virus antivirus
DESCRIPTION
Virus Antivirus. Contents. Virus Introduction Types of Viruses Viruses Antivirus Introduction Types of Antivirus Technical Implementation Hardware and Software Features Future Implementation. Virus. Introduction. Computer Virus – Type of Malware, replicates itself - PowerPoint PPT PresentationTRANSCRIPT
VIRUS
ANTIVIRUS
CONTENTS Virus Introduction Types of Viruses Viruses Antivirus Introduction Types of Antivirus Technical Implementation Hardware and Software Features Future Implementation
VIRUS
INTRODUCTION Computer Virus – Type of Malware, replicates
itself Infects a variety of different subsystems on
their hosts Stealing hard disk space or CPU time Accessing private information Corrupting data Logging users keystrokes
TYPES OF
VIRUSES
TYPES OF VIRUSES (1/2) Boot viruses
These viruses replace the boot record and move it to a different part of the hard disk, or simply overwrite it.
Program viruses Infects only executable files (with extensions
like .BIN, .COM, .EXE, .OVL, .DRV, and .SYS). Once executed, these programs load into memory,
along with the virus contained within them.
Stealth viruses Redirects the hard disk head, forcing it to read
another memory sector instead of their own.
TYPES OF VIRUSES (2/2) Polymorphic viruses
Always change their source code from one infection to another.
Each infection is different, and this makes detection very hard.
Macro viruses Virus that is written in a macro language, and
embedded into documents (MS Word, Excel) so that when users open the file, the virus code is executed, and can infect the user's computer.
VIRUSES
VIRUSES (1/2) Killing New Process
When executed does not allow any new process to start
Does not effect any existing process already running
Application Virus Aimed to corrupt or kill Windows inbuilt
applications like MS Paint, Notepad, Internet Explorer
Also creates many threads so that the CPU become busy and PC starts hanging up
VIRUSES (2/2) File Replicating Virus
Consumes the Hard Disk space by replicating the files
Does not effect any existing process already running
Removable Drive Virus Detects removable drive and copies infected file
into removable drive
ANTIVIRUS
ANTIVIRUS INTRODUCTION Computer software used to prevent, detect and remove
malicious computer viruses.
Usually runs at the highly trusted kernel level of the operating system to allow it access to all potential malicious process and files, creating a potential avenue of attack.
Perform one or more of the following actions; Quarantining repairing, or deleting.
Quarantining a file will make it inaccessible, and is usually the first action antivirus software will take if a malicious file is found.
ANTIVIRUS TYPES
TYPES OF ANTIVIRUS (1/2) Signature based detection
To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures.
Requires frequent updates of the virus signature dictionary.
Heuristic-based detection Malicious activity detection, can be used to identify unknown
viruses. Two methods are used; file analysis and file emulation.
File Analysis: analyze the instructions of a program. Based on the instructions, the software can determine whether or not the program is malicious.
For example, if the file contains instructions to delete important system files, the file might be flagged as a virus.
TYPES OF ANTIVIRUS (2/2) File Emulation: the target file is run in a virtual
system environment, separate from the real system environment. The antivirus software would then log what actions the file takes in the virtual environment. If the actions are found to be damaging, the file will be marked a virus.
Our Antivirus will be based on Signature based detection mechanism.
TECHNICAL IMPLEMENTATI
ON
TECHNICAL IMPLEMENTATION Viruses and Antivirus will be developed on .NET
platform using C# as a coding language. .NET is Microsoft platform for developing
advanced and Robust applications .NET supports a wide range of library classes
which eases the development efforts and hence more time can be utilized in other activities
.NET is called Language Independent Platform as it support 4 native languages and 21 non-native languages.
Native Languages are a Microsoft created languages i.e. C#. VB.Net, J#, VC++
HARDWARE AND
SOFTWARE
HARDWARE AND SOFTWARE
SOFTWAREHARDWARE
•Pentium Core 2 Duo processor or above • 2 GB RAM • 20 GB HDD
• Windows XP/ Windows Vista/ Windows 7 • Microsoft .NET Framework 3.5 • Microsoft Visual Studio 2008
Virus-Antivirus
FEATURES
FEATURES Signature based virus detection Scanning Option – (Full Scan, Drive Scan) Adding of new virus signatures
FUTURE ENHANCEMENT
FUTURE ENHANCEMENT The future enhancement to this Antivirus will
be addition of heuristic technique Determination of malicious activity on basis
of User behavior
THANK YOU