because of this, signature-based approaches
are not effective against new, unknown
viruses.
07-12-2014

John Gaikwad
Wilson College

16

Heuristic-based identification
While it may be better to identify a specific virus, it
can be quicker to detect a virus family through a
generic signature or through an inexact match to
an existing signature.
Virus researchers find common areas that all
viruses in a family share uniquely and can thus
create a single generic signature.
These signatures often contain non-contiguous
code, using wildcard characters where differences
lie. These wildcards allow the scanner to detect
viruses even if they are padded with extra,
meaningless code
07-12-2014

John Gaikwad
Wilson College

17

First ever anti-virus

07-12-2014

John Gaikwad
Wilson College

18

07-12-2014

John Gaikwad
Wilson College

19

Comparisons

07-12-2014

John Gaikwad
Wilson College

20

Market Share(2013)

07-12-2014

John Gaikwad
Wilson College

21

Best paid anti-virus

BitDefender Antivirus Plus 2013 $39.95 at
BitDefender,
Norton AntiVirus (2013) $58.87 at Lenovo,
Webroot SecureAnywhere Antivirus 2013
$19.99 at Webroot.

07-12-2014

John Gaikwad
Wilson College

22

Thank You

07-12-2014

John Gaikwad
Wilson College

23