This document discusses computer viruses and antivirus programs. It defines viruses and lists common types like boot sector viruses, file infector viruses, and macro viruses. It then explains how antivirus software works using dictionary and behavior-based approaches to identify viruses. The document provides tips for selecting, configuring, and using antivirus software, including performing regular scans and updates. It also outlines precautions like scanning removable drives and keeping software updated to help prevent virus attacks.
2. Contents:
What is Computer virus ?
Types of viruses
Introduction to Antivirus Program
How an Antivirus works
What to do when suspecting virus attack
General precautions you should take
3. What is a Computer Virus?
A computer virus is a small program written to alter the way a
computer operates, without the permission or knowledge of
the user.With an ability to replicate itself, thus continuing to
spread.Also, known as Malicious Software, a program that can
cause damage to a computer.
The computer viruses can damage or corrupt data, modify
existing data, or degrade the performance of the system by
utilizing resources such as memory or disk space.
5. Boot sector virus
Boot sector viruses generally hide in the boot sector,
either in the bootable disk or the hard drive.
Error message “Invalid system disk”
E.g. Form, Disk Killer, Michelangelo, Stoned.
6. Master Boot Record (MBR) virus
MBR viruses are memory-resident viruses that infect
disks in the same manner as boot sector viruses.
E.g.AntiEXE, Unashamed, NYB
7. File infector virus
File infector viruses infect program files.
Normally infect executable code, such as .COM, .SYS,
.BAT and .EXE files.
E.g. Snow.A, Jerusalem, Cascade
8. Multipartite virus
Multipartite (also known as polypartite) viruses infect
both boot records and program files.
E.g. One_Half, Emperor,Anthrax,Tequilla.
9. Macro virus
Macro viruses infect files that are created using
certain applications or programs that contain macros.
They infect documents created from Microsoft Office
Word, Excel, PowerPoint and Access files.
E.g.W97M.Melissa, Bablas,WM.NiceDay,
W97M.Groov.
10. Computer Worms
Worms are programs that replicate themselves from
system to system without the use of a host file.The
worms are spread through networks like LAN,WAN and
also through Internet.There are various ways by which a
worm spreads, through Internet like E-mails, Messaging
and Chats.
Worms almost always cause harm to the network, like
consuming network bandwidth.
E.g.W32.Mydoom.AX@mm
11. Computer Trojans
Trojan horses are impostors: files that claim to be something
desirable but, in fact, are malicious.Trojan horse programs do
not replicate themselves.Trojan horses contain malicious code
that when triggered cause loss, or even theft, of data.
E.g.Trojan.Vundo
Retrieving user’s critical information. i.e. name, password.
Spreading malware programs i.e.‘dropper’ or ‘vector’.
Erasing or overwriting data on a computer.
Spying on a user to gather his information like browsing habits,
sites visited etc.These are called Spyware.
12. Antivirus Software
An antivirus software is a computer program that identify
and remove computer viruses, and other malicious
software like Worms andTrojans from an infected
computer. Not only this, an antivirus software also
protects the computer from further virus attacks.
We should regularly run an antivirus program to scan and
remove any possible virus attacks from a computer.
15. How an Antivirus works
Using dictionary Approach:
The antivirus software examines each and every file in a
computer and examines its content with the virus
definitions stored in its virus dictionary.
A virus dictionary is an inbuilt file belonging to an
antivirus software that contains code identified as a virus
by the antivirus authors.
16. Using Suspicious Behavior Approach:
Antivirus software will constantly monitors the activity of
all the programs.
If any program tries to write data on an executable file,
the antivirus software will flag the program having a
suspicious behavior, means the suspected program will be
marked as a virus.
The advantage of this approach is that it can safeguard the
computer against unknown viruses also.
The disadvantage is that it may create several false alerts
too.
17. When selecting an Antivirus Software
Real-Time Scanning
The antivirus software is automatically running in the
background on a continuous basis, scanning files and
folders for possible virus attacks as they are opened or
executed, and checking e-mails as they are downloaded.
Most commercial antivirus software provide real time
scanning.
18. Virus Updates
Providing regular updates for the virus dictionary.You
should look for antivirus program that provides free virus
updates on a periodic basis.
With the current outburst in macro and script-based
viruses, virus updates that address the latest threats are
essential.
Most commercial antivirus software in today’s scenario
provide virus updates on daily basis.
19. Configuring your Antivirus software
Adjust the settings to scan all (*all*) files.Also, ensure that
real time scanning is enabled by default.
Create a recovery/reference/cure disk because if a boot
sector or MBR virus attack the system, it may fail to boot.
In that case, recovery cure disk can be used to boot the
system and remove the virus.
Read the vendors manual.This will help you to
understand the advanced options and how to use them
according to your preference.
20. What to do on Suspecting Virus attack?
Disconnect the suspected computer system from the
Internet as well as from the Local Network.
Start the system in Safe Mode or from the Windows boot
disk, if it displays any problem in starting.
Take backup of all crucial data to an external drive.
Install antivirus software if you do not have it installed.
Now, download the latest virus definitions updates from
the internet. (do it on a separate computer)
Perform a full system scan.
21. General precautions you should take
When inserting removable media (floppy, CD, flash drive
etc.) scan the whole device with the antivirus software
before opening it.
If you have internet access, make sure you use internet
security software.
Get Windows updates.
From time to time, update your installed software to
their latest version. E.g. (MS Office,Adobe Reader, java,
Flash player etc.)
Last but not least, you should have an updated antivirus
guarding your PC all time.