Abhinav Arora (08) 1714110101

PRACTICAL ASSIGNMENT NO. 8

Aim: Study of how Antivirus works according to offline and online mode.
Theory:
Antivirus is a kind of software used to prevent, scan, detect and delete viruses from a
computer. Once installed, most antivirus software runs automatically in the background
to provide real-time protection against virus attacks.
Comprehensive virus protection programs help protect your files and hardware from
malware such as worms, Trojan horses and spyware, and may also offer additional
protection such as customizable firewalls and website blocking.Traditional detection-
based antivirus products have had a strong hold on the security market for years.
However, recently, due to an exponential rise in cybercrime and malware, these
traditional antiviruses have been rendered ineffective against many emerging threats.
Today, hackers are better equipped than many cybersecurity companies, with their own
quality analysis labs and penetration tools to verify if their new malware samples are
being detected with bootleg multi-engine scanning sites. If identified, hackers modify
the code and perform the same test until the malware goes undetected.
As the saying goes, "Necessity is the Mother of Invention." The need to stay safe online
prompted the evolution of some antivirus solutions, which can prevent the execution of
malicious code.

Antivirus software, sometimes known as anti-malware software, is designed to detect,

prevent and take action to disarm or remove malicious software from your computer
such as viruses, worms and Trojan horses. It may also prevent or remove unwanted
spyware and adware in addition to other types of malicious programs. The first versions
of antivirus software can be traced as far back as the 1980s.
Antivirus software will begin by checking your computer programs and comparing them
to known types of malware. It will also scan your computer for behaviours that may
signal the presence of a new, unknown malware. Typically, antivirus software uses all
three scanning detection processes:

1. Specific Detection: This works by looking for known malware by a specific set of
characteristics.

2. Generic Detection: This process looks for malware that are variants of known
“families,” or malware related by a common codebase.
Abhinav Arora (08) 1714110101

3. Heuristic Detection: This process scans for previously unknown viruses by looking
for known suspicious behaviour or file structures.
Each antivirus functions differently based on the set of features they are developed with.
Ideally, the following characters and features are essential to help the users stay ahead
of threats.

1. Signature-based detection - This is most basic in any traditional antivirus

programming that checks each .EXE document and approves it with the known
infections of the database and different sorts of malware. Or, on the other hand, it
checks if the obscure executable document malfunctions, which denotes signs of
infections.
Documents, programs and applications are generally scanned for viruses when they
are being used. Once an executable program is downloaded, it is instantly scanned to
check if it is infected with a malware. Antivirus programming can likewise be utilized
without on-access scanning techniques. However, it is prudent to constantly deploy
on-access scanning method as it becomes a challenge to eliminate any viruses once
they infect the system.

2. Heuristic-based detection – The heuristic-based detection generally works better in

combination with signature-based detection. Both Hueristic and signature-based
detection, when combined, make the antivirus more effective. The Heuristic-based
detection has been most used in all the antivirus software. This causes the antivirus
programming to recognize new or a variation of an adjusted rendition of malware,
even without the most recent infection definitions. Antivirus programs utilize
heuristics, by running vulnerable files or applications containing suspicious code ,
inside an isolated runtime virtual condition. This shields the vulnerable code from
contaminating this normal working environment.
 Behavioural-based recognition
 Sandbox detection
 Data mining techniques

3. Behavioral-based recognition - This type of recognition is utilized as a part of

Intrusion Detection component. This is more biased in recognizing the attributes and
traits of the malware during the process of execution. This method functions well to
identify malware only when there is malicious performance.
Abhinav Arora (08) 1714110101

4. Sandbox recognition - It works destined to that of behavioral-based identification

strategy. It executes any applications in the virtual condition to track the type of
activities it performs. Confirming the activities of the application/program when
signed in, the antivirus programming can distinguish if the program is malevolent or
not.

5. Data mining strategies - This is one of the most recent patterns in recognizing a
malware. With an arrangement of the traits of a program, Data mining finds if the file
or an application is a malware.