Anti-virus software

Operation

The principal antiviruses of the market concentrate on file S of signatures and then compare the viral signature virus with the codes to be checked. Certain programs also apply the method known as Heuristique tending to discover a malevolent code by its behavior.
Autre method, the analyzes of form rests on filtering based between rules Regexp or others, put in a Fichier junk. This last method can be very effective for the waiters of emails supporting the regexp standard Postfix since it does not rest on a file of signatures.

The antiviruses can sweep the contents of an hard drive, but also the memory of the computer. For most modern, they act upstream of the machine by scanning the file-swapping with outside, as well in rising flow as descendant. Thus, the emails are examined, but also the files copied from or starting from removable supports such as Cédérom S, Disquette S, connections network, key USB…

Approaches

One distinguishes several types of antivirus according to their operation. The first method is that of the dictionary.

Dictionary

The creators of antivirus beforehand having identified and recorded information on the antivirus, as a dictionary would do it, the antivirus can thus detect and locate the presence of a virus. When that occurs, the antivirus has three options, it can:

to try to repair the files damaged by eliminating the virus;
to put the files in Forty so that they cannot be accessible to the other files nor to be spread and that they can possibly be repaired later on;
to remove the contaminated files.

In order to maximize the output of the antivirus, it is essential to carry out frequent updates by downloading more recent versions. Conscientious Net surfers and having good knowledge in data processing can identify themselves of the viruses and send their information to the creators of antivirus software so that their database is updated.

Generally, the antiviruses examine each file when it is created, opened, closed or read. In this manner, the viruses can be identified immediately. It is possible to program the system of administration so that it regularly carries out an examination of the whole of the files on storage space (Hard drive, etc).

Even if the antivirus software very powerful and is regularly updated, the creators of virus also often show inventiveness. In particular, the viruses “oligomorphic S”, “polymorphic S” and more recently, “metamorphic S”, are more difficult to detect.

Suspicious behaviors

Another approach to locate the viruses consists in detecting the suspicious behaviors of the programs. For example, if a program tries to write data on a program carried out, the antivirus will detect this suspicious behavior and the user will warn about it who will indicate measurements to him to be followed.

Contrary to the preceding approach, the method of the suspicious behavior makes it possible to identify very recent viruses which would not be yet known in the dictionary of the antivirus. However, the fact that the users are constantly informed, of false alarms can make them insensitive with the true threats. If the users answer “To accept” with all these alarms, the antivirus will not get any additional protection to them. This problem worsened since 1997, since several inoffensive programs modified certain achievable files without observing these false alarms. This is why, the most modern antiviruses use this method less and less.

Other approaches

L analyzes Heuristique is used by some antiviruses. For example, the antivirus can analyze the beginning of each code of all the new applications before transferring control to the user. If the program seems to be a virus, then the user will be informed by it. However, this method can also lead to false alarms. The discovery method makes it possible to detect the variable ones of virus and, by automatically communicating the results of the analysis to the editor, this one can check the accuracy and update its basis of viral definitions of it.

The method of the Bac to sand consists in emulating the operating system and carrying out the file during this simulation. Once the program ends, the software analyzes the result of the sand vat in order to detect the changes which could contain viruses. Because of the problems of performance, this type of detection usually takes place during sweeping on request. This method can fail since the viruses can prove not determinists and result from various actions or even perhaps of any action when carried out. It is impossible to detect it starting from one only execution.

The white Liste is a recent technique which, contrary to the Black list blocking codes listed in the aforementioned list, prevents the execution of all the data-processing codes except for those which were already identified like sure by the administrator of system. While following this approach of refusal per defect, the limitations inherent in the fact of having to keep the signatures of the up to date viruses are thus avoided. Moreover, the software considered to be undesirable by the administrator of the system is prevented of execution since they are not on the white list. Since the organization of the modern companies has great quantities of sedentary software, the limitations connected to the adoption of such a technique remain connected to the ability of the administrator to inventory and update the aforementioned list. A valid establishment of this technique thus requires management tools of inventory and maintenance of the list.

Problems worthy of interest

the propagation of the virus using the emails as vector of infection (towards) could be inhibited in a more effective way and less expensive without installation of additional antiviruses so of the bugs in the software of email customers, which allows the execution unauthorized of the code, were corrected.
data-processing knowledge in the users can be a good complement for the antivirus software. The fact of learning with the latter how to use the computers in a sedentary way (for example, not to download on Internet and to carry out unknown programs) the propagation of the viruses would slow down and would make the software antivirus almost useless.
creation and the diffusion constants of the viruses support the sale of antivirus. Certain people think that the editors of antivirus make deal with creators of virus in order to support their market.
Certains antivirus can reduce in a considerable way the performance of the computers, in particular when they reside in memory (analyzes in real-time). The users can decontaminate antivirus protection to overcome the loss of performance, but that increases the risk of infection. For a maximum of protection, the anti-virus software must be activated in any time, in spite of the reduction of the performances of the system.
It is strongly disadvised having several antiviruses installed on the same computer, because that could damage it, in particular if they reside in memory. This warning statement is not always mentioned in the handbooks.
It is sometimes necessary to temporarily decontaminate protection against the viruses when one installs important updates such as Windows Service Packs or those of the pilots of peripheral of Graphics cards. If antivirus protection functions at the same time, that can prevent the update.
During the acquisition of an anti-virus software, a clause of automatically renewed subscription can be envisaged, so that the Credit card of the purchaser is automatically output. For example, McAfee requires that a customer stop subscribing himself at least 60 days before the end of the subscription. However, McAfee provides neither phone line, nor another means in order to stop subscribing itself directly since their Internet site. In this case, the recourse of the subscriber is to dispute the expenses with the transmitting company of credit card.
the antiviruses are often responsible for many data-processing problems. Some even say that they cause more wrong than of good to the user with the final one. Nevertheless, a user beginner cannot do some without running great risks.
It is often necessary to configure manually certain software (decompression of files, Gestionnaire of remote loading, Peer-to-peer, etc) so that they call upon the antivirus.

History

Several companies assert the title of creator of the first anti-virus software. The first public advertisement of a neutralization of a virus for PC was made by European Bernt Fix (or Bernd) with the beginning of the year 1987, on the Vienna virus. Following this virus, several other viruses made surface such as for example Ping Pong, Lehigh and Surviv-3, so known under the name of Jerusalem. Since 1988, several companies having for objective to look further into research in the field of the antivirus software gathered. The first openings as regards antivirus took place in March 1988 with the exit of Den Zuk, creates by the Indonésien Denny Yanuar Ramdhani. Den Zuk could neutralize the Brain virus. In April 1988, the forum Virus-L was creates on Usenet, and the middle of the year 1988 saw the design of an apparatus of research able to detect the viruses and Trojans which were known of the public. In autumn 1988 is appeared the anti-virus software Dr. Solomon' S Anti-Virus Toolkit conceived by Briton Alan Solomon. At the end of the month of December 1990, the market came from there at the point to offer to the consumer 19 various products connected to the antiviruses, among those, Norton Antivirus and VirusScan de McAfee. Peter Tippett took part much in the emergent field of the detection of computer viruses. He was urgentologist of profession and also had his company of software. He read an article in connection with the Lehigh virus, which was the first with being developed, but it is in fact on Lehigh itself that Tippett got information the most. He raised the question if there were similar characteristics between these viruses and those which attack the human ones. From an epidemic point of view, it was able to determine how these viruses assigned the processors to same the computer (the sector of starting was aimed by the virus Brain, the .com files by the Lehigh virus, while the Jerusalem virus attacked at the same time the .com files and .exe). The company of Tippett, International Certus Corp. was thus implied in the creation of antivirus software. It sold the company in 1992 with Symantec Corp. and Tippett joined them, by establishing the software conceived in the name of Symantec, AntiVirus Norton.

See too

List of the antivirus software
File of test Eicar
Computer virus
European Institute for Antivirus Computer Research
Information system security

External bonds

Random links: