How do anti virus software work?

<< Back to: VIRUS-L/comp.virus Frequently Asked Questions (FAQ) v2.00

Answer by jomatony
Submitted on 3/2/2006
Rating: Not yet rated	Rate this answer:
Virus software has a few methods to detect malicious code (virus, Trojan, stealth, ghost). The first thing to understand is most networks use either TCP/IP RFC 793 or IPX. Both are built with layers (OSI Model) to provide communication across cables, airwaves, etc. These layers break down how the communication will take part between computers. Examples are games versus database access. Virus signatures are patterns that are matched by the antivirus software within these communication layers. Most viruses do have patterns, but some don't. That is when the intelligent engine in the antivirus software takes over. The OSI model has rules applied through RFC793 (www.rfc.net), and when these rules are broken the antivirus program can sense or detect and report. Most antivirus software will offer to delete or contain (quarantine) the malicious code. Remember, the antivirus program runs in the random access memory (RAM or memory) of a computer. All communication from that computer through TCP/IP or IPX is programmed to be monitored by the antivirus software, thus when malicious code is detected it is stopped before it can damage the computer. See www.symantec.com or www.mcafee.com for specific product features. ADOPTED FROM http://expertanswercenter.techtarget.com

Answer by pintu
Submitted on 11/25/2006
Rating: Not yet rated	Rate this answer:
Antivirus Continually and automatically searches for, finds, and removes viruses and other malicious software in a single, powerful operation. How The Anti-Virus System Works For the first two years of its operation, before a message even touched any of the anti-spam or mail services it was scanned for viruses. Beginning on January 30, 2004 our antispam system -- which is actually a 'gateway' in front of our mail server -- now also looks for and stops most potential viral infections. And we still have our -- formerly primary -- backup system waiting in the wings to bag anything the gateway misses. The reality is this now-secondary system is dedicated solely to hunting viruses, and its only a nice bonus that our antispam system does it as well. Our dedicated system uses F-Prot Anti-Virus as its backbone, and we strongly recommend its use for our clients' desktops. Its lean use of system resources, flexibility (it can scan for updated virus definitions as frequently as once every hour) and price (a license for ten -- 10 -- computers costs US$50 at present) make it unbeatable in our view. The dedicated system does more than just run a scan using F-Prot. It also looks for other telltales not caught by the virus-scanning software. Particularly the presence of potentially dangerous macros and scripts which are technically not viruses or worms, but just as dangerous. If a message fails this series of tests it can either be held or deleted outright. Formerly, infected messages were held for several days and then deleted. With the onslaught of the sobig.f virus, volume and storage space requirements are now such that infected messages are now deleted immediately. As of February 3 2004 we have discontinued the infection alerts that were formerly emailed to the intended recipients of infected messages. While we can filter out alerts solely for 'forging' viruses -- those that forge the email address of the sender, thus making such alerts worthless -- the truth is we figure everyone knows by now that we filter viruses, and after two years is sick of looking at the alerts.

FAQS.ORG makes no guarantees as to the accuracy of the posts. Each post is the personal opinion of the poster. These posts are not intended to substitute for medical, tax, legal, investment, accounting, or other professional advice. FAQS.ORG does not endorse any opinion or any product or service mentioned mentioned in these posts.

<< Back to: VIRUS-L/comp.virus Frequently Asked Questions (FAQ) v2.00

[ Home | FAQ-Related Q&As | General Q&As | Answered Questions ]

Question by nav
Submitted on 12/6/2003
Related FAQ: VIRUS-L/comp.virus Frequently Asked Questions (FAQ) v2.00
Rating:	Rate this question:
How do anti virus software work?

Answer by ravisagar434
Submitted on 7/12/2004
Rating:	Rate this answer:
I DON'T KNOW TOO ABOUT BOOT-SECTOR AND ANOTHER MATERIAL BUT GENERELLY AS WE KNOW IN WINDOWS OS ONLY .EXE .BAT .COM AND .DLL CAN BE EXECUTED SO VIRUS DEVELOPER MOSTLY ATTACK ON THAT TYPE OF FILES AND WHEN THE ANTIVIRUS SOFTWARE RUNNING IT CHECK THE STARTING HEADING OF ANY EXECUTABLE OR ANOTHER FILE IS THE STARTING(HEADING) IS SAME WITH ITS OWN DATABASE OF VIRUS THEN IT WILL FOUND THAT THAT IS A VIRUS ..... MY MAIL ADDRESS IS ravisagar434@yahoo.com

Answer by debashis das chaklader,devs
Submitted on 9/28/2005
Rating: Not yet rated	Rate this answer:
I think for .exe,.com,.dll extended files are mainly corrupted by virus finding those filesstart position and then called the mothercopy of virus from "transientportion"s highend memory which is upperportion of userused,then after when that .exe files are executed user see the virus infected portion,but in antivirus case that are strictly secure in that sense that they firstly check "diskbootstrapprog"from where virus genereted and then corrupt it

Answer by Dee
Submitted on 10/30/2006
Rating: Not yet rated	Rate this answer:
No clue

Your name or nickname:
If you'd like to create a new account or access your existing account, put in your password here:
Your answer: