I hope you know what is computer Anti-Virus. But you may not know how the anti virus works. Here i am sharing how the antivirus software works.
What you know about Anti Virus software?
Antivirus software gives protection against the viruses and Malware. Antivirus can detect the malicious software ,then delete or put it in quarantine.
The process behind the Anti Virus
The Antivirus follows two methods to detect the malicious software. They are Virus Dictionary Based Detection & Suspicious Activity Detection.Virus Dictionary Based Detection In this method, Antivirus manage a dictionary file which has the identified virus signatures. Whenever an executable is running, antivirus will check the executable file source code with the dictionary. If the source code match with any virus signature, then antivirus will immediately inform you that the virus is found.
Antivirus will check the executable file whenever file is opened or created or emailed or downloading.
Example:
Let us assume the malicious code is "11010011" and this code is in dictionary file. If any executable file runs with the above malicious code, the antivirus immediately block and alerts the user. Day to day the hackers can create new viruses, the source code of virus will vary. The antivirus can not detect the virus with
old Signature of viruses. You have to update the virus signature so that it can detect new viruses.
Drawback of this Method
Hackers found a hacking trick to bypass this security method, The Crypter. Yes, hackers can encrypt the source code into different source code such that it will look like safest source code. So if the antivirus checks for the source code, it won't find the malicious code (because it is another form). (I will give detailed explanation about the crypter in my next post.). The drawback can be solved by including the crypted malicious code to dictionary file.
Suspicious Activity Detection The suspicious activity detection method is more effective than the Dictionary based approach. It can detect even a new virus. Antivirus observes the behavior of the executable file. If the executable file does any illegal process or create any executable file, the antivirus will block the executable file and alert the user .
Drawback
It is annoying process. The accuracy is less so it may detect any safe executable file as virus.
Source:http://breakofhacks.blogspot.in
NOTE: Feel Free To Comment....
0 comments: