classic anti virus detection method Essay


The authoritative anti virus sensing method usually waits on computing machines to be infected before they foremost detect the virus, come up with a solution and so present this to its clients. This method is instead boring since any user has a possibility of acquiring an undetected virus ; because of this computing machine users usually invest in acquiring anti virus package to rectify the virus job. Unfortunately, the typical anti virus package tends non to be plenty to assist with the job of computing machines being infected.

This research paper examines an alternate solution to assist with the bar of viruses that anti virus package companies would be able to accommodate in the close hereafter.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now
  1. Introduction

The traditional anti virus package have been unable to rectify the increased virus job. As a consequence the taking antivirus package companies have continued to upgrade and modify their merchandise lines to seek and remain up-to-date with the virus development. Ever since computing machine viruses have been foremost created, they have evolved to what they are today.

Godheads of these newer viruses have become more educated and now viruses tend to be more hard to observe and take. In the early 90 ‘s a survey found that approximately 1,000 to 2,300 viruses existed so in the late 90 ‘s this figure increased to about 60,000 know viruses.Soon there exists over 100,000 know viruses and numeration, at least one new infected web page is discovered every five seconds, and over 90 per centum of these pages are on sure web sites that have been via media. Computers that are connected to the cyberspace can see up to two onslaughts every minute without proper anti virus package. New signifiers of antivirus package are being developed in an effort to rectify the virus job. These newer engineering of protection package includes heuristic analysis and the behavior analysis. These merchandises check incoming paperss for unusual forms that may stand for a virus.

Unfortunately, every few yearss, new failings are detected and are usually fixed by the package sellers who provide spots and updates for the system. The ruin to all this is the clip it takes for a virus to be detected before it can be corrected, during this vulnerable period a batch of information can be tampered with and stolen, therefore the demand for a better preventive alternate solution.

    1. Overview

Within this paper you will happen a brief debut on the subject in subdivision 1 on the current issue at manus in the anti virus industry.

In subdivision 2 this gives a background on the viruses and anti viruses, this would be the Literature Review. In subdivision 3 this is where my findings will be presented followed by subdivision 4 and 5 the recommendations and Conclusion. And eventually in subdivision 6 the mentions are listed.

2. Background

About Computer virusesA computing machine virus is a computing machine plan that can copy itself and infect other computing machines without the permission or cognition of the proprietor ( Wikipedia, 2009 ) .

They are created by people with many different purposes may it be for intentionally intents or for maliciously behaviors, viruses are all made to seek and harm the computing machine systems. Some people create viruses merely for boasting rights, to see how far and how fast a virus can be spread across the universe, some for fiscal grounds and others to seek retaliation.The first known personal computer virus to make the general populace was a plan called “ Elk Cloner ” .

This plan was created by Rich Skrenta, a high school pupil in 1982. The virus attached itself to the operating system and through the usage of a floppy disc was so able to be spread to other computing machines. Skrenta original purpose was a gag.

He entered the virus into a game in which the virus was set off after the user usage it on the fiftieth clip. Once triggered, the computing machine would go septic and a clean screen would look exposing a verse form about the virus.By 1989, a new virus appeared every hebdomad. By 1990, the rate rose to one time every two yearss.

As personal computing machines and webs grow, so did new viruses. New viruses are discovered every individual twenty-four hours, more clip and attempt must be spent on making anti viruses. A computing machine virus can do the loss or change of files, and can do confidentiality issues. It can be spread from plan to plan, papers to document and from computing machine system to computing machine system, without direct human intercession.Today, the chief constituent of a virus is a series of instructions when executed can distribute itself to other, antecedently unaffected files. A typical computing machine virus transcript itself into antecedently clean files. Other viruses merely put to death the instructions the virus Godhead plan it to make may it be exposing messages to the screen, wipe outing files or changing a file. Sometimes a virus may incorporate no harmful instructions but alternatively, it may do harm by retroflexing itself and taking up system resources.

Computer viruses started by distributing from floppy discs so to web computing machine, but soon the greatest menaces are being received through the cyberspace. The current cyberspace menaces are more unsafe than any old computing machine virus menace seen in the yesteryear

Types of computing machine viruses

To avoid being detected the virus Godhead deployed a few techniques to avoid being detected, some of the more popular techniques will be discussed.Overwriting Virus: This type of virus is one of the easiest viruses it overwrites files with their ain transcript. The septic file can non be disinfected from a system and it would hold to be deleted from the disc.

Appending Virus: In this technique, a leap direction is inserted at the forepart of the host ‘s file to indicate to the terminal of the original host ‘s file. Then, the chief entry point will be replaced with a new entry point at the start of the virus codification. Here is where the Godhead of the virus would be able to add to the file.Compressing Virus: This technique is used to conceal the host plan ‘s size so increasing it after the infection by packing the file sufficiently with a binary wadding algorithm.Boot Sectors Virus: this virus takes advantage of the boot sector. A boot sector virus modifies the boot sector of a computing machine.

Every disc of a computing machine consists of a boot sector that controls how a computing machine operates when it is get downing. A boot sector virus may be loaded into memory on get downing and may infect other applications, discs or merely make hapless system public presentation. And since the boot sector viruses are hard to observe it can distribute quickly.Macro Virus: This technique attaches itself to word and spreadsheet processor paperss and causes a sequence of actions to be performed automatically when the application is accessed. These viruses are usually dispersed via the cyberspace utilizing email fond regards.

Anti viruses as protection

To supply protection against known viruses, plans have been created to repair computing machines from most viruses. Because of the rapid growing of viruses since 1990, an increasing demand for anti viruses has emerged.

For an anti virus package to observe and extinguish possible viruses this can be done in two chief ways, the scanning and the behavior ways. For scanning, files are scanned from your computing machine and files are so looked at for virus definitions that match a virus lexicon. If a matching virus is found, the package would alarm the user about the virus found. With the behaviour method the file is monitored for any leery virus behaviour. When these behaviours are detected, the antivirus package would subsequently acquire rid of the septic file.3. FindingssProblem at manusAs computing machine virus writers become more knowing of viruses, more and more complicated, malicious and undetectable codification are besides being created. This keeps computing machine users alert to ever be up dated by maintaining their web, waiters and computing machines safe from present menaces and new menaces.

Cohen ( 1987 ) showed that it is theoretically impossible to develop an algorithm that can distinguish between viruses and non viruses based on scrutiny. His ground being that every bit long as there exists an algorithm that can make this, so the virus Godheads can utilize that same algorithm to analyze itself and so pull strings the algorithm.At one point, most anti virus package detected viruses by scanning through the content of files for a accepted form of informations called a signature that resembles viruses. This traditional solution would now be considered disused.

In 2008 entirely harmonizing to the Symantec terminal of twelvemonth study about 1.8 million new virus definitions was created and that the signature attack would non hold been able to maintain up with the figure of menaces being created by on-line virus Godheads.Today, the scanning method is still in used but along with other methods to assist with the sensing. This scanning method, nevertheless, still allows the computing machine virus authors to come up with assorted methods to still make viruses by altering their plan and doing it harder for the scanners to observe and subsequently infect users. The diminution in holding efficient virus defence is earnestly impacting computing machine users. The period it takes between the clip a virus onslaughts to when a signature is made available can ensue in informations being stolen, informations being deleted and even tampered with, this can besides do major financially issues since companies can be sued for issues like this. To rectify this job, more attempt is needed in coming up with an alternate solution to the jobSoon, the virus purposes have become selfish, and more and more viruses are being used for personal additions to acquire money through condemnable activities.

Political candidacy and even famous person societal groups have besides turned to computing machine viruses to acquire what they want, to undermine others. Organizations besides try to undermine each other by extinguishing the competition. So because of these and many other grounds an alternate solution to the methods used in the anti virus package is needed to halt viruses in its path before it causes serious harm.

Anti Virus package

An anti virus package is used to forestall, observe, and take malware, including computing machine viruses, worms and Trojan Equus caballuss. These plans are known to besides forestall and take adware and spyware. Anti virus plans does non usually reconstructing informations. Some methods repair files by canceling the full virus codification from the file, thn restore the file to its original province.

However, for viruses that harm system the anti virus plan is incapable of mending all the harm. The lone infallible method of reconstructing harm done by a virus is to clean all septic files and reconstruct everything else from last backups day of the month.To assist the computing machine industry from neglecting the Anti virus Godheads came up with a few methods to observe the computing machine viruses. Some package uses one attack such as the signature based sensing, where the virus must be known of before a signature is developed for any detected virus while the others use the multiple methods attacks to seek and rectify the job before it really starts.

For the package to observe these advanced viruses it is recommended to hold more than one attack for protection. The methods these companies should put and research further into should be a combination of the Reputation-based analysis, the Heuristic Detection Method and the Behaviorist analysis.

Behaviorist Analysis

The Behaviorist analysis method does non try to place known viruses, but it monitors the behaviour of all plans called by the operating system. With this, anti virus package would hold an advantage over the virus Godheads since a general form is now available for observing some viruses. With this method, when a plan tries to compose informations to an feasible plan, the anti virus package would flag this leery behaviour and alarm a user about it and so inquire them what to make with the file it suspects.

Heuristic Detection

The Heuristic sensing method is based on unreal intelligence techniques ; it is an expert based analysis that determines the exposures of a system towards peculiar menaces utilizing assorted determinations. As it is being used it allows the plan to really observe which messages contain a virus and which does non. Anti virus package shapers develop a set of regulations to separate viruses from non-viruses. Should a plan imitate these regulations, so it is marked a virus and dealt with consequently.

By making this we are able to observe viruses that have non been detected as yet by the traditional scanners and as a consequence we would be able to forestall viruses from interfering with informations. And a greater asset to this method is that no hebdomadal virus updates would be necessary to download. A drawback to this method is that non virus files can acquire tagged as a virus and so be treated like a virus, this major drawback is called false positive.

Reputation-Base Analysis

The reputation-based analysis is traveling to be a really helpful method of protecting from viruses. It would fundamentally be able to find what ‘s go oning on one computing machine and how other computing machines are managing it. This is community based significance that it would necessitate users feedback to garner information on the files. This method is non wholly new to the computing machine universe ; it is used in attacks to book, music and downpour files. It alerts the users about the file before they really download it.

Some companies even allow users to go forth their remarks about the file for other users to entree t his information. Norton, now recognizing its possible had late copied this method and have since been seeking to better on its bugs and to include other method within the package to do it a better one, it is soon still in the research country.With this Reputation-Based analysis users are able to supervise the file that they entree by look intoing to see if the file is safe, insecure or on the boundary line before accessing it. This is done by utilizing an algorithm to divide the whilelist file and the black list files. This method gets its information from a pool of information sent anonymously by past users who accessed the file, without holding to inquire the user to input this information. By merely supervising the files from the pool of information the package companies would be able to cipher a repute safety mark for each application. Not merely that but information such as when the file was made available to users and how many other users have accessed it already would assist users in finding if it is a good file or non.

Present Early Detection combination

Anti virus package that use the Heuristic and the Behaviorist method as their chief combination, use the heuristic method to first expression for leery activities so end the file based on the behaviourist analysis.

With this combination the chief purpose would be to find the ground the file exists on the computing machine and to find its purposes on the computing machine. For efficiency with this combination, the behaviourist method should ever be running so that the behaviour of the files can ever be closely monitored. This combination along with other method such as the signature-based analysis is known for early virus sensing before its really a menace.

Unfortunately, a drawback to this combination sometimes causes a good file to stop up being classified as a virus. When this occurs it causes a false positive to happen. With multiple false positives, computing machine users tend to get down to disregard the mistake messages and so lose assurance in its dependability and subsequently do their files to go septic.

The Alternative Solution

The best manner to forestall viruses is to utilize and develop anti virus package with at least the combination of the Reputation-based analysis, the Heuristic Detection Method and the Behaviorist analysis.

With a combination of all three methods this would assist cut down the figure of false positives. The Reputation-base Analysis occupation is to garnering repute from the files from the community, so users are able to find if they want to snap the file or non from the information provided before really snaping on the file. The heuristic and the behaviourist method would now be able to execute its occupation more efficaciously since the information would be more dependable than without the reputation-base analysis. This is achieved by increasing the sensing degree on the black book files and diminishing the sensing degree on the whitelist files, by making this it reduces the false positives drastically.

4. Decision and Recommendations

Today, computing machine viruses are still being made. They infect files by modifying them to include a transcript of it.

Whenever these files are executed this is when the virus begins to distribute to other plans, files and even other computing machines. They tend to distribute rapidly and can do widespread harm. To forestall this harm computing machine users must ever be cognizant the effects of a virus and must ever be up to day of the month with the latest package.The Anti virus country is still an country in demand of despairing research attending to turn to the universe broad computing machine job of viruses. It was made clear through research that the present virus sensing and analysis methods are non plenty to forestall and observe viruses from impacting computing machines. And therefore, an effectual virus bar policy should at least unite the heuristic analysis, behaviourist analysis and the alternate solution, repute based analysis.

For the alternate method the major undertaking would be to set up a method for roll uping the world-wide information on the files on the cyberspace so sorting them in the black and white list to assist find which file is bad or good. Reputation – Based Analysis is shortly traveling to emerge as the better engineering for forestalling viruses more accurately. This method nevertheless, for it to work efficaciously, it must be complimented with the early sensing methods.

Equally shortly as the anti virus package companies decides to fall in this newest attack to utilize the files repute to forestall viruses it would assist to rectify most of the virus job.With this it would cut down on the sum of computing machines being infected by alarming users about the file before really accessing it. This nevertheless is still non a complete solution to the job at manus but a recommended solution that all anti virus package companies should accommodate.For future research, it is recommended to integrate the full anti virus industry to hold one big community based database where the repute statistics informations can be made from. By making this the bigger the database the more accurate the concluding statistic would be in forestalling viruses.

6. Mentions

  • IronPort System.2008.

    A Multi- Layered attack to forestalling viruses. Cisco System.

  • Helenius, Marko. 2002. A system to back up the Analysis of Antivirus Detection Capabilities. University of Tampere.
  • Faroklt Mamaghani.

    2002. Measuring and choosing of an Antivirus and content filtering package. St John Fisher College.

  • Hubbard, Joan, Karen Forcht.1998.

    How Companies can protect their systems. MCB UP LTD.

  • Daoud, Essam. 2008. International Journal of Open Problems for computing machine and Maths. Vol1 No2 of Computer Virus Strategies and Detection Method. Jadara University
  • Bidgoli, Hossein.

    2006. Handbook of information security, substructure and protocols. New Jersey: Wiley Publications

  • “ Antivirus Software ” ( 2009 ) . Available from: On The Issues& lt ; & lt ; hypertext transfer protocol: // & gt ; & gt ; ( accessed 10 July 2009 )
  • “ Elk Cloner ” ( 2009 ) .

    Available from: On The Issues& lt ;& gt ; ( accessed 10 July 2009 )

  • Cohen, Fred. 1984. Computer Viruses-Theory and Experiment. Oxford UK: Elseurier Advanced Technology
  • Ramzan, Zulfikar. Interview by Mills, Elinor. 6 July 2009.

    Available from Office of accessed 28 July 2009 ) .


I'm Ruth!

Would you like to get a custom essay? How about receiving a customized one?

Check it out