Tuesday, January 28, 2020

A Literature Review Regarding Virus Protection

A Literature Review Regarding Virus Protection Although most of the people think that there is nothing to do a research in the area of computer virus protection, there are more and more things to research as everyday more than 200 computer malware are created by the virus creators. In the modern world most of the people are using computers in their day-to-day activities. So it is more important to have knowledge of computer viruses and protecting the computers from those viruses. begin{sloppypar} end{sloppypar} Identifying what the computer viruses are, their types, the threat to the computer from computer viruses, the present situation of computer viruses and prevention mechanisms from the computer viruses are the objectives of this literature review. end{abstract} section{Introduction} As the usage of the computers and creation of computer viruses are increasing all over the world, every computer user began to search about the computer viruses. But there are other various kinds of software like worms and Trojans that can do some harm to the activities of the computer other than the viruses. Although they are different from computer viruses, the computer users are used to call those other types of malicious software viruses. begin{sloppypar} end{sloppypar} Though there is no any real definition for the computer viruses, they can be considered as special kind of software programs that have the ability of self replicating over executable files reside in the computer and do some interruption to the activities of the computer. As the computer viruses are spreading only when the executable files are executing, the viruses can effect only for the executable files in the infected computer. So most of the time the files with .EXE , .COM , .BAT , .SYS extensions are infected. A computer virus can be written with a few lines of programming codes in any programming language. Any person who has a personal computer can write a computer virus and send it to another computer or system far away from the computer which produced the virus through a network or any disk. These viruses can destroy any massive computer system or network easily within few seconds. begin{sloppypar} end{sloppypar} Computer viruses which do less harm to the computers are only spreading over the computers and computer networks. They do not do any dangerous harm to the computers other than just replicating them in the system. The most dangerous type of viruses effect to the computers by changing the content of the files, partially of completely deleting the files reside in the computer. The data stored in the computer can be lost by infecting these kinds of computer viruses. These types of computer viruses cannot be catch by examining the files in the computer. But only the destruction they have done to the computer will remain. So capturing these viruses is the more difficult thing. begin{sloppypar} end{sloppypar} Preventing or protecting from computer viruses not only mean installing an anti virus program and scan the files by getting use of the anti virus program but also awareness of the computer viruses or malicious software and practicing best practices when using a computer. But most of the time most of the computer users trust various anti virus programs to protect their systems against computer viruses. Various anti virus programs use various methods or procedures to capture viruses and other types of malicious software. But with any of the computer protection method, they cannot fully protect the computer from computer viruses or malicious software. The next session of this review is considered about what are the types of Malware and how they infected to computer system. cite{1} newpage section{Types of malware} There is no standard method to categorize viruses into various types. But when we consider current situation of computer viruses in the world we can basically declare types of malware as follows, begin{itemize} item Trojan item Worms item Viruses end{itemize} subsection{Trojan} Trojan viruses do not reproduce in the computer but after a Trojan virus enters into the computer they just allow the outside persons to read the files reside in the computer. Usually Trojans steal passwords and send e-mails to hackers. Then the hacker will get the control of the users account. cite{2} subsection{Worms} Worms are kind of computer viruses copy and spread over the computer networks. It does not need a host to spread. Once they multiplied in a computer, the copied viruses scan the network for further multiplying and spreading via the network.cite{2} subsection{Viruses} Computer viruses are a program, a block of executable code which attaches itself to. It overwrites or replaces some code of computer program without knowing of computer user. A virus always needs a host program to reside. The virus is in its idle state till the host program it resides executes. When the host program executes the bock of code of the virus also executes and searches for another location which it can infect. The computer viruses can be categorized into number of categories like Resident Viruses, Direct Action Viruses, Overwrite Viruses, Boot Viruses, Macro Viruses, Directory Viruses, Polymorphic Viruses, File Infectors, Companion Viruses, FAT Viruses. cite{2} begin{itemize} item Resident Viruses Permanent viruses reside in the RAM item Direct Action Viruses This type of virus spreads and does its work when it is executing. item Overwrite Viruses These viruses delete the content of the files reside in the computer. item Boot Viruses This kind of virus infects to a boot sector of the hard drive or floppy. A boot virus can be infected to the boot sector of the computer by booting the computer from an infected floppy disk. item Directory Viruses These viruses change the path of a file. item Polymorphic Viruses These are encrypting their own code with different algorithms every time they enter into a system. item File Infectors Infect programs or executable files. They infect to a file when the program attached to it executes. item Companion Viruses These are working like resident viruses or direct action viruses. item FAT Viruses These infect to the file allocation table. item Macro Viruses This kind of virus infects to the files that have created using programs that contain macros. Currently most of the times they are affecting to Word 6, WordBasic and Excel as macros are created by WordBasic. In the present situation of the computer viruses, 15 percent of the viruses are macro viruses. On daily basis macro viruses are created by the computer users in their machines. New macro viruses are creating due to corruption, mating and conversion. Macro viruses are the most destructive kind of a virus. Most of the traditional anti virus programs are unable to detect those new macro viruses. cite{2} end{itemize} newpage section{How Viruses affect and infect to the system} begin{figure}[h] par includegraphics[bb =0 0 100 325 ]{virus.png} caption{Malware Detected by Year} cite{10} par end{figure} If the virus generation speed is greater than its death rate, a virus can easily spread within a short period of time. Figure1 shows how Malware spread with time. All the computer viruses do not activate at the time they enter into the computer. But sometimes they activate after some period of entering it into the personal computer or computer system. Some of them will never activate and some will activate and do harm to the files in the system or change the content of the files, format the hard disk, show a picture in the background. begin{sloppypar} end{sloppypar} There are lots of ways which a virus can enter into a computer. Most of the time, they spread and enter into a new computer through a computer network. With a removable media, it is possible to spread a virus. By downloading some games or software through a web site, a virus can enter into a new system. In the past there was a guarantee that the web sites do not contain viruses. But in the present situation, there is no guarantee that the web sites do not contain viruses. begin{sloppypar} end{sloppypar} Trapdoor is another common way of entering a virus into a system. Trapdoors are sometimes created by the programmers who developed the software to avoid going through the security procedure or avoid entering passwords during the period of time the system or software is developed. As a trapdoor is a way to enter into a system without entering a password, a virus can easily enter into a system through a trapdoor. begin{sloppypar} end{sloppypar} If have the attention to the new computer viruses, the code of some newly created computer viruses are encrypted so that the anti virus software cannot catch them. cite{3} section{Protection from computer viruses} To spread a virus from one computer to another, it should have the permission or ability to execute its code and do some modifications or completely delete the files other than the file the virus currently residing. According to those facts, protection from computer viruses means prevent the computer virus from copying it self to another location, the computer virus does not contain or avoid modifying or deleting the other files the computer virus does not reside. begin{sloppypar} end{sloppypar} If the content of a file has modified or edited without knowledge of the user, the user can suspect that a virus has been infected to the computer. Other than that when a virus has attacked a system, sometimes the performance of the computer can be reduced, various error messages are displayed or use some storage space from disk drives unexpectedly. begin{sloppypar} end{sloppypar} Worms normally find addresses to spread and they capture the addresses in three ways. Worms begin{itemize} item Randomly generate addresses item Find addresses in system tables item Find addresses in a program end{itemize} Protection against worms can include, begin{itemize} item Put passwords that cannot easily guess. item Remove some processes which reveal the secured data in the system. item Apply some solutions to the bugs. end{itemize} As worms are rapidly spread over networks and they are trying to overload the networks, protecting from worms include monitoring network activities and do isolation and deactivation of some parts of the network. begin{sloppypar} end{sloppypar} When it comes to protecting computers from viruses, the simplest things the user can do is always backup the data reside in the computer. But it is not a proper solution to deal with the computer viruses. As most of the computer users are now aware of the computer viruses they control write privilege to computer programs. After infecting a virus to a program since it changes the content of the file, there are some kind of software that can be used to check the content for irregular changes in its content. cite{4,12} section{Anti virus software programs} When protecting a computer from computer viruses with the help of an anti virus program, the service providers of those anti virus programs are providing their service to its clients in number of different ways. Some of the vendors or anti virus software are waiting for a request from a user for their product. After the client or the user requests, the service provider provides their service to the user. Another kind of anti virus vendor automatically downloads and installs their product into clients machine without the knowledge of the user. Some of the vendors are sending emails to the computer users mentioning the availability of their product. However some of those above mentioned ways have some ethically not relevant procedures. begin{sloppypar} end{sloppypar} Though thousands of anti virus programs, designed by programmers are there to detect computer viruses, they cannot play a perfect role in detecting computer viruses. More viruses are written for a new platform is the reason for that. To detect those new viruses, new detection technologies should be invented. There are number of computer virus detection methods. begin{sloppypar} end{sloppypar} Over some years ago, only the known viruses could be detected by anti virus programs. What those anti virus programs did were, selecting a string from known viruses and when a scan for viruses is started, anti virus program searches for files include that string and detect that file as an infected file. This method of detecting computer viruses looked only for static characteristics of known computer viruses. But as thousands of computer viruses are creating within a year, the industry people started to create anti virus programs that are detecting unknown computer viruses too. These methods are called heuristic method. begin{sloppypar} end{sloppypar} As computer virus infection has become a huge threats to who owns a computer and who uses computers. Most of the computer users are today getting the service of an anti virus program to detect malicious software or computer viruses. Getting use of an anti virus software is the most secured and popular way to protect the computers from malicious software. Anti virus programs identify the malicious software in two main approaches. begin{itemize} item They use a string matching approach to identify previously known viruses or malicious software. item The second method the anti virus programs use is capturing abnormal behaviors of any computer program running on the computer. end{itemize} begin{sloppypar} end{sloppypar} In string matching approach, the anti virus programs are getting use of a virus dictionary which contains the codes of previously known viruses. When an anti virus program starts to scan a file it refers to the virus dictionary and when it finds a block of code in the scanned file which also included in the virus dictionary, it quickly takes an action against the suspicious file. cite{5} begin{sloppypar} end{sloppypar} If an anti virus program uses capturing abnormal or suspicious behaviors, it monitors the behavior of the file which is scanning and if the file behaves abnormally the anti virus program detect the file as infected file an take an action against that. By using this method, the new viruses can also be detected. cite{5} subsection{The problem in virus dictionary method} As virus creators are now aware of virus detection methods, they are now writing the viruses so that the codes of the virus as encrypted codes when it is in a program. Otherwise they write the virus programs so that the code of itself doesnt look same as the real code of it. Because of those two reasons, the anti virus program cannot detect the infected file by matching the strings using the virus dictionary. The other problem of this method is it cannot detect a new virus which doesnt contain in the virus dictionary. subsection{The problems of detecting a virus by its behavior} As this method is searching for a suspicious behavior of the file that is being scanning, a files that shows abnormal behavior which has not been attacked by a virus or malicious software can also be detected as an infected file by the anti virus program. If the user gets an action against that file sometimes that non infected file can also be deleted. So modern anti virus programs do not use this approach to detect a virus. There are some fake anti virus software which do not clean or protect the computers. These fake anti virus software come with names which are similar to other real anti virus software. When a user sees such a fake anti virus software the user feels that this ant virus software is a real one and then he install than fake anti virus software into the computer. After installing that fake one in the computer, it displays fake messages saying there are some viruses in the computer and to remove it from the computer pay some amount of money. As these kinds of fake anti virus software are there with only the aim of earning money, the computer users must aware of that kind of fake anti virus software too. begin{sloppypar} end{sloppypar} Although there are so many anti virus software to detect computer viruses, the latest computer viruses cannot easily be caught by even the latest anti virus software programs as the code of virus is encrypted. What the virus creators do to hide the source code of the virus is encrypting the code of the virus and sends it to the computers. So the anti virus software cannot easily understand the code and they cannot catch that file as a suspicious file. Some virus creators encrypt the code and keep the key to decrypt in another file to make it more difficult for the anti virus software to find the virus. But good anti virus software, which have used good algorithms, should be able to detect those computer viruses too. cite{6,7} subsection{Most trusted anti virus software} cite{11} begin{itemize} item BitDefender Antivirus 2010 BitDefender is using advanced heuristic detection method and provides protection against online viruses, spyware,phishing scams and more. This provides protection by scanning web, IM and emails and this is capable of encrypting the IM s too. One of the new features BitDefender looking for is Active Virus Control which monitor the behavior of a file continuously. cite{13} item Kaspersky Anti-Virus 2010 Provides protection from viruses, Trojans, bots, worms and spyware. The interfaces and tools used are advanced but this provides agreat protection against most of the real threats. cite{14} item Webroot AntiVirus with SpySweeper 2010 This is a desktop anti virus package and protect the computer from viruses,trojans,worms and other number of malware. This catches the malware before the malware does any harm to the computer. cite{15} item Norton AntiVirus 2010 Uses signature based protection. However provides a new features like the proactive reputation scanning. But uninstalling the software might cause some problems as its partial uninstallation. cite{16} item ESET Nod32 Antivirus 4 Kind of desktop anti virus software. But this doesnt provide a complete security and misses some protection. This is not in the competition with other anti virus software. cite{17} item AVG Anti-Virus 9 Includes antivirus and antispyware protection. provides complette protection from harmful downloads and web cites. cite{18} item F-Secure Anti-Virus 2010 Great desktop anti virus. Has one of the most effective scan procedure and test results are shown to prove that. When installing this anti virus software, it has been automatically configured to remove the other anti virus software installed to the computer. cite{19} item G DATA AntiVirus 2011 Uses two distinct antivirus scanning engines, behavioral/heuristic protection, and even self-learning fingerprinting.This provides protection against malware spreading via emails and IM. The types of malware which are detected by this anti virus software are,phishing scams, dialers, adware, malicious scripts, Trojans, rootkits and worms. cite{20} end{itemize} section{Getting use of a firewall} The firewall is a kind of a program design to protect the computer from harmful things that are coming from the internet. Firewalls are divided into two categories as hardware firewall and software firewall. begin{sloppypar} end{sloppypar} Hardware firewalls are some kind of small hardware which can control the data coming from multiple computer systems. Software firewalls are kind of software that have the ability to block suspicious data coming to the computer from the internet. So to protect the computer from viruses and other kind of malicious software a software firewall and hardware firewall can be use. cite{5} section{Best practices to protect the computer from computer viruses} Though there are thousands of anti virus software are there, the computer users are also having the responsibility of protecting the computer when using the computer. They have to follow some best practices when they use a computer. begin{itemize} item Although the computer user is the owner of the computer he should not always log into the computer with the administrator privileges. If they log into the computer as a normal user, some kinds of viruses will not be able to enter into the computer. item A computer user should avoid from installing some anti virus software or some other software in some other persons computer. item As some viruses are coming with email attachments, when opening emails it is good to not to open emails from unknown addresses. item When downloading and installing anti virus software, download a recommended anti virus software. end{itemize} newpage section{Conclusion} According to the researchers, each and everyday over 200 computer viruses which can destroy a whole computer system within a few seconds are released by the computer virus creators. The worst thing that result an inflection is loosing data the reside in the computer. begin{sloppypar} end{sloppypar} Most of the time, these kind of destructions happen because of the lack of awareness of the computer users about the computer viruses. To mitigate the risk of infecting a computer virus to a users computer, the main thing we can do is make the computer users aware about the computer viruses, risks of infecting a computer virus and avoiding from computer viruses. begin{sloppypar} end{sloppypar} The people who have an idea about computer viruses most of the time trust anti virus programs. But just installing an anti virus software is not enough to protect the computer from computer viruses. The computer users also have the responsibility to protect the computer from computer viruses. As most of the time the computer viruses can come with the e-mail attachments, the e-mails from unknown addresses should not be opened. When downloading something from a web site the users should use only the trusted web sites and recommended software. But now there are nothing called trusted web sites. Even the software downloaded from Microsofts web site may contain viruses. Some viruses cannot enter into the computer if the user is logging into the computer with user privilege. So it is good to normally log into the computer with the user privilege. As viruses attack only the executable files, the write permission to those files can be restricted. begin{sloppypar} end{sloppypar} After installing an anti virus software program in a computer,to get the best protection from that anti virus, keeping it up to date is more important. But though there is an anti virus program installed in the computer, when plugging external removable devices into the computer, it should be scanned. begin{sloppypar} end{sloppypar} But the final conclusion which can come through this review is that though there are many protection methods,that are available in the world, a computer user cannot be completely safe from the computer viruses. That means any of the computer protection methods is not perfect in protecting computers from computer malware. newpage begin{thebibliography}{widest entry} bibitem{1} Markus Hanhisalo,emph{computer Viruses},Available at:http://www.tml.tkk.fi/Opinnot/Tik-110.501/1997/viruses.html# 1.Introduction% 20to% 20Computer% 20Viruses bibitem{2} Top Bits,2010, {http://www.topbits.com/types-of-computer-viruses.html} bibitem{3} McAfee,emph{An Introduction to Computer Viruses and other Destructive Programs},Available at: http://www.mcafee.com/common/media/vil/pdf/av_white.pdf bibitem{4} Stanley A. Kurzban, emph{Defending against viruses and worms},Available at:http://portal.acm.org/citation.cfm?id=68697 bibitem{5} emph{How AntiVirus Works},Available at:http://www.antivirusware.com/articles/how-anti-virus-works.htm bibitem{6} emph{How does anti-virus software work?},Available at:http://www.antivirusworld.com/articles/antivirus.php bibitem{7} emph{How Antivirus Software Detect Computer Viruses},Available at:http://security-antivirus-software.suite101.com/article.cfm/how-antivirus-software-dete bibitem{8} emph{What Is A Computer Virus? An Introduction To Computer Viruses},Available at:http://www.computertipsfree.com/computer-tips/security-tips/what-is-a-computer-virus-an-introduction-to-computer-viruses/ bibitem{9} http://www.washington.edu/itconnect/security/tools/ bibitem{10} Tech Bitz, http://tech-bitz.com/2008/04/05/virus-and-spyware-threat-is-larger-than-ever-before-anti-virus-companies-struggle-to-keep-up-with-flood-of-spyware/ bibitem{11} emph{AntiVirus Software Review },http://anti-virus-software-review.toptenreviews.com/ bibitem{12} Charles P. Pfleeger,Shari Lawrence Pfleeger emph{Security in Computing (4th Edition) } bibitem{13} emph{BitDefender AntiVirus Review },http://anti-virus-software-review.toptenreviews.com/bitdefender-review.html bibitem{14} emph{Kaspersky Anti-Virus 2010 },http://anti-virus-software-review.toptenreviews.com/kaspersky-review.html bibitem{15} emph{Webroot AntiVirus with SpySweeper Review },http://anti-virus-software-review.toptenreviews.com/webroot-antivirus-review.html bibitem{16} emph{Norton AntiVirus 2010 },http://anti-virus-software-review.toptenreviews.com/norton-review.html bibitem{17} emph{Trend Micro AntiVirus + AntiSpyware },http://anti-virus-software-review.toptenreviews.com/pc-cillin-review.html bibitem{18} emph{AVG Anti-Virus 9 },http://anti-virus-software-review.toptenreviews.com/avg-review.html bibitem{19} emph{F-Secure Anti-Virus Review },http://anti-virus-software-review.toptenreviews.com/f-secure-review.html bibitem{20} emph{G DATA AntiVirus 2011 },http://anti-virus-software-review.toptenreviews.com/antiviruskit-review.html end{thebibliography} end{document}

No comments:

Post a Comment