(pdf) computer virus and protection methods using lab analysis

them from different viruses the hidden Trojan software uses

different methods and it is still not enough to say that they are fully


C.Anti-Virus Programs

There are number of anti-virus programs that detect, block and

delete any malicious programs that are running in the systems.

There are four mechanism and techniques that are being used by

anti-virus softwares which are: (i) Signature based detection (ii)

Heuristic-based detection (iii) Behavioral based detection and (iv)

Cloud-based detection.

1)Signature based detection: Signature based detection is an

essential technique of the anti-virus programs. This method

operates on matching of fingerprints to the file with the

signature of the virus; signature is a series of bytes in the file.

Although this technique has drawbacks like it cannot flag the

malicious file if the signature of the new virus is not created

yet, it is still more promising than other ones in the market.

2)Heuristic-based detection:In this technique anti-virus

programs operate by examining the static file for any

suspicious characteristics without an exact signature match.

This technique may also flag a legitimate file as malicious.

3)Behavioural-based detection:Behavioural-base detection

works by observing suspicious behaviours of the file. This

method operates by executing and unpacking the malcode and

it listens to the keystrokes etc., this technique give anti-virus

program the ability to detect any malicious program in the

computer system [6].

4)Cloud-based detection:Cloud-based techniques identify

malwares by collecting data from different protected

computers and analyzes all the data on the provider’s systems

and sends results to the clients’ system. The decision is made

on the clients’ local system by analyzing the characteristics

and behavioristics of the client [6].


For this research a pragmatic approach was used to get

the required results, and techniques like qualitative method is

used to extract informationabout the computer viruses and

their source codes to analyze and know, how a basic

computer virus works and the basic components of virus

operate [7]. This will lead the research from the very basic

mechanism of the computer virus to the one of the advanced

and sophisticated virus codes which can trick an anti-virus

and disable its functionalities [8]. This also shows what tools

a hacker can use to extract interesting data from the victim’s

machine. After getting the required information it was

applied to those codes to compile it as a working computer

virus. A test computer virus was created to study the working

of a virus where it demonstrates destructive and non-

destructive behaviours. This paper has also studied the

possible defend mechanisms and techniques to prevent such

infection to our computer systems.

Test environment

In our test environment we used virtual machines to

perform our testing, weused different software’s to create

Рефераты:  Реферат набранный на компьютере содержит 16 страниц текста, и ещё 32 рисунка .На каждой текстовой странице 50 строк,в каждой стр

viruses that gave us options to select the type of virus and

payloads we want to use, in our scenario, and we used the

following software tools,

Virus construction tools(i) Virus maker, (ii) JPS virus making

tool, (iii) Internet worm maker thing

In this testing, we created a virus by choosing the specific

payloads and functions and saved iton the test computer, which

was ready to invade computers by just sending them to the target

machine. The purpose of these tests is to observe the operations of

different anti-virus programs to assess if they are able to detect and

block such threat and if yes, then what will be the ratio ofthis


Virus payload Trigger mechanism:

Viruses can use different trigger mechanisms to launch their

attacks on the system or perform any task, if there are a number of

triggering mechanisms, such as, (i) The counter trigger (ii)

Keystroke counter, (iii) Time trigger, and (iv) The system parameter

trigger. There are number of other logics that are used in the

viruses to perform any required task, few of the logical payloads are

1) Date, 2) Time, 3) Disk, 4) space, 5) Country, 6) Video mode, 7)

BIOS, 8) ROM version, 9) Keyboard status, 10) Anti-Virus search,

11) Processor check, 12) Null trigger, 13) Logic bomb, 14) Brute

force attack, 15) Halt the machine, 16) Start making noises, 17)

Fool the video display, 18) Disk Attacker, 19) Damaging hardware,

20) Disk Failure, 21) CMOS battery failure, 22) Monitor Failure, 23)

Keyboard Failure, 24) Stealth Attack, 25) Indirect Attack.

To analyze the virus, we used IDA and ollyDbg software which

provide the result in order to study the ability and structure of a

computer virus.

Creation of computer virus

To create a virus to test these environment JPS virus maker 3.0

was used, which providesthe number options to select the

payloads. In this scenario the most basic payload was selected like

to mute the computer sound. Other payloads were also tested on the


Analysing Virus

Analyzing computer virus is always a bigger task and it requires

some expertise [9]. Here IDA and ollyDbg were used for analyzing

our virus.

Figure 8. JPS Virus Maker GUI for designing our test virus.



2021: microsoft security essentials is recognized one of the worst antiviruses

In October, 2021 the German anti-virus  laboratory AV-Test  published results of complex testing of antiviruses. According to a research, honor the corporate software of Microsoft intended for protection against harmful activity most worse copes with the duties.

Based on the tests which are carried out in July-August, 2021, experts of AV-Test called the best antivirus for Windows 7the solution Kaspersky Internet Security which got 18 points at assessment of level of protection, performance and convenience of using.

Top three included the Trend Micro Internet Security and Bitdefender Internet Security programs which earned 17.5 points. It is possible to learn about provision of products of other anti-virus companies which got to a research from illustrations below:

Specialists awarded Microsoft Security Essentials only 13.5 points. It is more only, than at Comodo Internet Security. The product of Microsoft had the smallest an indicator regarding convenience of work and one of the lowest according to protection level.

Comodo got only 1.5 points for performance, so the product has a serious impact on high-speed performance of a system and considerably slows down work of Windows 7.

Рефераты:  Сенсорика и элементы робототехники — презентация на 🎓

2021: two thirds of antiviruses for android were useless

In March, 2021 the Austrian  laboratory AV-Comparatives specializing in testing of anti-virus software published results of a research which showed uselessness the majority of similar programs for Android.

Only 23 antiviruses, placed in the official Google Play Store directory, precisely will recognize malware in 100% of cases. Other software or does not react to mobile threats, or adopts for them absolutely safe annexes.

Specialists studied 250 antiviruses and reported that only 80% from them can reveal more than 30% of malwares. Thus, 170 applications failed the test. The number of products which coped with tests included generally solutions of large producers, including Avast, Bitdefender, ESET, F-Secure, G-Data, Kaspersky Lab, McAfee, Sophos, Symantec, Tencent, Trend Micro and Trustwave.

Within the experiment researchers installed each anti-virus application on the separate device (without emulator) and automated devices on start of the browser, loading and the subsequent installation of the malware. Each device was tested on the example of 2 thousand by Android viruses most distributed in 2021.

According to AV-Comparatives calculations, the majority of anti-virus solutions for Android are counterfeits. Tens of appendices are had almost identical interface, and their creators are interested in advertizing demonstration obviously more, than in writing of the working virus scanner.

Some antiviruses “see” threat in any application which  is not entered in  their  “white list”. Because of it they, in  a row absolutely  incredible things, gave the alarm because of own files as developers forgot to mention them  in  “white list”.[1]

Analysis of checksums

The analysis of checksums is a method of change tracking in objects of a computer system. On the basis of the analysis of nature of changes – simultaneity, mass character, identical changes of lengths of files – it is possible to draw a conclusion about system infection.

Analyzers of checksums (the name auditors of changes is also used) as well as behavioural analyzers do not use additional objects in work and issue a verdict about presence of a virus in a system only by method of expert evaluation. Similar technologies are applied in scanners at access – at the first check from the file checksum is withdrawn and is located in a cache, before the following verification of the same file the sum is withdrawn once again, compared, and in case of lack of changes the file is considered not infected.

Behavioural analysis

The behavioural analysis – technology in which the decision on the nature of the checked object is made on the basis of the analysis of the transactions executed by it. We will very narrowly put the behavioural analysis into practice as the majority of the actions characteristic of viruses, can be executed also by normal applications.

Classification of antiviruses

Now there is no single system of classification of an anti-virus software.

Classification of antiviruses by an operation mode

The Kaspersky Lab classifies antiviruses by an operation mode:

Check in real time

Heuristic analysis

The heuristic analysis – the technology based on probabilistic algorithms of which work identification of suspicious objects is result. In the course of the heuristic analysis the structure of the file, its compliance to virus templates is checked. The most popular heuristic technology is check of contents of the file regarding existence of modifications of already known signatures of viruses and their combinations. It helps to define hybrids and new versions of earlier known viruses without additional updating of anti-virus base.

Рефераты:  Реферат на тему: Невербальные средства общения

The heuristic analysis is applied to detection of unknown viruses, and, as a result, does not assume treatment. This technology is not capable of 100% to define a virus before it or not and as any probabilistic algorithm sins with false operations.

How antivirus software works

Antivirus software typically runs as a background process, scanning computers, servers or mobile devices to detect and restrict the spread of malware. Many antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.

Antivirus software usually performs these basic functions:

In order to scan systems comprehensively, antivirus software must generally be given privileged access to the entire system. This makes antivirus software itself a common target for attackers, and researchers have discovered remote code execution and other serious vulnerabilities in antivirus software products in recent years.

Rules of prevention of infection of computers

  • Never to open investments in letters from strangers or the organizations.
  • In the operating system to include display of expansions of files.
  • It is obligatory to check expansions of the attached files even if the letter came from the famous sender. If the name of the attached file comes to an end on “dangerous” expansions – at all not to open them. Ask the sender to send files in other format.
  • To timely set updates of the operating system and application programs.
  • Install a license anti-virus software on the computer and monitor that bases of signatures of viruses were regularly updated.

Technologies of the probabilistic analysis

Technologies of the probabilistic analysis are in turn subdivided into three categories:

  • Heuristic analysis
  • Behavioural analysis
  • Analysis of checksums

Technologies of the signature analysis

The signature analysis – the virus detection method consisting in verification of presence in files of signatures of viruses.
The signature analysis is the most known method of virus detection and is used practically in all modern antiviruses. A set of virus signatures which is stored in anti-virus base is necessary for an antivirus for conducting check.

In view of the fact that the signature analysis assumes verification of files on existence of signatures of viruses, the anti-virus base needs periodic updating for maintenance of relevance of an antivirus. The principle of work of the signature analysis also defines limits of its functionality – an opportunity to detect only already known viruses – against new viruses the signature scanner is powerless.

On the other hand, existence of signatures of viruses assumes a possibility of treatment of the infected files detected by means of the signature analysis. However, treatment is admissible not for all viruses – trojans and the majority of worms do not respond to treatment on the design features as are the integral modules created for causing damage.

Competent implementation of a virus signature allows to detect the known viruses with absolute probability.

Technologies of virus detection

The technologies applied in antiviruses can be broken into two groups:

  • Technologies of the signature analysis
  • Technologies of the probabilistic analysis

Virus vs. antivirus – презентация, доклад, проект


Why traditional antiviruses do not cope

The modern malicious code can:

  • Target creation under the company
  • Polymorphism
  • Unknown yet to anybody the code – is not present a signature

It is difficult to be protected

Оцените статью
Реферат Зона
Добавить комментарий