Similar presentations:
Antiviruses. Antivirus program or Antivirus
1. ANTIVIRUSES
2. Antivirus program or Antivirus.
A specialized program fordetecting computer viruses,
as well as unwanted programs
considered harmful in general
and restoring files infected
(modified) by such programs,
as well as for preventing
infection (modification) of files
or an operating system with
malicious code.
3.
Many modernantiviruses also allow
you to detect and
remove Trojans and
other malicious
programs. And on the
contrary, programs
that were created as
firewalls also acquire
functions that make
them similar to
antiviruses, which
over time can lead to
an even more obvious
extension of the
meaning of the term
to protection tools in
general.
4.
The first, simplest antivirusprograms appeared almost
immediately after the
appearance of viruses. Now
large companies are
developing antiviruses. Like
the creators of viruses,
original techniques have
also been developed in this
area, but this time for
searching and fighting
viruses. Modern antivirus
programs can detect tens
of thousands of viruses.
Antivirus software consists
of computer programs that
attempt to detect, prevent
and remove computer
viruses and other malicious
programs.
5. Virus detection methods.
A method of operation of antiviruses and intrusion detection systems in which the program, whenviewing a file or package, accesses a dictionary of known attacks compiled by the authors of the
program. If any part of the code of the program being viewed matches a known virus code (signature) in
the dictionary, the antivirus program can take one of the following actions:
Delete the infected file.
Send the file to “quarantine” (that is, make it unavailable for execution, in order to prevent further spread
of the virus).
Try to restore the file by removing the virus itself from the file body.
To achieve sufficiently long-term success, when using this method, it is necessary to periodically update
the dictionary of known viruses with new definitions (mainly in online mode).
Having a sense of civic duty and technically sophisticated users, having discovered a new virus “alive”,
can send the infected file to the developers of anti-virus programs, who will then include the new virus in
the dictionary.
Antivirus programs, based on a method of matching the definition of a virus in the dictionary, typically
scan files when a computer system creates, opens, closes, or sends files via email. This way, viruses can
be detected immediately after they are introduced into your computer and before they can cause any
harm. It should be noted that the system administrator can create a schedule for the antivirus program,
according to which all files on the hard drive can be viewed (scanned).
Although antivirus programs created by matching the dictionary definition of a virus can, under normal
circumstances, be quite effective in preventing outbreaks of computer infections, virus authors try to stay
half a step ahead of such antivirus programs by creating "oligomorphic", "polymorphic" and, most
recently, , “metamorphic” viruses in which certain parts of the code are rewritten, modified, encrypted or
distorted so that it is impossible to detect a match with the definition in a virus dictionary.
6. Detection method using emulation.
Some antivirus programstry to simulate the start of
execution of the code of
each new program called
for execution before
transferring control to it.
If a program uses selfmodifying code or
manifests itself as a virus
(that is, it immediately
starts looking for other
exe files, for example),
such a program will be
considered malicious,
capable of infecting other
files. However, this
method is also replete
with a large number of
false warnings.
7. White List method.
A common anti-malware technology is whitelisting.Instead of looking only for known malware, this
technology prevents the execution of all computer
codes except those that have been previously
designated as safe by the system administrator. By
selecting this default opt-out option, you can avoid the
limitations inherent in virus signature updates. In
addition, those applications on the computer that the
system administrator does not want to install are not
executed, since they are not on the white list. Because
today's enterprises have many trusted applications, the
responsibility for limiting the use of this technology
rests with system administrators and their whitelists of
trusted applications. The work of anti-virus programs
with this technology includes tools for automating the
list and operation of actions with the “white list”.
8. Classification of antiviruses.
Kaspersky, Evgeniy Valentinovich, usedthe following classification of antiviruses
depending on their operating principle
(determining functionality):
Scanners (obsolete version of
“polyphages”). Their effectiveness is
determined by the relevance of the virus
database and the presence of a heuristic
analyzer.
Auditors remember the state of the file
system, which makes it possible to analyze
changes in the future. (Class close to IDS).
Watchmen (monitors) Monitor potentially
dangerous operations, issuing an
appropriate request to the user to
allow/prohibit the operation.
Vaccines Change the file being vaccinated
so that the virus against which the vaccine
is being given already considers the file to
be infected. In modern (2007) conditions,
when the number of possible viruses is
measured in tens of thousands, this
approach is not applicable.
9. Antiviruses for SIM, flash cards and USB devices.
Mobile phones produced today have a wide rangeof interfaces and data transfer capabilities.
Consumers should carefully review protection
methods before connecting any small devices.
Protection methods such as hardware, possibly
antiviruses on USB devices or on SIM, are
more suitable for mobile phone consumers.
The technical assessment and review of how
to install an antivirus program on a cellular
mobile phone should be considered as a
scanning process that may affect other
legitimate applications on that phone.
Antivirus programs on SIM with antivirus built
into a small memory area provide antimalware/virus protection, protecting PIM and
phone user information. Antiviruses on flash
cards give the user the ability to exchange
information and use these products with
various hardware devices.
10. Antiviruses, mobile devices and innovative solutions.
No one will be surprised whenviruses that infect personal
and laptop computers make
their way to mobile devices.
More and more developers in
this area are offering antivirus
programs to combat viruses
and protect mobile phones.
Mobile devices have the
following types of virus
protection:CPU
limitationsmemory
limitidentifying and updating
the signatures of these mobile
devices