In this segment, we are going to understand how viruses work, how antivirus detects viruses and more other concepts.
Malicious Hackers need a program which carries a malicious payload that could hide inside a non-malicious program and spread without depending on the victim running a particular program. These hackers discovered their answers in different computer viruses. These computer viruses survive and spread by infecting a file or a hard disk. When a virus infects a device or any machine, it depends on that device or machine to spread it around. The three most basic techniques of infection are given below :
– Program files running in background.
– Infecting the booting files of hard disks.
– Infecting document files with the help of macro functionalities of Word Processors or SpreadSheets.
FILE INFECTING VIRUS.
In the old days, programs used to fit on a floppy drive. If you needed to play a computer game or run an application like MS Excel, you could request that to your friend to copy the program to a floppy drive and hand it to you. Accordingly, perhaps the earliest type of virus infection included programs shared through floppy drive.
Virus infection through file still works, except they can possibly spread if somebody moves an infected program file over the internet or by means of a virus infected CD/DVD/USB. But nowadays, the vast majority of people simply copy the program’s original installation CD/DVD. Unless a virus can infect this original installation CD/DVD, anyone would not have the option to spread through these copy methods of sharing files.
BOOT SECTOR VIRUS.
Boot-sector viruses infect only the boot section of a disk, which commands the system how to use that specific hard disk. A boot-sector virus spreads at whatever point you boot from or get to an infected hard drive or removable disk, (for example, a booted floppy or CD drive).
At once, boot-sector virus was one of the most widely recognized kinds of virus, yet as less individuals share floppy disks or CDs these days, they have gotten significantly more uncommon. Back when individuals used floppy disks or CDs to move files from one system to the next, they would leave the disk plugged with floppy or CD. At the point when somebody turned on a system with a plugged floppy disk, It would initially attempt to boot up from the floppy disk. If the floppy disk was infected with a boot-sector virus, that virus would then infect the hard drive or sneak in memory so it could infect some other floppy disks plugged into the system.
Macro viruses only infect files created by a particular program, for example, reports made in Microsoft Word or spreadsheets made in Microsoft Excel. At the point when you load an infected report. The macro virus attempts to spread to any similar records stored on your system. Since such a significant number of individuals use Microsoft Word, the most well-known large scale infections target Word records, the most common macro viruses target Word reports, likewise target Excel and Microsoft PowerPoint documents as well.
Not at all like different kinds of viruses that are written using programming languages, for example, Assembly, C/C++, or Pascal, Macro Viruses are written using the macro programming language specific to its target application. Most macro viruses are written using Microsoft’s macro language, called Visual Basic for Applications (VBA).
To limit the threat of macro viruses, Microsoft Word 2003 offers a special macro security feature that you can access by Setting -> Tools – > Macro – > Security to show a Security dialog box then click the options accordingly. See the picture above.
HOW VIRUSES AVOID DETECTION.
Viruses can survive only if they remain undetected long enough to spread to other computers. Virus programmers have used a variety of tactics to Increase a virus’s longevity. Viruses can survive if they stay undetected long enough to spread to different systems.
ntivirus programs can detect a virus in two different ways. First, an antivirus program may perceive a specific virus’s signature, which is just the particular instructions coded in the virus program that tells how to carry on and act. These Virus Signatures are unique. A second way an antivirus program can detect a virus is by its behavior, which is called Heuristic Analysis or Detection.
To sneak past an antivirus program, viruses may use multiple techniques :
1. The virus infects any file got to by an infected program. For instance, if a virus infects your antivirus program then each time an infected antivirus program examines a file, it can really infect that file immediately guaranteeing that it is a virus-free file.
2. The virus only infects recently created files or files modified by a legitimate program. By doing this, viruses attempt to cover their presence from antivirus programs. For instance, if you run Windows Explorer and click a file to rename it, your antivirus program won’t raise an alert, since Windows Explorer is permitted to modify files. In any case, if a virus infects Windows Explorer, renaming a file could make it become infected at the same time.
3. Viruses covers itself in your computer’s main memory i.e. RAM and each time you run a program or plug-in a floppy disk, the virus infects that program or disk. This is called Ram Resident Infection, which is the main way that Boot Sector viruses can spread.
4. If cyber crooks could modify their fingerprints each time they carried out a wrong doing, they would be more difficult to catch. That is the thought behind polymorphism. A polymorphic virus changes its signature, the arrangement of instructions which makes up that virus, each time it infects a file. Hypothetically, this implies that an antivirus program can never detect it. Obviously, when the virus has been detected and inspected by an antivirus program and it can only be detected if multiple files are infected by the same fingerprint of a virus. That is the reason antivirus programs need constant and successive updates to recognize the most recent viruses.
5. Sometimes, these viruses either modify the antivirus program with the goal that it can not recognize the virus or they infect the antivirus program itself and make it complicit in spreading the virus . In the above both cases, the infected antivirus program shows that “Your PC is free of the virus” message while the virus is cheerfully spreading all through your PC.
HOW ANTIVIRUS PROGRAMS WORK.
An antivirus program fills two needs: one, to detect and remove any viruses on your system, and two, to prevent any viruses from infecting your system in any case. To detect and remove viruses, antivirus programs depend on a database of virus signatures. Your antivirus program examines each time on your hard disk, searching for instances of these virus signatures.
You must be careful about keeping your antivirus program updated with the most updated library of known virus signatures or newly found dangers may not be detected during the speed. Consequently, antivirus programs can never be 100 percent effective against viruses.
Since scanning for virus signatures can never prevent against unknown viruses, antivirus programs likewise use something known as Heuristic Analysis, which includes checking for unknown behavior. When Heuristic Analysis identifies suspicious action. It can warn you to prevent the suspicious program from running.
Antivirus programs are just as helpful as their virus signature databases. Since it’s not possible for one company to detect and remove each new virus that shows up so antivirus companies help out each other. The time at which one antivirus company detects a new virus signature, it shares the data to other antivirus companies. This plan helps all antivirus companies stay up to date with the latest virus signature.
THE FUTURE VIRUS THREAT.
As the internet world changes, the virus dangers are being replaced by more up to date different kinds of malware. In any case, despite the diminishing danger from viruses, antivirus programs are still important to ensure that your system works against a wide range of malware, not only viruses. What’s more ? to truly be safe, you at last need to apply your own healthy dose of common sense and practice safe internet habits.
More on Security Topics :