Scribd Logo
Upload

Welcome to Scribd!

  • Study Report On Antivirus

    Uploaded by

    ram9kumar678
    20 views4 pages

    Original Title

    Study Report on Antivirus

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views4 pages

    Study Report On Antivirus

    Uploaded by

    ram9kumar678

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Study Report on Antivirus S/W

    How Antivirus Works?


    Antivirus software scans the file comparing specific bits of code
    against information in its database and if it finds a pattern duplicating one in
    the database, it is considered a virus, and it will quarantine or delete that
    particular file.

    How The Antivirus Detects Virus?


    All program files (executable) that enter a system go through the
    antivirus scan. Those that match the signatures are classified as viruses
    and are blacklisted. The other program files then pass through the Defense
    + HIPS ( Host Intrusion Prevention System). Here the known files would be
    allowed entry and would run in the system while the unknown ones,
    irrespective of whether they are good or bad, are sent to the Defense+
    Sandbox. These would be allowed to run, but only in this restricted
    environment. Those that the user allows as good files would be added to
    the Whitelist while all others would remain in the sandbox, after which they
    would go to the Comodo labs for analysis.

    How to get rid of malware?


     Signature-based detection
     Heuristic-based detection
     Behavioural-based detection
     Sandbox detection
     Data mining techniques

    Signature-based detection - This is most common in Traditional


    antivirus software that checks all the .EXE files and validates it with the
    known list of viruses and other types of malware. or it checks if the
    unknown executable files shows any misbehavior as a sign of unknown
    viruses.
    Files, programs and applications are basically scanned when they in
    use. Once an executable file is downloaded. It is scanned for any malware
    instantly. Antivirus software can also be used without the background on
    access scanning, but it is always advisable to use on access scanning
    because it is complex to remove malware once it infects your system
    Heuristic-based detection - This type of detection is most commonly
    used in combination with signature-based detection. Heuristic technology is
    deployed in most of the antivirus programs. This helps the antivirus
    software to detect new or a variant or an altered version of malware, even
    in the absence of the latest virus definitions.
    Antivirus programs use heuristics, by running susceptible programs or
    applications with suspicious code on it, within a runtime virtual
    environment. This keeps the vulnerable code from infecting the real world
    environment.
    Behavioural-based detection - This type of detection is used in
    Intrusion Detection mechanism. This concentrates more in detecting the
    characteristics of the malware during execution. This mechanism detects
    malware only while the malware performs malware actions.
    Sandbox detection - It functions most likely to that of behavioral based
    detection method. It executes any applications in the virtual environment to
    track what kind of actions it performs. Verifying the actions of the program
    that are logged in, the antivirus software can identify if the program is
    malicious or not.
    Data mining techniques - This is of the latest trends in detecting a
    malware. With a set of program features, Data mining helps to find if the
    program is malicious or not.
    Supporting Data

     IndoVirus attempts to disguise its executable file(s) as Windows


    folders. It changes the attributes of the original root folders to
    "hidden" and makes copies of its file using those folder names.

     JPG malware is not that common, but it can be very nasty.


    Attackers can target stock images that are common in power point
    presentations and embed malicious code either using stegosploit or
    infect the site that hosts the stock images for slides.
     Even if the original virus is deleted, the version stored in memory can
    be activated when the operating system (OS) loads a specific
    application or service. Resident viruses are problematic because
    they can evade antivirus and antimalware software by hiding in
    the system's random access memory (RAM).
     A stealth virus is a computer virus that uses various mechanisms to
    avoid detection by antivirus software. It takes its name from the term
    stealth, which describes an approach to doing something while
    avoiding notice.

    References
     https://antivirus.comodo.com/how-antivirus-software-
    works.php#:~:text=How%20Antivirus%20Works%3F,or%20delete
    %20that%20particular%20file.

     https://ieeexplore.ieee.org/document/6209220

     https://umbrella.cisco.com/blog/picture-perfect-how-jpg-exif-data-
    hides-malware#:~:text=JPG%20malware%20is%20not%20that,the
    %20stock%20images%20for%20slides.

     https://www.techtarget.com/searchsecurity/definition/
    virus#:~:text=Even%20if%20the%20original%20virus,random
    %20access%20memory%20(RAM).

    You might also like