Antivirus or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worms, Trojan horses, spyware and adware. However, it is possible for a computer to be infected with new malware for which no signature is yet known. Signature-based detection involves searching for known patterns of data within executable code. This page discusses the software used for the prevention and removal of malware threats, rather than computer security implemented by software methods.
History
Fred Cohen, who published one of the first academic papers on computer viruses in 1984,began to develop strategies for antivirus software in 1988[9] that were picked up and continued by later antivirus software developers. The possibility of embedding executable objects inside otherwise non-executable file formats can make opening those files a risk.
Over the years it has become necessary for antivirus software to check an increasing variety of files, rather than just executables, for several reasons: Powerful macros used in word processor applications, such as Microsoft Word, presented a risk. This meant that computers could now also be at risk from infection by opening documents with hidden attached macros.Even then, a new zero-day virus could become widespread before antivirus companies released an update to protect against it.
Virus writers could use the macros to write viruses embedded within documents. Possibly the first publicly documented removal of a computer virus in the wild was performed by Bernd Fix in 1987.Later email programs, in particular Microsoft's Outlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. There were also two antivirus applications for the Atari ST platform developed in 1987. Some members of this mailing list like John McAfee or Eugene Kaspersky later founded software companies that developed and sold commercial antivirus software.
Identification methods
While common, the "infect" and "spread" abilities of a computer code, which create the "replicate" ability, are not necessarily contained in malware.The difference is between a code with the ability to "infect" and "spread" and a code with malicious purpose.
Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to adictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces
Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.
File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
Issues ConcernHeuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.
File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
Rogue security applications Main article: Rogue security software Some apparent antivirus programs are actually malware masquerading as legitimate software, such as WinFixer, MS Antivirus, and Mac Defender. Problems caused by false positives A "false positive" is when antivirus software identifies a non-malicious file as a virus.
Although methodologies may differ, some notable independent quality testing agencies include AV-Comparatives, ICSA Labs, West Coast Labs, VB100 and other members of the Anti-Malware Testing Standards Organization.New viruses Anti-virus programs are not always effective against new viruses, even those that use non-signature-based methods that should detect new viruses.
Also in May 2007, the executable file required by Pegasus Mail was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running.
Although methodologies may differ, some notable independent quality testing agencies include AV-Comparatives, ICSA Labs, West Coast Labs, VB100 and other members of the Anti-Malware Testing Standards Organization.New viruses Anti-virus programs are not always effective against new viruses, even those that use non-signature-based methods that should detect new viruses.
Also in May 2007, the executable file required by Pegasus Mail was falsely detected by Norton AntiVirus as being a Trojan and it was automatically removed, preventing Pegasus Mail from running.
When Microsoft Windows becomes damaged by faulty anti-virus products, fixing the damage to Microsoft Windows incurs technical support costs and businesses can be forced to close whilst remedial action is undertaken.System and interoperability related issues Running multiple antivirus programs concurrently can degrade performance and create conflicts.
Issues of concern Unexpected renewal costs Some commercial antivirus software end-user license agreements include a clause that the subscription will be automatically renewed, and the purchaser's credit card automatically billed, at the renewal time without explicit approval.
Damaged files Files which have been damaged by computer viruses are normally damaged beyond recovery.In such circumstances, damaged files can only be restored from existing backups; installed software that is damaged requires re-installation.
It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.In May 2007, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot." In April 2010, McAfee VirusScan detected svchost.exe, a normal Windows binary, as a virus on machines running Windows XP with Service Pack 3, causing a reboot loop and loss of all network access.
Damaged files Files which have been damaged by computer viruses are normally damaged beyond recovery.In such circumstances, damaged files can only be restored from existing backups; installed software that is damaged requires re-installation.
It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.In May 2007, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot." In April 2010, McAfee VirusScan detected svchost.exe, a normal Windows binary, as a virus on machines running Windows XP with Service Pack 3, causing a reboot loop and loss of all network access.
If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates. Subscribe Now!
1 comments:
I have read your blog it is very helpful for me. I want to say thanks to you. I have bookmark your site for future updates.
social bookmarking service
Have any question? Feel Free To Post Below: