the university of manchester school of computer...

23
1| Page The University of Manchester School of Computer Science 3 rd Year Project Report 2016 Developing an Antivirus Author: Raoul Kumar Supervisor: Dr. Milan Mihajlovic 2 nd May 2016

Upload: dodiep

Post on 09-Jun-2018

227 views

Category:

Documents


0 download

TRANSCRIPT

1|P a g e

The University of Manchester

School of Computer Science

3rd Year Project Report 2016

Developing an Antivirus

Author: Raoul Kumar

Supervisor: Dr. Milan Mihajlovic

2nd May 2016

2|P a g e

ABSTRACT

Computer viruses are omnipresent within our computer systems. They are hidden in websites, files, and so on. Every day, thousands of viruses see the day. There is an urgent need for people to educate

themselves about different types of malware and what they can do to the systems we are currently using. Anti-malware software have been on the rise, but malwares are also experiencing exponential

growth.

3|P a g e

ACKNOWLEDGMENTS

I would like to thank my supervisor, Dr. Milan Mihajlovic who has been really kind to me. I would also like to thank my Second Marker, Carole Twining who has given me invaluable advice during my

two seminar presentations.

Then, my friends and family who have been with me through thick and thin and cheered me up when things were not going my way.

Finally, I believe that the University of Manchester should also be mentioned in this section for giving me an opportunity to study here for 3 years and giving me skills, experiences and memories that I will

be cherishing forever.

4|P a g e

TABLE OF CONTENTS

TableofContentsCHAPTER1–PROJECTPROPOSALANDOVERVIEW..............................................................................5

1.1ProjectProposal...........................................................................................................................5

1.2OverviewandReportStructure...................................................................................................5

CHAPTER2–INTRODUCTION................................................................................................................6

CHAPTER3–BACKGROUNDANDLITERATURE.....................................................................................7

3.1.1TheFirstWave......................................................................................................................7

3.1.2TheSecondWave.................................................................................................................8

3.1.3TheThirdWave.....................................................................................................................8

3.1.4TheAntivirussoftware–safetycomesfirst..........................................................................9

CHAPTER4–DEVELOPMENT...............................................................................................................10

4.1FunctionalandNon-Functionalrequirements.......................................................................10

4.1.3Functionalrequirements....................................................................................................10

4.1.2Non-Functionalrequirements............................................................................................10

4.2Flowchart–Thesequenceofevents.....................................................................................11

4.3.Developmentapproachandpractices..................................................................................11

4.4Technologies/languagesused................................................................................................12

CHAPTER5–IMPLEMENTATION.........................................................................................................15

CHAPTER6–TESTINGANDEVALUATION...........................................................................................18

6.1MalwareRemovalTest..........................................................................................................18

6.2UnitTesting............................................................................................................................18

6.3Evaluation..............................................................................................................................18

CHAPTER7–REFLECTIONANDCONCLUSION.....................................................................................20

7.1Achievements........................................................................................................................20

7.2.Challenges.............................................................................................................................21

7.3FutureWork...........................................................................................................................21

6.4Reflection...............................................................................................................................21

Bibliography.........................................................................................................................................22

5|P a g e

CHAPTER1–PROJECTPROPOSALANDOVERVIEW

1.1ProjectProposalThe aim of this project is to investigate the working of computer viruses along with anti-virus techniques and approaches, and build a simple antivirus program that would allow users to scan a file, detect viruses in it and eliminate those that are affected. The aim is also to create a user friendly-environment for the user who would easily understand the steps taken by our program to delete the viruses.

1.2OverviewandReportStructureChapter 2 will be a brief introduction on the key notions of our assignment.

Chapter 3 will consist of a background research on viruses and what events occurred that the world had to turn to antivirus software to counter-attack the rise of malwares.

Chapter 4 will be focussing on the development phase of the program. In this section, there will be a thorough description of the languages and technologies used, along with the reasons behind the utilisation of those tools.

Chapter 5 will consist of the methods – calling API, view/write/edit the registry - we have used in order to implement our software

Chapter 6 will be giving an overview of the testing methods used to satisfy the user as much as possible and deliver an effective and reliable piece of software. We will also be evaluating how the antivirus based on different users’ views.

Chapter 7 will be a reflection of the achievements and challenges faced during the development of our program. It will also have a section in which will mention any future work that could be undertaken.

6|P a g e

CHAPTER2–INTRODUCTION

Before we start our assignment, we must ask ourselves what the antivirus software is and what it does. In today’s world, people’s knowledge on this subject is limited. In order to clarify this, we will be giving a definition. According to the Business Dictionary, it is a “Computer program that stays in the background, and attempts to counteract computer viruses by continuously monitoring all data files introduced into the computer. On detecting irregularities in the behaviour of new data, or finding data which matches or resembles the ‘signature’ (definition) of a virus, AV software blocks its action (execution) and alerts the user or the system administrator” [1]. Now that we have defined what our software does, we have to precise if it scans only for viruses or other types of malware. What it a malware? It is “short for ‘malicious software’, malware refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware” [2]. Hence, a virus is a common type of malware. Antivirus could have also been named anti-malware, but as seen by the definition above, it is too vast. The emergence of new types of technologies and digitalisation has had a great impact on the appearance of new viruses, and malwares with new signatures are born every day. Computer security is a domain that is on the rise because hackers are always looking of new ways to get hold of personal information. Every single one of us is jeopardised by this situation. As common individuals, we ought to protect information such as bank details. As corporate organisations, they ought to protect personal information about their customers/users. Hackers have also been targeting government organisations to steal highly confidential pieces of information in areas such as defence. Now that we have clarified what this software is and does, let us explore how the first viruses appeared throughout time.

7|P a g e

CHAPTER3–BACKGROUNDANDLITERATURERESEARCH

This section will consist of an extensive background search on the emergence of viruses and consequently to the rise of antivirus programs in order to counter-attack the rise of malware.

The emergence of viruses can be classified in different waves. The first wave occurred from 1979 to early 1990s; the second wave occurred from the early 1990s to 1998; the third one from 1999 to 2001; and finally the fourth (and current) occurred from 2001 till today [3]. The waves are due to technological advances in the computing domain, and the will to hack into systems to get hold of confidential information. The diagram below shows the timeline of the appearance of viruses [4]. In this chapter, we will be going explaining what happened in each wave, and how, because of the correlation of these events, antivirus saw the day and emerged as being the optimum software for malware detection.

3.1.1TheFirstWaveAs we can see above, there has been an exponential growth of malwares, and they are projected to have an impact globally in the near future, as compared to the impact on regional networks that we are experiencing currently. Fred Cohen created the first virus in 1983 at USC, which was for experimental purposes. It was only later on in the wave (1989) that “the WANK (Worms against Nuclear Killers) worm apparently learned from the Morris worm (1988) and infected VMS computers on DEC net. It spread using e-mail functions, exploited default system and field service accounts and passwords for access, and tried to find accounts where the user name and password were the same or the password was null” [5]. This was the first improvement in terms of malwares as there was an attempt to steal a third party’s confidential information. Then, in 1990 we witnessed the emergence of the famous Norton Antivirus in order to fight against infected files. During the same year in December, the European Institute for Computer Anti-virus Research (EICAR) was born in Hamburg. According to Solomon, the big problem was ‘glut’ because by 1991 there were 1000 viruses as compared to 200-300 in 1990 [6]. By definition, glut means a lot of something.

8|P a g e

3.1.2TheSecondWaveThis second wave was marked by the glut as the number of viruses was on an exponential rise. The third wave was based on e-mails. Indeed, in 1999 the Melissa macro virus was born. While it may sound inappropriate, “it began as a posting on the Usenet newsgroup ‘alt.sex’ promising account names and passwords for erotic web sites. The attached Word document actually contained a macro that used the functions of Microsoft Word and the Microsoft Outlook e-mail program to propagate” [3].

3.1.3TheThirdWaveThe third wave also saw the emergence of similar kinds of viruses such as ‘BubbleBoy’ virus. Finally, the fourth wave is all about the modern worms. “A worm shares several characteristics with a virus. The most important characteristic is that is that worms are self-replicating too, but self-replication of a worm is distinct in two ways. […] Do not rely on executable code. Second, worms spread from machine to machine across networks.” [7]. According to Chen, they are “represented by worms such as Code Red and Nimda that demonstrate faster spreading and a new level of sophistication. On September 18, 2001, the Nimda worm raised new alarms by using five different ways to spread and carrying a dangerous payload” [3].

All these events led to the emergence and rise of different pieces of antivirus software. The aim was to protect users against malwares and protect their personal information. We will now look at how and when the antivirus emerged, and what do they actually do. As shown in the diagram in 1.1 – we have to build efficient pieces of software because day-by-day hackers are being more skilful and the future could reserve us some surprises. The diagram below gives us a precise view of the events that occurred in the emergence of viruses [8].

Having looked at how viruses were born, we will now be looking at the direct implication that these turn of events had. Certainly, we will be looking at how pieces of software were born to counterattack those malwares.

9|P a g e

3.1.4TheAntivirussoftware–safetycomesfirst.At the end of the first wave, viruses were starting to develop themselves (as we saw in Chapter 1). Therefore, actions were needed to be implemented in order to protect users from getting hacked into their computers. 1987 is the year when John McAfee put this idea into the real world. Indeed, “in 1987, he (McAfee) left Lockhead to set up his own business, helping companies and individuals address their computer security problems. […] He wrote VirusScan, the world’s first antivirus computer software. When permanently loaded onto a computer, VirusScan could detect and remove known viruses” [9]. Following McAfee’s release, as mentioned in the introduction, Norton Anti-virus and the European Institute for Computer Antivirus Research (EICAR) were founded in respectively 1990 and 1991. This was a big step in order to fight against hackers. Over the time, other companies

were founded. The diagram below gives us an accurate description of those events [10].

As we can see from the diagram above, the number of antivirus software has increased drastically over the years to counter-attack the exponential growth of malwares. However, this list has only a small number of AV software. The list is much bigger – we have AVG, Avira, Panda, Avast, and many more [11].

Now that we have seen what malwares and antivirus software are, we will be looking at the development phase of our project. We will be describing how the design was undertaken and how it was implemented. We will also be justifying the choices made.

10|P a g e

CHAPTER4–DEVELOPMENT

In this section of our assignment, we will be looking at the requirements needed to develop an antivirus, we will also be looking at the development phase of our project, and justify the use of different technologies.

4.1FunctionalandNon-Functionalrequirements It is highly important to gather all functional and non-functional requirements before beginning the development of our project. It is essential to have the knowledge of what the antivirus should do (functional) and how the antivirus should behave (non-functional).

4.1.2FunctionalrequirementsAfter gathering information on how our software should behave, I also gathered information on what the antivirus should do. Basically, those are the necessities that the Antivirus should provide. These include requirements such as scanning of viruses, detection and elimination. The antivirus software should be able to work effectively and efficiently viruses that have different signatures. Moreover, our program should be able to tell in a very user-friendly manner that the scanning, detection has taken place and appropriate action has been taken.

4.1.3Non-FunctionalrequirementsBefore building this piece of software, I took into account – as a customer – what other users would want the antivirus to behave if they happened to buy it. First of all, the usability is an utterly important factor to consider. According to ISO, usability is “the effectiveness, efficiency and satisfaction with which users achieve specified goals in particular environments” [12]. Then, the other factor taken into account was performance. “Computer performance is characterized by the amount of work accomplished by a computer system or computer network compared to the time and resources used” [13]. Certainly, when using my software, a customer will expect it to have a short response time to scan the viruses present on its computer; he would want the software not to be using too much computer memory, and so on. Other factors such as stability or operability were also considered.

Now that an overview of the requirements gathering process has been given, the next few sections will be focussing on the development phase of the project and describe the approaches, languages, frameworks used to build the antivirus software.

11|P a g e

4.2Flowchart–ThesequenceofeventsThe diagram below describes the flow of events of our piece of software.

Diagram created on lucidchart.com

Stage 1: Upon the launch of our software, the program asks us to start the software and scan the file.

Stage 2: A counter is set up and the files are scanned. At the end of it, the counter displays the time taken by the antivirus to scan the files in its database or even the number of segments scanned.

Stage 3: At the end of the scanning phase, the software outputs a list of infected files, their names and location.

Stage 4: This stage is the elimination of viruses.

Stage 5: The viruses have been removed and the program asks us if we want to create a restore point. This function being set up as NULL, clicking yes/no has the same outcome.

Stage 6: At the end of stage 5, user is redirected to the launch page of our user interface

4.3.DevelopmentapproachandpracticesThe Agile approach was used for the development of this project. A couple of key practices were put into place in the development phase of our software. First of all, short iterations were utilised because they allowed me to set objectives for the upcoming weeks and have at some part of the project done at the end of each one of them. Those iterations lasted between 4-6 weeks approximately. There were some key benefits related to this practice. Indeed, it allowed me to stay on track and not fall behind in the building process as I had other modules and coursework. Moreover, they were helpful because building an antivirus was quite a big task, so it allowed me to break it down into small phases helped me reduce the complexity of different tasks. Furthermore, shorts iterations were also useful in not spending too much time on one task. Finally, the advantages that short iterations have is that if there is

12|P a g e

a problem – say in the design phase – it will be detected quite early and appropriate actions are taken as soon as detected, and even if there is outstanding work left, it can be reprioritise for the next one.

Then, task boards were useful in the sense that I could make rearrangements in my design phase if I felt that something was missing. Every time a new idea came into my mind, I used to write it on a task board, which in turn made the development phase easier – it gives visibility in what we are doing and helps us see better what the vision of the project is.

Finally, Retrospectives was also an approach used to build this software. Certainly, at the end of each iteration, I used to reflect on my work during that period and tried to find different ways to improve in my approach. I used to observe what went wrong in the iteration, and why some of the iterations did not go the way they were supposed to. It was beneficial because I gained an utterly important skill that will be useful in future – Reflexivity. Indeed, those retrospective sessions gave me the power to correct myself if I did something wrong and thus being self-critical.

4.4Technologies/languagesusedAfter having defined what the antivirus should do and how it should behave, a platform and a programming language are necessary in order to continue our development phase. First of all, I chose to program in Windows, as it is the most targeted Operating System. “Historically, Windows was not designed for security. While Linux and Apple’s Mac OS (based on UNIX) were built from the ground-up to be multi-user operating systems that allowed users to log in with limited user accounts, the original versions of Windows never were” [14]. Hence, comparing the security systems on both of these platforms, it became easier to decide that the Windows Operating System would be our main area of development. The pie chart below supports our argument. It analyses the Origin of DDOS (distributed denial of service) attacks on different platforms.

[15]

Furthermore, the language to be used for this project was a tedious process. At the University of Manchester, I predominantly learned Java in my first year, and C in my second year. Both of these languages could have been used for this project. However, the chosen language was C#. Several key

13|P a g e

factors made me choose C# over Java. First of all, C# allows gaining time as it does not require declaration of exceptions and super classes, and C# allows multiple public classes in the same file – this makes it easier to manage classes. The use of Microsoft Visual Studio also had an influence on my choice as it is relatively efficient in terms of user interface. Below are a few strengths that C# possesses.

[16]

Moreover, I had to decide – after choosing the desired platform and language – a suitable technique to scan the viruses in the database. There are two main techniques: Signature based scanning or Heuristics- based detection. We also have more scanning methods such as sandbox detection and data mining detection. However, the technique used was the first one because it requires to simply having the knowledge of known viruses – heuristics-based detection, on the contrary, searches for known viruses and newly created viruses, which would require a constant updating of the virus library - . Indeed, “This is most common in Traditional antivirus software that checks all the .EXE files and validates it with the known viruses and other types of malware, or it checks if the unknown executable files show any misbehaviour as a sign of unknown viruses” [17]. The second technique which I considered using was the heuristics based detection, but it was not used because it requires updating the virus library on a regular basis as it takes into account new signatures “aims at generally detecting new malwares by statistically examining files for suspicious characteristics without an exact signature match” [18]. Here is a diagram that shows how signature based detection works. [19]

14|P a g e

This diagram shows exactly what we defined above. The antivirus scans the file available in the computer system. Once those files reach the antivirus, it will compare them with those available in the virus dictionary. Above, 10325 is a known signature, so our antivirus will display that the system is infected.

There are also various other techniques that we could have chosen, as mentioned above. In reality, there is also the behavioural detection, or even the sandbox detection. However, the first technique was not used because analysing the behaviour of files and taking action would require an utterly high level of programming. Sandbox detection is somewhat similar to the behaviour detection [17].

Now that the platform, language and scanning method are defined, our program has to be able to access those files on any computer’s database

15|P a g e

CHAPTER5–IMPLEMENTATION

In this chapter, we will be looking at the various steps undertaken in order to implement the antivirus software

We have several methods that we can give C# in order to get permission to access the root of a system. To do this, we have to access, edit, and write in the windows registry. “The Registry contains information that Windows continually references during each operation, such as profiles for each user, the applications installed on the computer and the types of documents that each can create, property sheet setting for folders and application icons, what hardware exists on the system, and the ports that are being used” [20]. In the Windows registry, there are five root branches (HKEY – Handle to Registry Key) that contain specific information stored in the registry. The table below [20] will describe those specific pieces of information that are essential for the antivirus to run on a system as it needs to grasp the contents specific to the computer we are using.

However, the figure above just shows what these predefined keys are and what they do. In order to read, write and edit the registry, we had to add constants to those keys. They are called the ‘File and Directory Access Rights Constants’ provided by Microsoft. Assigning those constants to the HKEYs will allow the system to grants rights such as execute a file, delete an object, read and write extended attributes, change the owner in the security descriptor, and so on [21].

16|P a g e

Then, after being able to edit the registry on a system, the next implementation step was to call the Windows API function. “An Application Program Interface (API) is a set of commands, which interfaces the programs with the processor” [22]. For our software, we implemented the Win32 library. The APIs use 3 libraries that are KENREL, USER and GDI (Graphical Device Interface). Each library has its own capabilities. Indeed, the KERNEL library is supports process loading, context switching, file I/O, Memory management. The USER library is useful in managing interfaces such as Windows, Menus, Dialog Boxes, and Icons. Finally, the GDI library allows creating Graphical Output and storing graphical images. Each of those libraries is preceded by 32.dll because we are using Win32. “Dynamic Link Library (DLL) is Microsoft’s implementation of the shared library concept. A DLL file contains code and data that can be used by multiple programs at the same time; hence it promotes code reuse and modularization” [23]. In order for our antivirus to run through the registry and scan the viruses, we need the DLL to be imported because we want to explicitly demand that we are authenticated users of the API and we want to use those DLL. We then call the library that is in our database and search for harmful extensions. We also imported the DLLs because we wanted to call the WPF graphical subsystem’s (explained below) API so that the GUI-building process does not become tedious.

Furthermore, as part of the implementation, we used the WPF graphical subdivision. This was implemented to get the graphical user interface (GUI) that shows the user the whole scanning process. WPF is a highly advanced tool used to develop applications on the .NET Framework. “The goal of the Windows Presentation Foundation (WPF) is to provide these advances for Windows. WPF allows building interfaces that incorporate documents, media, two and three-dimensional graphics, animations, Web-like characteristics, and much more” [21]. The use of WPF is justified by lots of advantages that it offers. Certainly, it allows to get a cleaner separation of data and layout, it has flexibility as we can implement lots of features without having to actually write them, it is used for new Microsoft Applications such as Visual Studio. “The WPF button is “look-less”, as are most other WPF controls, which means that it can contain a range of other controls inside of it” [22]. The language supported is XAML. “XAML is an XML-based mark-up language that is used to implement an application’s appearance declaratively. It is typically used to create windows, dialog boxes, pages, and user controls, and to fill them with controls, shapes and graphics.” [23] Below is an example of

17|P a g e

what we can do with WPF the strengths it has to create an enhanced user experience.

[24]

18|P a g e

CHAPTER6–TESTINGANDEVALUATION

In this chapter will be talking about the different testing methods undertaken to make our software as reliable, effective, and as efficient as possible. Several testing methods such as file unit testing, virus removal tests were used. In order to see if the antivirus is really working and eliminating the viruses in a database, testing is really important as it allows us to check if the application we are building is obsolete or not.

6.1MalwareRemovalTestFirst of all, we had to perform a performance test on the antivirus to check if detects any malware in the database. In order to do this, we took help from EICAR – the European Institute for Computer Anti-Virus Research (EICAR). Who are they? What do they do? “The EICAR is supporting all kinds of initiatives in terms of technical solutions on preventive measures against writing and proliferation of malicious code like computer viruses or Trojan horses, and against computer crime, fraud and the misuse of computer or network, inclusive exploitation of personal data” [25]. They provide antivirus files to check the efficiency of our software. In terms of ethics, it is completely legal to use their file as they support individuals and organisations in building their own software. “This process can be used by people, companies and antivirus programmers to test the proper functioning of the antivirus/antimalware software without having to deal with the real computer virus which can cause damage to the computer” [26]. Go hacking provides guidelines in how to use this file. We will now be explaining the step by step procedure. First of all, we have to copy a code generated by EICAR in a txt document. Then, we have to rename the file to a ‘.com’ file. The next step is to run our scan on this file. If our software is built efficiently, we should get a message saying that there is a malware in our database and thanks to the scanning of our program, the file is deleted immediately. If there is no output generated by the file provided, then our antivirus is not working properly and we have to look back on what we developed.

6.2UnitTestingThen, we also used another method to be absolutely sure that our antivirus is working. We did unit testing at the end of each iteration to make sure that the components of the previous iteration are working accordingly with the ones of the current one. Unit testing was really important because we divided the functionalities of our antivirus and tested each part independently. Visual Studio Test Explorer was used to view the results of our experiments.

6.3EvaluationAfter having built our piece of software, the aim was to get feedback from different users in order to evaluate where our software stands. The evaluation process consisted of a portion of 10 users, all of them being 3rd year Computer Science student at the University of Manchester. This phase was spread on 2 days. They all ran the antivirus program, and gave me feedback. Out of those 10 users, 8 of them very highly satisfied with the Interface. According to them, the user experience was enhanced as the layout and colours were appealing. Moreover, they were satisfied that the user does not have to do a lot of manual work. Indeed, what the user requires to do is press the start button, select the malwares

19|P a g e

detected and, with the help of one click, remove them. Moreover, the circular progress bar and the counter we set up were also highly appreciated. All in all, the program received positive feedback.

20|P a g e

CHAPTER7–REFLECTIONANDCONCLUSION

This chapter reflects on the achievements and challenges faced during the development of the antivirus software program. Furthermore, this section also highlights the knowledge gained throughout this project and how our program could be improved in the future.

7.1AchievementsThe aim of this project was to build a simple antivirus program. I believe that this goal has been achieved as our software successfully scans, detects, and eliminates affected files. Apart from these features, I believe the software is easy to use and user-friendly. Undoubtedly, the tools and technologies used to implement the antivirus program were highly efficient. Indeed, the use of WPF in order to create a user-friendly interface was a success. Below is the User Interface we have created thanks to this graphical subsystem. The emphasis was on user friendliness. It is a simple User Interface which has a start button to start the scanning, and has tabs if we want to include information about us, or a about us tab which would include contact information about developer so that the user could contact if need be.

The other major achievement in this project was the development part of our software. Indeed, the agile practices and approach allowed staying organised, allowed detecting problems related to implementation quite early in our process, and helped gaining invaluable skills such as reflexivity, time-management skills, and so on.

21|P a g e

7.2.ChallengesThe major challenge at the start of this project was that it was a fairly long process to build an antivirus. So, the solution was to divide the tasks into chunks. Some problems arose and work had to be reprioritised in other iterations. It is quite dangerous because if we do not take action immediately, it can have a waterfall effect where tasks keep getting shifted to other iterations. Then, the other challenge was the implementation. Handling the keys in the registry and assigning those constants was a tedious process as we had to take into account the 5 main root keys that the registry contains. Moreover, importing the DLL in order to be an authenticated user of the API was complicated as it is a manual process. The DLL we want to import requires that the developer declares each function manually. The API has several libraries – KERNEL, USER, GDI (Graphical Device Interface) – so we had to take them into account.

7.3FutureWorkFor the future, the idea is to create web-based assistance for the virus library. Indeed, the aim is that the database of viruses updates automatically and viruses that have unknown signatures shall be detected by our program. Currently, the antivirus software we built eliminates malwares that it knows. There are millions of viruses that are created every day, and hackers are becoming more and more competent. Antivirus developers have to keep up with this rise, and this will happen if current pieces of software evolve.

7.4ReflectionI really enjoyed doing this project and spending time on it. It was an utterly fruitful experience. Being surrounded by computers all the time, I believe we should have the knowledge of the dark side of this technology. Indeed, every year thousands of computer malwares are created. Therefore, it is vital to know what tools and technique companies specialised in cyber-crime utilise. I gained lots of programming skills and personal skills whilst working on this project. Indeed, I believe I have enhanced my skills in C# and I know how to perfectly use Microsoft Visual Studio. Moreover, in terms of my transferable skills, time management is an area in which I gained lots of exposure as it was a big project and I had to stick to the iterations. Being able to go so deep into computer systems and accessing different libraries that have their own characteristics and being able to access them gave left me astonished. To put it in a nutshell, this experience has had a positive impact, and I feel more and more confident that I will excel in the domain of computing in the future.

22|P a g e

Bibliography

[1] "BusinessDictionnary,"2016.[Online].Available:http://www.businessdictionary.com/definition/antivirus-AV-software.html.[Accessed23April2016].

[2] "Techterms,"2016.[Online].Available:http://techterms.com/definition/malware.[Accessed22April2016].

[3] T.M.Chen,"TheEvolutionofvirusesandWorms".

[4] "Cisco.com,"2016.[Online].Available:http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book/QoSIntro.html.[Accessed22April2016].

[5] M.a.J.Robert,StatisticalMethodsinComputerSecurity,NewYork:MarcelDekker.

[6] D.Solomon,Dr.Solomon'svirusEncyclopaedia,1997.

[7] J.Aycock,ComputerVirusesandmalwares,NewYear,2006.

[8] "Zeltser,"2016.[Online].Available:https://zeltser.com/endpoint-security-trends/.[Accessed22April2016].

[9] J.Kilby,inInventorsandInventionsVolume4,NewYork,MarshallCavendish,2008,p.1032.

[10]"Histropedia,"2016.[Online].Available:http://histropedia.com/timeline/bwfttpg9bg0t/Antivirus-software.[Accessed25April2016].

[11]"AVTest,"[Online].Available:https://www.av-test.org/en/antivirus/home-windows/.[Accessed25April2016].

[12]"w3,"[Online].Available:https://www.w3.org/2002/Talks/0104-usabilityprocess/slide3-0.html.[Accessed27April2016].

[13]"Wikipedia,"[Online].Available:https://en.wikipedia.org/wiki/Computer_performance.[Accessed27April2016].

[14]"Howtogeek,"[Online].Available:http://www.howtogeek.com/141944/htg-explains-why-windows-has-the-most-viruses/.[Accessed27April2016].

[15]"Sucuri,"[Online].Available:https://blog.sucuri.net/2014/05/map-of-a-ddos-attack.html/sucuri-analysis-of-ddos-attack-desktop-origins.[Accessed27April2016].

[16]"SlidePlayer,"[Online].Available:http://slideplayer.com/slide/6837803/.[Accessed28April

23|P a g e

2016].

[17]"AntivirusComodo,"[Online].Available:https://antivirus.comodo.com/how-antivirus-software-works.php.[Accessed28April2016].

[18]"Searchsecurity,"[Online].Available:http://searchsecurity.techtarget.com/tip/How-antivirus-software-works-Virus-detection-techniques.[Accessed28April2016].

[19]"EngineerGarage,"[Online].Available:http://www.engineersgarage.com/mygarage/how-antivirus-works.[Accessed28April2016].

[20]"Microsoft,"[Online].Available:https://support.microsoft.com/en-us/kb/256986.[Accessed29April2016].

[21]"msdnmicrosoft,"[Online].Available:https://msdn.microsoft.com/en-us/library/aa663364.aspx.[Accessed1May2016].

[22]"wpftutorial,"[Online].Available:http://www.wpf-tutorial.com/about-wpf/wpf-vs-winforms/.[Accessed1May2016].

[23]"ms,"[Online].Available:https://msdn.microsoft.com/en-us/library/aa970268(v=vs.100).aspx.[Accessed1May2016].

[24]"WPFmsdnmicrosoft,"[Online].Available:https://msdn.microsoft.com/en-us/library/aa970268(v=vs.100).aspx.[Accessed1May2016].

[25]"EICAR,"[Online].Available:http://www.eicar.org/11-0-Who-is-EICAR.html.[Accessed1May2016].

[26]"gohacking,"[Online].Available:http://www.gohacking.com/test-working-of-antivirus-eicar-test/.[Accessed1May2016].

[27]"CodeProject,"[Online].Available:http://www.codeproject.com/Articles/1285/Calling-API-functions-using-C.[Accessed1May2016].

[28]"TutorialPoint,"[Online].Available:http://www.tutorialspoint.com/dll/.[Accessed1May2016].

[29]"av-test,"[Online].Available:https://www.av-test.org/en/statistics/malware/.[Accessed2May2016].