0 How Antivirus Detect Viruses and other Malware

Earlier we have discussed what are Viruses and Worms. Generally most users have one or the other antivirus software installed on their systems to protect them from such malware.
But have you ever wondered how these software differentiate between which is a harmless file and what is actually harmful? In this post we'll be taking a look at how an antivirus decides which file is infected.
There are mainly two approaches used to detect a malware by an antivirus software which are in use today:

• Virus Signature Approach:

             In this approach the antivirus checks the file and compares it with a dictionary of known virus signatures. If any part of code matches with a virus signature, the user is alerted and asked for an action.

The problem with this method is if a new virus is created (many new viruses are created everyday) its signature would not be present in the dictionary and it may be passed by the antivirus as safe. Thus the antivirus should be regularly updated to include definitions for new viruses.

• Suspicious Behaviour Approach:

             In this approach instead of checking the signature of files the antivirus looks for any suspicious behaviour which may be dangerous. For example, if a program is written to format a hard disk it may be termed as dangerous. Thus any program which shows such behaviour is alerted as a 'virus'. 

But this approach also has its share of cons. Imagine a scenario where a new application is written to format a system on demand. But according to the antivirus it is a dangerous activity and it will be alerted as a virus inspite of not being one. Thus this method generates a lot of false alarms.

Modern Antivirus Programs:

Most modern antivirus programs use a combination of these approaches to detect known and new viruses.

But these approaches alone are not sufficient as there exist methods to encrypt a virus signature which makes it undetectable (UD). So apart from using an antivirus program the user should still work with precautions like not clicking on malicious links, not running programs from unknown sources, etc. to keep their system safe.

Thanks for reading. Hope this article covered the basics of detection process of an antivirus well. You can add your views  in comments and let me know if you feel I missed something.

0 Virus vs Worms

In my previous post we introduced the concept of UTMs. In this post let us take a look at a common security problem.
In our everyday life we often hear people complain how their computer got infected by a 'virus'. Well in reality it may not always be a virus but some other malicious stuff. The correct term to be used in such case is 'malware'.
There maybe different types of malwares like Viruses, Worms, Trojans, Rootkits, etc. In this post we'll take a look at virus and worms.

Viruses:
A computer virus is mostly an executable that attaches itself to a program or a file. It can spread over other systems when such files are shared.
Almost all viruses are attached to an executable file and infect the system when the malicious program is run.
A virus needs a human interaction (like a double-click on an infected file) to spread. Or we can say that a virus does not spread on its own.

A virus can be a simple one like a simple batch command which shuts down a system or it can be more deadlier for example a virus which formats the complete harddisk or corrupts the RAM!!

Worms:
A worm is similar to a virus in design and the kind of damage it produces but unlike a virus, it has the capability to travel over a network without any human interaction.
Worm copies itself over a network.It is a program that views the infection point as another computer rather than as other executables files on an already infected computer