placing itself resident in memory. The behavior these programs monitor is derived from a user-configurable set of rules.

Pattern matching

Using a process called “pattern matching,” the anti-virus software draws upon an extensive database of virus patterns to identify known virus signatures, or telltale snippets of virus code. Key areas of each scanned file are compared against the list of thousands of virus signatures that the anti-virus software has on record.

Whenever a match occurs, the anti-virus software takes the action the user has configured: Clean, Delete, Quarantine, Pass (Deny Access for Real-time Scan), or Rename.

Self Defense Mechanisms Evolved By Viruses

Virus authors of course wish that their child successfully lives. For this reason there are many viruses outfitted with some self-defense mechanisms against anti virus systems.

Passive Defense :

Viruses use a variety of methods to hide themselves from antivirus programs. Passive defense uses programming methods which make analysis of the virus more difficult, e.g. polymorphic viruses which were developed to counter scanners looking for constant strings of virus code.

Today antivirus systems are capable of analyzing polymorphic code and searching for virus identifiers in the decrypted body. The virus authors reacted by making the encryption too complex for antivirus software to unravel, thus mistaking it for a clean program.

Active Self-defense :

Viruses actively defend themselves by protecting their own code or by attempting to damage antivirus software. A simple method is to locate antivirus software databases and amend or delete them.

More sophisticated resident viruses use stealth techniques. When they detect a request to use an infected file, they can temporarily “clean” it or report its original (uninfected) parameters. They can monitor which programs are being executed and react if it is antivirus software. The list of such reactions is endless. Usually, the execution of the antivirus program is refused, but it could be erased (often accompanied by a bogus error message) or the virus suspends its activities while it runs. There are occasionally extremely ‘clever’ viruses which modify the code of a specific AV program to partially disable it.

There are very rare viruses which consider an attempt to run an anti-virus program as arrogant and immediately reply with some revenge action – for example hard disk formatting.

Trap

A trap is the most malicious form of self-defense and works as follows. Although the user’s computer is infected but everything appears to work correctly. Once the user discovers the virus and removes it things get complicated – programs no longer run properly or the hard disk may become inaccessible even when booting from a clean system diskette.

The best known trap virus is One_Half. It continuously encrypts the data on a hard disk (two tracks on every boot). If it is removed from the partition sector before data files are decoded then some files will become inaccessible. At this stage the situation is serious but recovery of the data is still possible. However, if the user runs a disk utility (Scandisk etc.) to repair the damage then the data will almost certainly be lost forever.

These utilities are designed to repair relatively minor damage to file system and do not recognize the encrypted data.

REFERENCE:

1. Mary Landesman “What is a virus?”

http://antivirus.about.com/cs/tutorials/a/whatisavirus.htm

2. NetGuide “What are computer viruses? “–

http://www.netguide.co.nz/knowhow/tutorials/print.php?iid=38

3. Marshall Brain “How Computer Viruses Work”

http://www.Howstuffworks How Computer Viruses Work.htm

4. AVG Anti Virus Free Edition Help

Developed by Grisoft Inc

5. Norton Anti-virus Help

Developed by Symantec Corporation

6. Trend Micro PC-cillin Help

Developed by Trend Micro Inc

7. Peter Norton “Computer Viruses”

Introduction to Computers, Tata McGraw Hill Co:

8. Dr.Solomon ”About Viruses” &”Virus Prevention”

Dr.Solomon’s Virus Encyclopedia, Dr.Solomon’s Software Ltd.

9. C.A.Schmidt ”Virus”

The Complete Computer Upgrade And Repair Text Book,Dreamtech

10. S.Jaiswal “Virus Detection And Elimination”

Information Technology Today, Galgotia Publication Pvt. Ltd.

Barack Obama gets asked a computer science question by Google CEO Eric Schmidt.
Video Rating: 4 / 5