[attachment=13788]
INTRODUCTION
Most of the computer viruses that were written in the early and mid '80s were limited to self-reproduction and had no specific damage routine built into the code (research viruses)
The first publicly documented removal of a computer virus in the wild was performed by Bernd Fix in 1987.
Fred Cohen, who published one of the first academic papers on computer viruses in 1984, started to develop strategies for antivirus software in 1988 that were picked up and continued by later antivirus software developers.
Signature based detection
Heuristic-based detection
Signature based detection is the most common method.
To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures.
This can be very effective, but cannot defend against malware unless samples have already been obtained and signatures created.
Because of this, signature-based approaches are not effective against new, unknown viruses.
Because new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary.
To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary.
Although the signature-based approach can effectively contain virus outbreaks, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.
Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.
Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants.
Generic detection refers to the detection and removal of multiple threats using a single virus definition.
While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature.
Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature.
Quarantine Technology is a function of virus protection software that voluntarily isolates any infected files on a computers hard disk.
Quarantine Technology protects these infected files from corrupting other files on a computer.
CLOUD BASED ANTIVIRUS
NETWORK FIREWALL
ONLINE SCANNING
SPECIALIST TOOLS
CloudAV is a cloud computing antivirus developed as a product of scientists of the University of Michigan
Each time a computer or device receives a new document or program, that item is automatically detected and sent to the antivirus cloud for analysis.
The CloudAV system uses 12 different detectors that act together to tell the PC whether the item is safe to open.
It is more thorough and also has the ability to check the new document or programs access history.
Network firewalls prevent unknown programs and Internet processes from accessing the system protected.
However, they are not antivirus systems as such and thus make no attempt to identify or remove anything.
They may protect against infection from outside the protected computer or LAN, and limit the activity of any malicious software which is present by blocking incoming or outgoing requests on certain TCP/IP ports.
A firewall is designed to deal with broader system threats that come from network connections into the system and is not an alternative to a virus protection system
Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files.
A rescue disk that is bootable (such as a CD/DVD disc or USB storage device) can be used to run anti-virus software outside of the installed operating system and remove the infections when dormant.
A bootable anti-virus disk can be useful when, for example, the installed operating system is no longer bootable or has malware that is resisting all attempts to be disinfected by the anti-virus program on the infected computer.
Examples of some of these bootable disks include the Avira AntiVir Rescue System (a Linux-based rescue CD) and AVG Rescue CD.
Most popular anti-virus programs are not very effective against viruses
Independent testing on all the major virus scanners consistently shows that none provide 100% virus detection.
The best ones provided as high as 99.6% detection, while the lowest provide only 81.8% in tests conducted in February 2010.
All virus scanners produce false positive results as well, identifying being files as malware.
Most popular anti-virus programs are not very effective against new viruses
The reason for this is that the virus designers test their new viruses on the major anti-virus applications to make sure that they are not detected before releasing them into the wild.
Rootkit is a type of malware that is designed to gain administrative-level control over a computer system without being detected.
The detection of rootkits are a major challenge for anti-virus programs.
Rootkits can modify the inner workings of the operating system and tamper with the anti-virus program.
If a rootkit hides itself in firmware e.g. the motherboard BIOS, it may never be discovered and could persist even if the operating system is cleanly installed on a reformatted or new hard drive.
Running multiple antivirus programs concurrently can degrade performance and create conflicts.
It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.
Active antivirus protection may partially or completely prevent the installation of a major update.
A false positive is identifying a file as a virus when it is not a virus.
If an antivirus program is configured to immediately delete or quarantine infected files (or does this by default), false positives in essential files can render the operating system or some applications unusable.
In May 2007, a faulty virus signature issued by Symantec mistakenly removed essential operating system files, leaving thousands of PCs unable to boot.
CREEPER VIRUS
WABBIT VIRUS
ANIMAL
ELK CLONER
GHOST BALL
BRONTEK
HAPPY99
ILOVEYOU
BEAST
MYDOOM
WITTY
SASSER
NUCLEAR RAT
VUNDO
BIFROST
SANTY
SAMY SXX
ZLOB TROJAN
BANDOOK RAT
DAPROSY
KOOBFACE
AVG ANTIVIRUS
AVAST ANTIVIRUS
BULLGUARD
Dr. WEB
McAfee
KASPERSKY
PANDA ANTIVIRUS
VIRUSBUSTER
NORMAN
IMMUNET PROTECT
BITDEFENDER
CLAM ANTIVIRUS
AVZ
F-SECURE
G-DATA SOFTWARE
RISING ANTIVIRUS
ZONEALARM
eSAFE
nPROTECT
PANDA CLOUD