1 Oct 2014

How anti-virus software detects virus ?

How Does Anti virus detects
viruses?

I hope you know what is computer
Anti Virus.
But you may not know how the anti
virus
works. Here i am sharing how the
antivirus
software works.

* What you know about Anti Virus
software?
Antivirus software gives protection
against the
viruses and Malware. Antivirus can
detect the
malicious software ,then delete or
put it in
quarantine.

# The process behind the Anti Virus
The Antivirus follows two methods
to detect the
malicious software.
They are,

* Virus Dictionary Based Detection
* Suspicious Activity Detection

1.Virus Dictionary Based Detection :

In this method, Antivirus manage a
dictionary
file which has the identified virus
signatures.
Whenever an executable is running,
antivirus
will check the executable file
source code with
the dictionary. If the source code
match with
any virus signature, then antivirus
will
immediately inform you that the
virus is found.
Antivirus will check the executable
file whenever
file is opened or created or emailed
or
downloading.

Example:
Let us assume the malicious code
is
"11010011" and this code is in
dictionary file. If
any executable file runs with the
above
malicious code, the antivirus
immediately block
and alerts the user.
Day to day the hackers can create
new viruses,
the source code of virus will vary.
The antivirus
can not detect the virus with old
Signature of
viruses. You have to update the
virus signature
so that it can detect new viruses.

Drawback of this Method

Hackers found a hacking trick to
bypass this
security method, The Crypter. Yes,
hackers can
encrypt the source code into
different source
code such that it will look like
safest source
code. So if the antivirus checks for
the source
code, it won't find the malicious
code (because
it is another form).
The drawback can be solved by
including the
crypted malicious code to
dictionary file.

2.Suspicious Activity Detection :

The suspicious activity detection
method is
more effective than the Dictionary
based
approach. It can detect even a new
virus.
Antivirus observes the behavior of
the
executable file. If the executable
file does any
illegal process or create any
executable file, the
antivirus will block the executable
file and alert
the user .

Drawback

It is annoying process. The
accuracy is less so
it may detect any safe executable
file as virus.