How Do Antivirus programs Detect Virus?
Many Of us wonder how our Antivirus software scans for Virus,Worm,Trojan.We scan a Folder Or Local Drive for Virus but what actually happens during the Virus Scan Period?.I have found a Short and Sweet answer in Orkut Hacking forum Posted a Geek.I have already Posted his another article 6 Different Techniques used by malware composers.Also Know the Difference Between Virus,Worm,Trojan.
4 techniques used by Anti virus program to detect malware:
1.Signature Based Scan.
2.Heuristic Based Scan.
3.Threat Sense Technology.
4.Artificial Intelligence (Behavioral Antivirus Programs).
1.Signature Based Scan:
Traditionally, Antivirus solutions have relied strongly on signature-based scanning,also referred to as “scan string-based technologies”. In signature based scanning anti virus program searches within given files for the presence of certain strings (also only in certain regions).If these predefined strings are found,then antivirus report A Threat has been detected.
According to Macfee Lab, approximately 250 virus are released every day, so it’s very difficult to catch all those viruses every day.So a new technologies are used to detect unknown threats as explained below.
2.Heuristic Based Scan:
The first heuristic engines were introduced to detect DOS viruses in 1989.Heuristic (hyu-ˈris-tik) is an adjective for methods that help in problem solving.A heuristic scan is used to detect new, unknown viruses in your system that have not yet been identified. Only some anti viruses can do this type of scan, the majority are only able to detect known viruses.
In this scanning, anti virus program searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus.
3.Threat Sense Technology:
In past when a virus was released it was detected by antivirus experts after 15-30 days. Till then virus had done enough damage to millions of users like “I love you worm“. Then anti virus experts started using Threat Sense Technology.
In this technology , when a certain files does specious activity in computer, Av program doesn’t perform any action and keep eye on that file. Next, when you update your anti virus these files are send to security experts of that anti virus that you are using. They analyze the file, if it is a virus then they make it’s signatures. By this a virus is caught within 3-4 days.
4.Artificial Intelligence (Behavioral Antivirus programs):
These programs monitor you computer activities. If any dangerous or specious activity occurred by a file, they inform user and give some option to perform certain action.Now user has to take decision that is it a virus file or helpful file. Some times, if user takes wrong decision then the software which is reported by anti virus get corrupted and antivirus quarantined.
One more technology is “Proactive Defense”. It was first used by Kaspersky(My Most Trusted Friend).When a program or process gets executed, “Proctive Defense” tells the user about the activity of the program and asks it to allow or Block.
The Most advanced Proactive Defense is Provided by Comodo Internet Security.
Some Additional Information:
- Eset NOD32 uses Threat Sense Engine. Since it doesn’t responds to the activity of the program till it get it’s info from the Internet, it can be dangerous to the Computer.
- Kaspersky(My Most Trusted Friend) provides hourly updates. So it is Best in signature based detection.
- Bitdefender has a most powerful Heuristics analyser and Bitdefender 2009 has Behaviour based detection also. So it is a very good choice.
- “Norton Antibot” has world’s best Behaviour Based Detection Engine and it stood 1st in the test conducted by CHIP Magazine with 100% detection rates. It is totally based on Behavior Analysis ,therefore never requires updates.
Read My Other Articles:
Conficker Worm Detailed Information & Free Removal Tools.