VIRUSES VS ANTI-

VIRUSES
Virus:

A virus reproduces, usually without your permission or knowledge. In general terms they have an
infection phase where they reproduce widely and an attack phase where they do whatever
damage they are programmed to do (if any). There are a large number of virus types.

History in brief:

1945: Rear Admiral Grace Murray Hopper discovers a moth trapped between relays in a Navy
computer. She calls it a "bug," a term used since the late 19th century to refer to problems with
electrical devices. Murray Hopper also coined the term "debugging" to describe efforts to fix
computer problems.

1949: Hungarian scientist John von Neumann (1903-1957) devises the theory of self-replicating
programs, providing the theoretical foundation for computers that hold information in their
"memory."

1960: AT&T introduces its Dataphone, the first commercial modem.

1963: Programmers develop the American Standard Code for Information Interchange (ASCII), a
simple computer language that allows machines produced by different manufacturers to
exchange data.

1964: AT&T begins monitoring telephone calls to try to discover the identities of "phone freaks,"
or "phreakers," who use "blue boxes" as tone generators to make free phone calls. The team's
surveillance chief tells Newsweek magazine in 1975 that the company monitored 33 million toll
calls to find phreakers. AT&T scores 200 convictions by the time the investigation ends in 1970.

1969: Programmers at AT&T's Bell Laboratories develop the UNIX operating system, the first
multi-tasking operating system.

1969: The Advanced Research Projects Agency launches ARPANET, an early network used by
government research groups and universities, and the forerunner of the Internet.

1972: John Draper, soon to be known as "Captain Crunch," discovers that the plastic whistle in a
box of breakfast cereal reproduces a 2600-hertz tone. With a blue box, the whistle unlocks
AT&T's phone network, allowing free calls and manipulation of the network. Among other
phreakers of the 1970s is famous future hacker Kevin Mitnick.

VIRUS VS ANTIVIRUS - 1 -
1972: Future Apple Computer co-founder Steve Wozniak builds his own "blue box." Wozniak
sells the device to fellow University of California-Berkeley students.

1974: Telenet, a commercial version of ARPANET, debuts.

1979: Engineers at Xerox Palo Alto Research Center discover the computer "worm," a short
program that scours a network for idle processors. Designed to provide more efficient computer
use, the worm is the ancestor of modern worms -- destructive computer viruses that alter or erase
data on computers, often leaving files irretrievably corrupted.

1983: The FBI busts the "414s," a group of young hackers who break into several U.S.
government networks, in some cases using only an Apple II+ computer and a modem.

1983: University of Southern California doctoral candidate Fred Cohen coins the term "computer
virus" to describe a computer program that can "affect other computer programs by modifying
them in such a way as to include a (possibly evolved) copy of itself." Anti-virus makers later
capitalize on Cohen's research on virus defense techniques.

1984: In his novel, "Neuromancer," author William Gibson popularizes the term "cyberspace," a
word he used to describe the network of computer through which characters in his futuristic
novels travel.

1986: One of the first PC viruses ever created, "The Brain," is released by programmers in
Pakistan.

1988: Twenty-three-year-old programmer Robert Morris unleashes a worm that invades

ARPANET computers. The small program disables roughly 6,000 computers on the network by
flooding their memory banks with copies of itself. Morris confesses to creating the worm out of
boredom. He is fined $10,000 and sentenced to three years' probation.

1991: Programmer Philip Zimmerman releases "Pretty Good Privacy" (PGP), a free, powerful
data-encryption tool. The U.S. government begins a three-year criminal investigation on
Zimmerman, alleging he broke U.S. encryption laws after his program spread rapidly around the
globe. The government later drops the charges.

1991: Symantec releases the Norton Anti-Virus software.

1994: Inexperienced e-mail users dutifully forward an e-mail warning people not to open any
message with the phrase "Good Times" in the subject line. The missive, which warns of a virus
with the power to erase a recipient's hard drive, demonstrates the self-replicating power of e-mail
virus hoaxes that continue to circulate in different forms today.

1995: Microsoft Corp. releases Windows 95. Anti-virus companies worry that the operating
system will be resistant to viruses. Later in the year, however,
evolved "macro" viruses appear that are able to corrupt the new Windows
operating system.

1998: Intruders infiltrate and take control of more than 500 military,
government and private sector computer systems. The incidents -- dubbed "Solar Sunrise" after

VIRUS VS ANTIVIRUS - 2 -
the well-known vulnerabilities in computers run on the Sun Solaris operating system -- were
thought to have originated from operatives in Iraq. Investigators later learn that two California
teenagers were behind the attacks. The experience gives the Defense Department its first taste
of what hostile adversaries with greater skills and resources would be able to do to the nation's
command and control center, particularly if used in tandem with physical attacks.

1999: The infamous "Melissa" virus infects thousands of computers with alarming speed, causing
an estimated $80 million in damage and prompting record sales of anti-virus products. The virus
starts a program that sends copies of itself to the first 50 names listed in the recipient's Outlook e-
mail address book. It also infects Microsoft Word documents on the user's hard drive, and mails
them out through Outlook to the same 50 recipients.

May 2000: The "I Love You" virus infects millions of computers virtually overnight, using a
method similar to the Melissa virus. The virus also sends passwords and usernames stored on
infected computers back to the virus's author. Authorities trace the virus to a young Filipino
computer student, but he goes free because the Philippines has no laws against hacking and
spreading computer viruses. This spurs the creation of the European Union's global Cyber crime
Treaty.

2000: Yahoo, eBay, Amazon, Datek and dozens of other high-profile Web sites are knocked
offline for up to several hours following a series of so-called "distributed denial-of-service attacks."
Investigators later discover that the DDOS attacks -- in which a target system is disabled by a
flood of traffic from hundreds of computers simultaneously -- were orchestrated when the hackers
co-opted powerful computers at the University of California-Santa Barbara.

2001: The "Anna Kournikova" virus, promising digital pictures of the young tennis star, mails itself
to every person listed in the victim's Microsoft Outlook address book. This relatively benign virus
frightens computer security analysts, who believe it was written using software "toolkit" that allows
even the most inexperienced programmer to create a computer virus.

July 2001: The Code Red worm infects tens of thousands of systems running Microsoft Windows
NT and Windows 2000 server software, causing an estimated $2 billion in damages. The worm is
programmed to use the power of all infected machines against the White House Web site at a
predetermined date. In an ad hoc partnership with virus hunters and technology companies, the
White House deciphers the virus's code and blocks traffic as the worm begins its attack.

2001: Debuting just days after the Sept. 11 attacks, the "Nimda" virus infects hundreds of
thousands of computers around the world. The virus is considered one of the most sophisticated,
with up to five methods of infecting systems and replicating itself.

2001: President Bush appoints Richard Clarke to serve as America's first cybersecurity "czar."

2002: Melissa virus author David L. Smith, 33, is sentenced to 20 months in federal prison.

2002: The "Klez" worm -- a bug that sends copies of itself to all of the e-mail addresses in the
victim's Microsoft Outlook directory -- begins its march across the Web. The worm overwrites files
and creates hidden copies of the originals. The worm also attempts to disable some common
anti-virus products and has a payload that fills files with all zeroes. Variants of the Klez worm
remain the most active on the Internet.

VIRUS VS ANTIVIRUS - 3 -
2002: A denial-of-service attack hits all 13 of the "root" servers that provide the primary roadmap
for almost all Internet communications. Internet users experience no slowdowns or outages
because of safeguards built into the Internet's architecture. But the attack -- called the largest
ever--raises questions about the security of the core Internet infrastructure.

Jan. 2003: The "Slammer" worm infects hundreds of thousands of computers in less than three
hours. The fastest-spreading worm ever wreaks havoc on businesses worldwide, knocking cash
machines offline and delaying airline flights.

PICTORIAL:

VIRUS VS ANTIVIRUS - 4 -
 SICRAM 32

VIRUS VS ANTIVIRUS - 5 -
Virus Behaviour:

Viruses come in a great many different forms, but they all potentially have two phases to their
execution, the infection phase and the attack phase.

Infection Phase:

Virus writers have to balance how and when their viruses infect against the possibility of
being detected. Therefore, the spread of an infection may not be immediate.

When the virus executes it has the potential to infect other programs. What's often not clearly
understood is precisely when it will infect the other programs. Some viruses infect other programs
each time they are executed; other viruses infect only upon a certain trigger. This trigger could be
anything; a day or time, an external event on your PC, a counter within the virus, etc. Virus writers
want their programs to spread as far as possible before anyone notices them.

It is a serious mistake to execute a program a few times - find nothing infected and presume there
are no viruses in the program. You can never be sure the virus simply hasn't yet triggered its
infection phase!

Many viruses go resident in the memory of your PC in the same or similar way as terminate and
stay resident (TSR) programs. (For those not old enough to remember TSRs, they were
programs that executed under DOS but stayed in memory instead of ending.) This means the
virus can wait for some external event before it infects additional programs. The virus may silently
lurk in memory waiting for you to access a diskette, copy a file, or execute a program, before it
infects anything. This makes viruses more difficult to analyze since it's hard to guess what trigger
condition they use for their infection.

On older systems, standard (640K) memory is not the only memory vulnerable to viruses. It is
possible to construct a virus which will locate itself in upper memory (the space between 640K
and 1M) or in the High Memory Area (the small space between 1024K and 1088K). And, under
Windows, a virus can effectively reside in any part of memory.
Resident viruses frequently take over portions of the system software on the PC to hide their
existence. This technique is called stealth. Polymorphic techniques also help viruses to infect yet
avoid detection.

Attack phase:

Viruses need time to infect. Not all viruses attack, but all use system resources and often
have bugs.

Many viruses do unpleasant things such as deleting files or changing random data on your disk,
simulating typos or merely slowing your PC down; some viruses do less harmful things such as
playing music or creating messages or animation on your screen. Just as the infection phase can
be triggered by some event, the attack phase also has its own trigger.

NOTE: In 1990, estimates ranged from 200 to 500; then in 1991 estimates ranged from 600
to 1,000 different viruses. In late 1992, estimates were ranging from 1,000 to 2,300 viruses.
In mid-1994, the numbers vary from 4,500 to over 7,500 viruses. In 1996 the number
climbed over 10,000. 1998 saw 20,000 and 2000 topped 50,000. It's easy to say there are
more now.

Virus names:

VIRUS VS ANTIVIRUS - 6 -
A virus' name is generally assigned by the first researcher to encounter the beast. The
problem is that multiple researchers may encounter a new virus in parallel which often
results in multiple names.

What's in a name? When it comes to viruses it's a matter of identification to the general public. An
anti virus program does not really need the name of a virus as it identifies it by its characteristics.
But, while giving a virus a name helps the public at large it also serves to confuse them since the
names given to a particular beast can differ from anti-virus maker to anti-virus maker.

Viruses come into various anti-virus companies around the world at various times and by various
means. Each company analyzes the virus and assigns a name to it for tracking purposes. While
there is cooperation between companies when new viruses are identified, that cooperation often
takes a back seat to getting a product update out the door so the anti-virus company's customers
are protected. This delay allows alternate names to enter the market. Over time these are often
standardized or, at least, cross-referenced in listings; but that does not help when the beast
makes its first appearance.

Types of Viruses
Viruses come in many types; written using many different infection strategies.

Viruses come in a variety of types. Breaking them into categories is not easy as many viruses
have multiple characteristics and so would fall into multiple categories. We're going to describe
two different types of category systems: what they infect and how they infect. Because they are
so common, we're also going to include a category specific to worms.

What They Infect

Viruses can infect a number of different portions of the computer's operating and file system.

These include:

• System Sectors
• Files
• Macros
• Companion Files
• Disk Clusters
• Batch Files
• Source Code
• Worms using Visual Basic

How They Infect

Viruses are sometimes also categorized by how they infect. These categorizations often overlap
the categories above and may even be included in the description (e.g., polymorphic file virus).
These categories include:

• Polymorphic Viruses
• Stealth Viruses

VIRUS VS ANTIVIRUS - 7 -
 • Fast and Slow Infectors
• Sparse Infectors
• Armored Viruses
• Multipartite Viruses
• Cavity (Space filler) Viruses
• Tunneling Viruses
• Camouflage Viruses
• NTFS ADS Viruses

And, in a special category, one might include:

Virus Droppers

Programs that place viruses onto your system but themselves may not be viruses (a special form
of Trojan).

What Viruses Infect:

Viruses can infect a number of different portions of the computer's operating and file system.
These include:

1. System Sector Viruses

These infect control information on the disk itself.
2. File Viruses
These infect program (COM and EXE) files.

3. Macro Viruses
These infect files you might think of as data files. But, because they contain macro programs they
can be infected.

4. Companion Viruses
A special type that adds files that run first to your disk.

5. Cluster Viruses
A special type that infects through the disk directory.

6. Batch File Viruses

These use text batch files to infect.

7. Source Code Viruses

These add code to actual program source code.
8. Visual Basic Worms
These worms use the Visual Basic language to control the computer and perform tasks.

COUNTER STRIKE; ANTI VIRUSES

Anti Virus:

Antivirus (or anti-virus) software is used to prevent, detect, and remove malware,
including computer viruses, worms, and trojan horses. Such programs may also prevent and
remove adware, spyware, and other forms of malware.

History:

VIRUS VS ANTIVIRUS - 8 -
There are competing claims for the innovator of the first antivirus product. Possibly the first
publicly documented removal of a computer virus in the wild was performed by Bernt Fix in 1987.
An antivirus program to counter the Polish MKS vir was released in 1987. Dr. Solomon's Anti-
Virus Toolkit, AIDSTEST and AntiVir were released by in 1988. Dr. Ahn Chul Soo (Charles Ahn,
founder of AhnLab Inc) in South Korea also released the Anti-Virus software called 'Vaccine Ⅰ' in
June 10, 1988. By late 1990, nineteen separate antivirus products were available
including Norton AntiVirus and McAfee VirusScan.[citation needed] Early contributors to work on
computer viruses and countermeasures includedFred Cohen, Peter Tippett, John
McAfee and Ahn Chul Soo.
Before Internet connectivity was widespread, viruses were typically spread by infected floppy
disks. Antivirus software came into use, but was updated relatively infrequently. During this time,
virus checkers essentially had to check executable files and the boot sectors of floppy and hard
disks. However, as internet usage became common, initially through the use of modems, viruses
spread throughout the Internet.

Powerful macros used in word processor applications, such as Microsoft Word, presented a
further risk. Virus writers started using the macros to write viruses embedded within documents.
This meant that computers could now also be at risk from infection by documents with hidden
attached macros as programs.

Later email programs, in particular Microsoft Outlook Express and Outlook, were vulnerable to
viruses embedded in the email body itself. Now, a user's computer could be infected by just
opening or previewing a message. This meant that virus checkers had to check many more types
of files. As always-on broadband connections became the norm and more and more viruses were
released, it became essential to update virus checkers more and more frequently. Even then, a
new zero-day virus could become widespread before antivirus companies released an update to
protect against it.

Identification methods:

There are several methods which antivirus software can use to identify malware.
Signature based detection is the most common method. To identify viruses and other malware,
antivirus software compares the contents of a file to a dictionary of virus signatures. Because
viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but
also in pieces.
Malicious activity detection is another approach used to identify malware. In this approach,
antivirus software monitors the system for suspicious program behavior. If suspicious behavior is
detected, the suspect program may be further investigated, using signature based detection or
another method listed in this section. This type of detection can be used to identify unknown
viruses or variants on existing viruses.
Heuristic-based detection, like malicious activity detection, can be used to identify unknown
viruses. This can be accomplished in one of two ways: file analysis and file emulation.
File analysis is the process of searching a suspect file for virus-like instructions. For example, if
a program has instructions to reformat the C drive, the antivirus software might further investigate
the file. One downside of this feature is the large amount of computer resources needed to
analyze every file, resulting in slow operation.]

VIRUS VS ANTIVIRUS - 9 -
File emulation is another heuristic approach. File emulation involves executing a program in a
virtual environment and logging what actions the program performs. Depending on the actions
logged, the antivirus software can determine if the program is malicious or not and then carry out
the appropriate disinfection actions.

Virus Removal Tool:

A virus removal tool is software for removing specific viruses from infected computers. Unlike
complete antivirus scanners, they are usually not intended to detect and remove an extensive list
of viruses; rather they are designed to remove specific viruses, usually more effectively than
normal antivirus software. Sometimes they are also designed to run in places that regular
antivirus software can't. This is useful in the case of a severely infected computer. Examples of
these tools include McAfee Stinger and the Microsoft Windows Malicious Software Removal
Tool(which is run automatically by Windows update).

Issues of concern:

Performance
Some antivirus software can considerably reduce performance. Users may disable the antivirus
protection to overcome the performance loss, thus increasing the risk of infection. For maximum
protection, the antivirus software needs to be enabled all the time often at the cost of slower
performance (see also software bloat).

Security
Antivirus programs can in themselves pose a security risk as they often run at the 'System' level
of privileges and may hook the kernel both of these are necessary for the software to effectively
do its job, however exploitation of the antivirus program itself could lead to privilege
escalation and create a severe security threat. Arguably, use of antivirus software when
compared to the principle of least privilege is largely ineffective when ramifications of the added
software are taken into account.

Unexpected renewal costs

When purchasing antivirus software, the end-user license agreement may include a clause that
the subscription will be automatically renewed, and the purchaser's credit card automatically
billed, at the renewal time without explicit approval. For example, McAfee requires one to
unsubscribe at least 60 days before the expiration of the present subscription. Norton Antivirus
also renews subscriptions automatically by default.

Privacy
Some antivirus programs may be configured to automatically upload infected or suspicious files to
the developer for further analysis. Care should be taking when deploying antivirus software to
ensure that documents containing confidential or proprietary information are not sent to the
product's developer without prompting the user.

Rogue security applications

VIRUS VS ANTIVIRUS - 10 -
Some antivirus programs are actually malware masquerading as antivirus software, such
as WinFixer and MS Antivirus.

False positives
If an antivirus program is configured to immediately delete or quarantine infected files (or does
this by default), false positives in essential files can render the operating system or some
applications unusable.

VIRUS VS ANTIVIRUS - 11 -
System related issues
Running multiple antivirus programs concurrently can degrade performance and create conflicts. It is sometimes necessary to temporarily disable
virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers. Active antivirus protection may
partially or completely prevent the installation of a major update.

Anti Virus products:

Names and Comparison:

On- Boot-
Mac OS
Software Windows Linux FreeBSD Unix License demand On-access scan time
X
scan scan

Avira AntiVir
Personal - Free Yes No Yes Yes Yes Nagware Yes Yes No
Antivirus

Avira AntiVir
Yes No Yes Yes Yes Proprietary Yes Yes No
Premium

AOL Active Virus

Yes No No No No Freeware Yes Yes No
Shield

Avast! Professional
Yes Yes Yes No No Proprietary Yes Yes Yes
Edition

VIRUS VS ANTIVIRUS - 12 -
Avast! Home Edition Yes No Yes No No Freeware Yes Yes Yes

AVG Anti-Virus Yes No Yes Yes No Proprietary Yes Yes No

AVG Anti-Virus Free Yes No Yes No No Nagware Yes Yes No

Kaspersky AVZ Yes No No No No Freeware Yes No

BitDefender Yes Yes (beta) Yes Yes No Proprietary Yes Yes No

BitDefender Free
Yes No No No No Nagware Yes Yes (withWinpooch) No
Edition

BullGuard Yes No No No No Proprietary Yes Yes No

Yes; Yes; Yes; Only

Clam AntiVirus Yes Yes GPL Yes No
seeClamWin seeClamXav see KlamAVand ClamTk on FreeBSDand Linux

CA Anti-Virus Yes Yes Yes No Yes Proprietary Yes

ClamWin Yes No No No No GPL Yes Yes (withWinpooch) No

VIRUS VS ANTIVIRUS - 13 -
Comodo AntiVirus Yes No No No No Freeware Yes Yes Yes

Dr. Web Yes Yes Yes Yes Yes Proprietary Yes Yes

Dr. Web CureIt Yes No Yes No No Freeware Yes No No

Fortinet FortiClient
Yes No No No No Proprietary Yes Yes No
End Point Security

F-Prot Yes No Yes Yes Yes Proprietary Yes Yes No

F-Secure Yes No Yes No No Proprietary Yes Yes No

G DATA Software Yes No No No No Proprietary Yes Yes No

Yes (SMB
Kaspersky Anti-Virus Yes Yes (beta) Yes (SMB and ENT) Yes Proprietary Yes Yes No
and ENT)

McAfee VirusScan Yes Yes Yes Yes Yes Proprietary Yes Yes No

VIRUS VS ANTIVIRUS - 14 -
NOD32 Yes No Yes Yes Yes Proprietary Yes Yes No

Norman Yes No Yes No No Proprietary Yes Yes No

Norton
Yes Yes Yes Yes Yes Proprietary Yes Yes
AntiVirus (Symantec)

Panda Antivirus Yes No Yes No No Proprietary Yes Yes No

Panda Cloud
Yes No Yes No No Freeware Yes Yes No
Antivirus

PC Tools AntiVirus Yes Yes No No No Proprietary Yes Yes No

PC Tools AntiVirus
Yes Yes No No No Freeware Yes Yes No
Free Edition

Sophos Anti-Virus Yes Yes Yes Yes Yes Proprietary Yes Yes No

Vba32Antivirus Yes No Yes Yes No Proprietary Yes Only on Windows No

VIRUS VS ANTIVIRUS - 15 -
VIPRE Antivirus +
Antispyware Yes No No No No Proprietary Yes Yes
(Sunbelt Software)

VirusBuster Yes No Yes Yes Yes Proprietary Yes Yes No

ZoneAlarm Antivirus Yes No No No No Proprietary Yes Yes

VIRUS VS ANTIVIRUS - 16 -