FirewallAugust 26, 2006
PatchesAugust 26, 2006
Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).
Anti-virus software typically uses two different techniques to accomplish this:
- Examining (scanning) files to look for known viruses matching definitions in a virus dictionary
- Identifying suspicious behavior from any computer program which might indicate infection Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that the authors of the anti-virus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can take one of the following actions:
- attempt to repair the file by removing the virus itself from the file
- quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread)
- delete the infected fileTo achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically minded and technically inclined users identify new viruses “in the wild”, they can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries.
Dictionary-based anti-virus software typically examines files when the computer’s operating system creates, opens, closes or e-mails them. In this way it can detect a known virus immediately upon receipt. Note too that a System Administrator can typically schedule the anti-virus software to examine (scan) all files on the user’s hard disk on a regular basis.
Although the dictionary approach can effectively contain virus outbreaks in the right circumstances, virus authors have tried to stay a step ahead of such software by writing “oligomorphic”, “polymorphic” and more recently “metamorphic” viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus’s signature in the dictionary.