With the expansion of internet and with the advance in technology , viruses have become a big threat . It is fascinating to know how a few lines of code can lead you into sever hardware damage or even acquire your confidential information .
There are several Anti Virus software available in market that claim to be effective and protect your gadgets from computer diseases . The question to be asked is how do this Anti Virus are successful in protecting us ?
Anti Virus software usually have to ways of detecting a virus :
- Dictionary based detection also know as the Signature based detection
- Identifying the suspicious behavior of a program also know as Heuristic based detection
Dictionary based detection :
It is the most effective virus detection technique . It is a simple technique where files are refereed to Dictionary of previously known viruses . If a match is found then the file is deleted , quarantined so that it can no longer be used or it is repaired . It is important that the Dictionary is regularly updated so that newly found viruses can be detected .
This method is not a full proof method and virus authors can easily fool it . "Polymorphic viruses" which are encrypted form of virus . They disguise themselves so as to get unnoticed .
Heuristic based detection :
This is more intelligent method of detecting a virus . Unlike the Dictionary based technique , the Heuristic based technique analyze the behavior of programs . Here the virus notifies the user about the unusual behavior of the program . Suppose a program is overwriting an .exe (executable) file an alert message is sounded to the user .
Heuristic based technique has the advantage that it can detect previously unknown virus . However this method is not that effective as it sounds a large amount of fault positives making the user desensitized about the issue .
Other detection techniques :
In some case anti virus software tend to emulate the starting part of the code of a file being used . If it is self modifying or appears to be effected as a virus , one can assume it affected . However this technique issues a lot of false positive .
Sandbox technique is used to run a program in controlled environment . This technique emulate the operating system and the program to be executed is first run on this simulation . After the program has terminated the simulation is analyzed for an virus . This technique is mostly used for On-demand scan due to its performance issues .
User education is as important as anti-virus software; simply training users in safe computing practices, such as not downloading and executing unknown programs from the Internet, would slow the spread of viruses, without the need of anti-virus software.
source : www.antivirusworld.com
0 comments:
Post a Comment