Software Virus Protection.

NICHOLAS DOBSON
BA BUSINESS MANAGEMENT

Software Virus Protection

Introduction

There are many versions of Software Virus Protection on the market including MacAfee, Symantec and Norton, used by both individuals and businesses to protect their computer systems and all the information held on them, against attacks by viruses.

In order to know how an anti-virus program works it is important to firstly know what a virus is and what effect it can have! Then it is important to know what types of anti-virus programs there are on the market, how these work, and what the advantages and disadvantages there are to each of these.

What is a Virus?

A virus is a small self-contained computer program or file designed with malicious intent, to run while the user is unaware and infect hard drives and floppy disks, before often copying itself usually to spread to other computers. Viruses can be spread over the internet, through emails or they can be embedded in files on floppy disks and CD ROMs, which can then be transmitted to the user’s computer system and then onto a network of computers.

There are several different types of viruses:

Email Viruses– “These are transported via email messages, and usually replicate by automatically sending themselves to all email addresses in the recipients address book”. ‘They don’t usually cause physical damage to files on the recipients hard drive, but work by ‘clogging up’ and then overloading mail servers and networks through sheer force of numbers. This virus will usually be in the form of an email attachment and the attachment usually has to be opened before the virus can work, but some viruses will automatically start replicating and sending itself to the names in the recipients address book’. (Source: Beginners Guide To Computer Viruses. http://www.Egringstone.co.uk)
Worms- “A worm is a small computer program that has the ability to copy itself from machine to machine, by exploiting security holes in computer networks. Whenever the worm detects an unprotected machine, it copies itself to that machine and the process starts again. The worm can replicate itself very quickly. Like email viruses, their main aim is to ‘clog up’ and overload networks, but they do sometimes do physical damage to computers”. (Source: Beginners Guide To Computer Viruses. http://www.Egringstone.co.uk)
True Viruses- These viruses “bear the closest resemblance to their biological namesakes”. They have two main purposes. Purpose one been “they want to proliferate around the internet”. ‘This is most commonly achieved by the virus sending itself to everyone in a recipients address book’ similar to the email virus. ‘Its second purpose is, similarly to other viruses, it wants the user to know that their system is infected, so it starts to change files on their computer. This can result in a whole range of outcomes from minor repairable damage to complete system failure’. (Source: Computer Viruses. http://www.briarsmead.co.uk)
Trojans or Trogan Horse Viruses- These viruses are programs that are pretending to be useful but are “designed to reside on a host computer unseen, creating a security breach, which another virus can then exploit”. (Source: Computer Viruses. http://www.briarsmead.co.uk)
Boot Viruses- These “alter the code needed to start a floppy or hard drive”. (Source: Email Viruses Explained. Graham Haynes.http://www.ghweb.org.uk)
Prelauncher Viruses- These viruses “rename original files and replace them with own code. When the program is launched, the virus takes control, does its business in the background and then passes control back to the original file. (Source: Email Viruses Explained. Graham Haynes. http://www.ghweb.org.uk)
Link Viruses- These viruses “attach themselves to other files and duplicate across whole networks this way”. (Source: Email Viruses Explained. Graham Haynes. http://www.ghweb.org.uk)
Logic Bombs- These will trigger an often destructive, sequence given an event, such as the date being set to a certain date.

Many recent email viruses have been both Trojan Houses and Worms!

Anti-virus Software

‘All anti-virus programs have one thing in common, which is, that they all look for patterns in the files or memory of your computer that indicate the possible presence of a known virus. Antivirus packages know what to look for through the use of virus profiles (sometimes called "signatures") provided by the vendor’, which are normally downloadable from the internet to make sure that the most up to date profiles get to computers quickly before new viruses have time to attack or do serious damage. ...

This is a preview of the whole essay

Many recent email viruses have been both Trojan Houses and Worms!

Anti-virus Software

New viruses are been discovered daily and so the effectiveness of anti-virus software is dependent on having the latest virus profiles installed on your computer so that it can look for recently discovered viruses.

Anti-virus Software uses one of four main methods for detecting viruses on a computer system- Scanning, Integrity Checking, Heuristic Virus Checking and Interception. Of these, scanning and interception are very common; with the other two used less frequently but each one of these have both advantages and disadvantages!

Scanning

‘A scanner will search all files in the memory, in the boot sector and on disk for ‘code snippets’ that will uniquely identify a file as a virus. This requires a list of unique signatures that will be found in viruses and not in ordinary programs’. (Source: www-cse.stanford.edu). There are two types of scanning: on-access and on-demand; On-access scanning scans files when they are loaded into memory prior to execution. On-demand scanning scans all of main memory, the boot sector, and disk memory as well, and is started by a user when they wish.

Advantages: Scanners can find viruses that have not executed yet - this is critical for e-mail worms, which can spread themselves rapidly if not stopped.

Disadvantages: There are two major disadvantages to scanning-based techniques. First, if the software is using a signature string to detect the virus, all a virus writer would have to do is modify the signature string to develop a new virus. The second, and far greater disadvantage is the limitation that a scanner can only scan for something it has the signature of and so viruses unknown to the anti virus program will not be detected.

Integrity Checking

An integrity checker records integrity information about important files on disk. Should a file change due to virus activity or corruption, the file will no longer match the recorded integrity information. The user will usually be given an option to restore the file to its pre-corrupted/infected state.

Advantages: Integrity checking is the only way to determine whether a virus has damaged a file, and it is overall foolproof. Most integrity checkers today also have the benefit of detecting other damage to data, such as corruption, and can restore that as well.

Disadvantages: The major problem with integrity checking is that not enough companies offer comprehensive integrity checking software. Most anti-virus suites that do offer it do not protect enough files, and those that they do may not be damaged at all with newer viruses. Simpler integrity checkers will not be able to differentiate between damage done via corruption and damage done by a virus, therefore giving the user unclear information as to what is going on.

Heuristic Virus Checking

This is a generic method of virus detection. Anti-virus software makers develop a set of rules to distinguish viruses from non-viruses. Should a program or code segment follow these rules set out for non-viruses, then it is marked as a virus and dealt with accordingly. This allows detection of any virus, and theoretically, should be sufficient to deal with any new virus attacks.

Advantages: Generic virus protection would make all other virus scanners obsolete and would be sufficient to stop any virus. The user does not need to download weekly virus updates anymore, because the software can detect all viruses.

Disadvantages: Although these are huge benefits to heuristic virus checking, the technology at the present time is not sufficient. Virus writers can easily write viruses that do not obey the rules, making the current set of virus detection rules obsolete. Changes to these rules must be downloaded, and therefore these virus checkers must be updated and will not stop many new viruses, which gives them similar characteristics to scanners.

Interception

Interception software detects virus-like behavior and warns the user about it.

Advantages: Interception is a good generic method to stop logic bombs and Trojan horses. When not detected by scanners, interception software will usually detect the destructive and unusual sequences of events caused by logic bombs and Trojan horses.

Disadvantages: Unfortunately, interceptors are not very good at detecting anything else. Interceptors also have all the drawbacks of heuristic systems - difficulty differentiating virus from non-virus, and easy to program around. In addition, most interceptors are very easy to disable, and so many viruses frequently disable them before launching. Due to the nature of an interceptor, this software is unable to detect viruses before they launch, and a lot of damage could already have been done.

Conclusion

Therefore, anti-virus protection software is used to find and isolate before removing the different types of viruses that could infect a person’s computer before that virus has time to reproduce and spread or cause any damage. All anti-virus programs work in one of four ways, all of which have advantages to there use and disadvantages to their use, but one of these versions is essential to ensure that viruses can not seriously effect a computer system or computer network in a business.

It is necessary for businesses and individuals to have anti-virus protection so that they can detect if they have a virus on their systems and then remove it before it can cause any damage to files or the programs that operate that computer system or network.

REFERENCES

http://www.briarsmead.co.uk [ONLINE]. 14.11.03. Computer Viruses.

http://www.cse-stanford.edu/classes/cs201/projects-00-01/viruses/antivirus.html [ONLINE]. 15.11.03. How Anti-Virus Software Works.

http://www.egrindstone.co.uk/virusguide.htm [ONLINE]. 14.11.03. Beginners Guide to Computer Viruses.

http://www.gale-internet.co.uk/faq.htm#IV-A-2 [ONLINE]. 14.11.03. Home Security FAQ.

http://www.ghweb.org.uk/texts/lovebug.htm [ONLINE]. 14.11.03. Love Bug Virus Special Release- Graham Haynes.

http://www.pipex.net/support/antivirus/virus-faq.shtml [ONLINE]. 14.11.03. Viruses FAQ, Pipex Internet Ltd.

Total Word Count: 1,599 words.

Page of 6

Software Virus Protection.

This is a preview of the whole essay

Document Details

Related Essays

Computer Protection and Maintainance Report

Computer Maintainance - anti-virus, cookie deletion, drive scanning

Explain the purpose of different software utilities

Software Configuration