Antivirus: Still the hero that it once was? Essay Sample
- Word count: 1284
- Category: computer
Get Full Essay
Get access to this section to get all help you need with your essay and educational issues.Get Access
Antivirus: Still the hero that it once was? Essay Sample
In today’s world almost every home in the world has at least one computer. Computers have become a very beneficial tool; however there are many malicious programs that can harm computers, for example viruses, Trojans, and worms. We use different tools to protect computers such as antivirus software. Even with antivirus software viruses find a way to get in computer. The primarily reason is because many viruses are becoming more sophisticated to the point where the viruses attacking the antivirus software itself. (Latamore 24) Or the problem could be the type of method that is used by the antivirus and is affecting its performance. Because viruses and other harmful program are evolving to the point where antiviruses cannot stop them, people need to learn how to prevent viruses form entering their computer and how to have a clean computer. II. There are different types of viruses that can attack computers; every type of virus has its own specialty. a. A virus is a simple program that spreads by infecting files in areas of a computer or a router’s hard drive and then making copies of itself.
Some viruses will do no damage but just spread form computer to computer and there are others that will destroy files. Viruses spread primarily through email messages and when people share portable media device, for example USB drives and floppy disks. (Virus 1) b. A worm is a type of virus that take up valuable memory that can cause a computer to stop responding and allow attackers to access the computer remotely.(Virus 4) for a worm to enter a computer there needs to be a system weakness for it to replicate, often spreading from computer to computer .(Worms) i. One of the most famous worms was made by a man name Robert Morris, it caused major havoc on the internet. He used three separate attacks, one was rsh, and this is a spawn process on a remote machine. The other one was sendmail, it was an error that allows a message to send itself and start. The last and best one is the buffer overflow, this was a uncheck process that was a major weakness to take over the system.(Worms) c. A Trojan horse is a computer program that is hiding potentially damaging programs. It simulates itself doing one action while it is performing a harmful action on the computer. (Virus 5)
A Trojan is a type of indirect access attack from the inside of the computer. (Bic 5) d. Unlike worms, viruses require some type of action form the computer user, for example opening an email or visiting a malicious website.(Virus 2) III. Each type of virus has its own different way to attack a computer. e. There are viruses that will attack form with in the computer. They can get direct access as a valid process or indirect access via agent.(Bic 14) ii. Browsing, a type of direct access attack is an unauthorized search for unused memory and is typically done by a user who is already inside the computer. (Bic 4) f. Also there are viruses that will attack from the outside using legitimate channels, channels made for legitimate purpose, and illegitimate channels.(Bic14) iii. Viruses and Worms attacks from the outside and using legitimate channels.(Bic 14) iv. Remote execution is a service that allows hackers to upload and start codes remotely and uses legitimate channels.(Bic11) IV. Once a virus is in a computer it will try to spread, each virus has its own different way to spread.(Type 1) g. The main and most used ones are email attachments and rogue booby trapped websites. (Type 5)
V. There are many types of Antiviruses made from different companies, and each antivirus uses its own method to find and delete viruses on computers(How 2) h. One approach antivirus software may use is the Virus dictionary approach. This is where the antivirus software examines a file then refers to a dictionary of known viruses that have been identified by the author of the antivirus software and if a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can delete the file.(How 4) v. Dictionary-based anti-virus software will examine files when the computer system creates, opens, and closes them; this way a known virus can be detected immediately upon receipt. The software will also typically schedule a time to examine all files on the user’s hard drive.(How5) vi. The dictionary approach is considered effective however virus authors have tried to stay a step ahead of such software by writing polymorphic viruses.(How6) 1. A polymorphic virus encrypts parts of themselves or modifies themselves as a method of disguise, so as to not match the virus’s signature in the dictionary.
i. The other approach an antivirus will use is the suspicious behavior approach. (How7) vii. The suspicious behavior approach monitors the behavior of all programs, if one program tries to write data to an executable program, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do. (How 8) viii. The suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. (How 9) j. Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus one could assume that the executable has been infected with a virus. (How 11) k. Another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analyzed for changes which might indicate a virus. (How 11)
VI. Even with all the protection that we get form antivirus software viruses. l. Modern viruses are attacking the antivirus, Mr.Wisniewski makes a very good point in his interview here, “And one for the first things these Trojans do is, first they try to disable the antivirus software itself and then they also try to disable the updater, with the idea that if its undetected at the first site it infected with it, if they can at least prevent your antivirus form never getting an update form the vendor the you might never learns that your infected. And I would say probably half of all the malware we see they try to tamper with your security software, whether it’s your Windows update or your antivirus.” (Wisniewski 6) VII. Conclusion
In today’s world viruses have become more sophisticated to the point where the viruses attacking the antivirus software itself and stopping them from doing their jobs. Viruses now attack the antivirus so the antivirus cannot stop the virus and have the rest of the program finish executing. The type of method antivirus software uses to detect and stop viruses will not make a difference of the effectiveness of the antivirus. It would be best to educate the public about viruses, to stop a virus, and save a computer.
Bic, Lubomir. “Security Threats in Computer Systems” N.d. Microsoft PowerPoint file. “How does anti-virus software work?” Antivirusworld. N.p., n.d. Web. 25 Oct. 2012. <http://www.antivirusworld.com/articles/antivirus.php>. Latamore, Bert. “Cyber Threat Growing More Focused and Sophisticated.” The Seybold Report 10.1 (2010): n. pag. EBSCO Computer Science Index. Web. 8 Nov. 2012. Type Choice. N.p., n.d. Web. 10 Dec. 2012. <http://antivirus-software.topchoicereviews.com/11-ways-computer-viruses-are-spread_216.html>. “Virus Basics.” USCERT. N.p., n.d. Web. 2 Dec. 2012. <http://www.us-cert.gov/reading_room/virus.html>. Wisniewski, Chester. Personal Interview. N.d.
Worms Security Threats in Computer Systems – SixtySec. Dir. Lubomir Bic. Youtube. N.p., n.d. Web. 17 Oct. 2012. <http://www.youtube.com/watch?v=hMgtHkvUARU>.