Virus Counter Measures

By: Jesse Miller

The ideal solution to the threat of virus is prevention. Do not allow a virus to get into the system in the first place. This goal is, in general, impossible to achieve, although prevention can reduce the number of successful viral attacks. Best approach would be detecting, identifying, and removing.

If detection succeeds but either identification or removal is not possible, then the alternative is to discard the infected program and reload a clean back up version.

Advances in virus and antivirus technology go hand in hand. Early viruses were relatively simple code fragments and could be identified and purged with relatively simple code fragments and could be identified and purged with relatively simple antivirus software packages. As the virus arms race has evolved, both viruses and, necessarily, antivirus software have grown more complex and sophisticated.

There are four generations of antivirus software. First generation scanner requires a virus signature to identify a virus. The virus may contain "wild cards" but has essentially the same structure and bit pattern in all copies. Such signature-specific scanners are limited to the detection of known viruses. Another type of first-generation scanner maintains a record of the lengths of programs and looks for changes in length.

A second generation scanner does not rely on a specific signature. Rather, the scanner uses heuristic rules to search for probable virus infection. One class of such scanners looks for fragments of code that are often associated with viruses.

A scanner may look for the beginning of an encryption loop used in a polymorphic virus and discover the encryption key. Once the key is discovered, the scanner can decrypt the virus to identify it, then remove the infection and return the program to service.

Another second-generation approach is integrity checking. A checksum can be appended to each program. If a virus infects the program without changing the checksum, then an integrity check will catch the change. To counter a virus that is sophisticated enough to change the checksum when it infects a program, an encrypted hash function can be used.

Quick Note: Taking the Nonsense out of looking for the right spyware remover

If you really want to take the work out of looking for that right Spyware Protection from a go to the Internet and get a or a Free
Download, In order to prevent your vital information from being ripped from your computer get your Remover Today.

The encryption key is stored separately from the program so that the virus cannot generate a new hash code and encrypt that. By using a hash function rather than a simpler checksum, the virus is prevented from adjusting the program to produce the same hash code as before.
Technology can be used in productive way or destructive way.

Share this article :

Most Read
• Fair Measures Corporation: A case study in online ‚Äúthinking outside the box‚ÄĚ, by Philippa Gamse
• Precautionary Measures For Hernia, by kevinp
• Preventive Measures Against Floods, by Imarket247
Top Searches on Security
•  Spyware And Virus Removal•  Free Virus Spyware Removal