Many recent email viruses have been both Trojan Houses and Worms!
‘All anti-virus programs have one thing in common, which is, that they all look for patterns in the files or memory of your computer that indicate the possible presence of a known virus. Antivirus packages know what to look for through the use of virus profiles (sometimes called "signatures") provided by the vendor’, which are normally downloadable from the internet to make sure that the most up to date profiles get to computers quickly before new viruses have time to attack or do serious damage. (Source: Home Security FAQ. http://www.gale-internet.co.uk)
New viruses are been discovered daily and so the effectiveness of anti-virus software is dependent on having the latest virus profiles installed on your computer so that it can look for recently discovered viruses.
Anti-virus Software uses one of four main methods for detecting viruses on a computer system- Scanning, Integrity Checking, Heuristic Virus Checking and Interception. Of these, scanning and interception are very common; with the other two used less frequently but each one of these have both advantages and disadvantages!
‘A scanner will search all files in the memory, in the boot sector and on disk for ‘code snippets’ that will uniquely identify a file as a virus. This requires a list of unique signatures that will be found in viruses and not in ordinary programs’. (Source: www-cse.stanford.edu). There are two types of scanning: on-access and on-demand; On-access scanning scans files when they are loaded into memory prior to execution. On-demand scanning scans all of main memory, the boot sector, and disk memory as well, and is started by a user when they wish.
Advantages: Scanners can find viruses that have not executed yet - this is critical for e-mail worms, which can spread themselves rapidly if not stopped.
Disadvantages: There are two major disadvantages to scanning-based techniques. First, if the software is using a signature string to detect the virus, all a virus writer would have to do is modify the signature string to develop a new virus. The second, and far greater disadvantage is the limitation that a scanner can only scan for something it has the signature of and so viruses unknown to the anti virus program will not be detected.
- Integrity Checking
An integrity checker records integrity information about important files on disk. Should a file change due to virus activity or corruption, the file will no longer match the recorded integrity information. The user will usually be given an option to restore the file to its pre-corrupted/infected state.
Advantages: Integrity checking is the only way to determine whether a virus has damaged a file, and it is overall foolproof. Most integrity checkers today also have the benefit of detecting other damage to data, such as corruption, and can restore that as well.
Disadvantages: The major problem with integrity checking is that not enough companies offer comprehensive integrity checking software. Most anti-virus suites that do offer it do not protect enough files, and those that they do may not be damaged at all with newer viruses. Simpler integrity checkers will not be able to differentiate between damage done via corruption and damage done by a virus, therefore giving the user unclear information as to what is going on.
- Heuristic Virus Checking
This is a generic method of virus detection. Anti-virus software makers develop a set of rules to distinguish viruses from non-viruses. Should a program or code segment follow these rules set out for non-viruses, then it is marked as a virus and dealt with accordingly. This allows detection of any virus, and theoretically, should be sufficient to deal with any new virus attacks.
Advantages: Generic virus protection would make all other virus scanners obsolete and would be sufficient to stop any virus. The user does not need to download weekly virus updates anymore, because the software can detect all viruses.
Disadvantages: Although these are huge benefits to heuristic virus checking, the technology at the present time is not sufficient. Virus writers can easily write viruses that do not obey the rules, making the current set of virus detection rules obsolete. Changes to these rules must be downloaded, and therefore these virus checkers must be updated and will not stop many new viruses, which gives them similar characteristics to scanners.
Interception software detects virus-like behavior and warns the user about it.
Advantages: Interception is a good generic method to stop logic bombs and Trojan horses. When not detected by scanners, interception software will usually detect the destructive and unusual sequences of events caused by logic bombs and Trojan horses.
Disadvantages: Unfortunately, interceptors are not very good at detecting anything else. Interceptors also have all the drawbacks of heuristic systems - difficulty differentiating virus from non-virus, and easy to program around. In addition, most interceptors are very easy to disable, and so many viruses frequently disable them before launching. Due to the nature of an interceptor, this software is unable to detect viruses before they launch, and a lot of damage could already have been done.
Therefore, anti-virus protection software is used to find and isolate before removing the different types of viruses that could infect a person’s computer before that virus has time to reproduce and spread or cause any damage. All anti-virus programs work in one of four ways, all of which have advantages to there use and disadvantages to their use, but one of these versions is essential to ensure that viruses can not seriously effect a computer system or computer network in a business.
It is necessary for businesses and individuals to have anti-virus protection so that they can detect if they have a virus on their systems and then remove it before it can cause any damage to files or the programs that operate that computer system or network.
http://www.briarsmead.co.uk [ONLINE]. 14.11.03. Computer Viruses.
http://www.cse-stanford.edu/classes/cs201/projects-00-01/viruses/antivirus.html [ONLINE]. 15.11.03. How Anti-Virus Software Works.
http://www.egrindstone.co.uk/virusguide.htm [ONLINE]. 14.11.03. Beginners Guide to Computer Viruses.
http://www.gale-internet.co.uk/faq.htm#IV-A-2 [ONLINE]. 14.11.03. Home Security FAQ.
http://www.ghweb.org.uk/texts/lovebug.htm [ONLINE]. 14.11.03. Love Bug Virus Special Release- Graham Haynes.
http://www.pipex.net/support/antivirus/virus-faq.shtml [ONLINE]. 14.11.03. Viruses FAQ, Pipex Internet Ltd.
Total Word Count: 1,599 words.
Page of 6