ANTIVIRUS
HISTORY
EFFECTIVENESS
IDENTIFICATION METHOD
LIST OF ANTIVIRUS SOFTWARE
�ANTIVIRUS
- is a computer software used to prevent, identify, detect,
remove malicious computer viruses and removes malware
from a computer system.
MALWARE - is any number of viruses and software bits that
intend to harm the computer or steal information, such as
viruses, adware, rootkits, backdoors, hijackers, key loggers,
spyware, Trojans and worms, Browser Helper Objects (BHOs),
and ransom ware.
�IMPORTANCE
Thwarts Virus Attacks
A robust computer antivirus program thwarts attacks from viruses, rogue
software, spyware and other malicious programs. It creates firewalls that prevent
intrusions
Maintains
PC and threats from viruses.
Security
An antivirus program runs in the background, alerting users about virus attacks and
threats. It also detects, quarantines and removes viruses; and maintains a PC's
security
and stability.
Scansoverall
Computer
Drives
and Files
A computer antivirus program thoroughly scans a computer automatically or based on
pre-programmed commands. Fee or subscription-based antivirus programs alert users
about periodic or scheduled scans.
Protects PC
Files An antivirus program protects a PC's entire contents including files, documents,
programs, applications and other data, and prevents damage that might occur due
to sudden or ad-hoc virus threats or attacks.
Secure Online
Pursuits
Millions of users now use the Internet to surf, study, shop, bank, and
entertain. An antivirus program scans emails, attachments, websites,
freeware and media files; warns users about spurious or threatening
websites; and generally secures their online pursuits and overall
�HISTORY
Most of the computer viruses written in the early and mid-1980s were limited to self-reproduction and
had no specific damage routine built into the code. That changed when more and more programmers
became acquainted with virus programming and created viruses that manipulated or even destroyed
data on infected computers. There are competing claims for the innovator of the first antivirus product.
Possibly the first publicly documented removal of a computer virus in the wild was performed by Bernd
Fix in 1987.There were also two antivirus applications for the Atari ST platform developed in 1987. The
first one was G Data and second was UVK 2000. Fred Cohen, who published one of the first academic
papers on computer viruses in 1984, began to develop strategies for antivirus software in 1988 that were
picked up and continued by later antivirus software developers. In 1987, he published a demonstration
that there is no algorithm that can perfectly detect all possible viruses.
In 1987 the first two heuristic antivirus utilities were released: Flushot Plus by Ross Greenberg and
Anti4us by Erwin Lanting.
Also in 1988 a mailing list named VIRUS-L was started on the BITNET/EARN network where new viruses
and the possibilities of detecting and eliminating viruses were discussed. Some members of this mailing
list like John McAfee or Eugene Kaspersky later founded software companies that developed and sold
commercial antivirus software.
�Before internet connectivity was widespread, viruses were typically spread by
infected floppy disks. Antivirus software came into use, but was updated relatively
infrequently. During this time, virus checkers essentially had to check executable
files and the boot sectors of floppy disks and hard disks. However, as internet
usage became common, viruses began to spread online.
Over the years it has become necessary for antivirus software to check an
increasing variety of files, rather than just executables, for several reasons:
Powerful macros used in word processor applications, such as
Microsoft Word, presented a risk. Virus writers could use the macros to write
viruses embedded within documents. This meant that computers could now also
be at risk from infection by opening documents with hidden attached macros.
The possibility of embedding executable objects inside otherwise
non-executable file formats can make opening those files a risk.
Later email programs, in particular Microsoft's Outlook Express, was
vulnerable to viruses embedded in the email body itself. A user's computer could
be infected by just opening or previewing a message.
As always-on broadband connections became the norm, and more and more
viruses were released, it became essential to update virus checkers more and
more frequently. Even then, a new zero-day virus could become widespread
before antivirus companies released an update to protect against it.
�EFFECTIVENESS
Studies in December 2007 showed that the effectiveness of antivirus software had
decreased in the previous year, particularly against unknown orzero day attacks.
The computer magazinec'tfound that detection rates for these threats had
dropped from 40-50% in 2006 to 20-30% in 2007. At that time, the only exception
was theNOD32antivirus, which managed a detection rate of 68 percent.
The problem is magnified by the changing intent of virus authors. Some years ago it
was obvious when a virus infection was present. The viruses of the day, written by
amateurs, exhibited destructive behavior orpop-ups. Modern viruses are often
written by professionals, financed bycriminal organizations.
Independent testing on all the major virus scanners consistently shows that none
provide 100% virus detection. The best ones provided as high as 99.9% detection for
simulated real-world situations, while the lowest provided 91.1% in tests conducted in
August 2013. Many virus scanners produce false positive results as well, identifying
benign files as malware.
�Anti-virus programs are not always effective against new viruses,
even those that use non-signature-based methods that should detect
new viruses. The reason for this is that the virus designers test their
new viruses on the major anti-virus applications to make sure that they
are
notviruses,
detected
before releasing
wild.
Some
new
particularly
ransomthem
ware,into
usethe
polymorphic
code to avoid
detection by virus scanners. Jerome Segura, a security analyst with Proctologic,
explained:
It's something that they miss a lot of the time because this type of [ransom ware
virus] comes from sites that use a polymorphism, which means they basically
randomize the file they send you and it gets by well-known antivirus products very
easily. I've seen people firsthand getting infected, having all the pop-ups and yet they
have antivirus software running and it's not detecting anything. It actually can be
pretty
hard to
get rid has
of, as
well,drawbacks.
and you'reItnever
really acomputer's
sure if it's really gone. When
Antivirus
software
some
can impair
we
see something
like that usually
we advise
to into
reinstall
thesense
operating
system or
performance.
Inexperienced
users can
be lulled
a false
of security
reinstall
backups.
when using
the computer, considering themselves to be totally protected, and
may have problems understanding the prompts and decisions that antivirus
software presents them with. An incorrect decision may lead to a security
breach. If the antivirus software employs heuristic detection, it must be finetuned to minimize misidentifying harmless software as malicious (false positive
).Antivirus software itself usually runs at the highly trustedkernellevel of the
operating systemto allow it access to all the potential malicious process and
�A "false positive" is when antivirus software identifies a non-malicious file as a
virus. When this happens, it can cause serious problems. For example, if an
antivirus program is configured to immediately delete or quarantine infected
files, as is common onMicrosoft Windowsantivirus applications, a false positive
in an essential file can render the Windowsoperating systemor some
applications unusable. Recovering from such damage to critical software
infrastructure incurs technical support costs and businesses can be forced to
close whilst remedial action is undertaken.For example, in May 2007 a faulty
virus signature issued bySymantecmistakenly removed essential operating
Also infiles,
Mayleaving
2007, the
executable
file unable
required
by Pegasus Mail on
system
thousands
of PCs
toboot.
Windows was falsely detected by Norton AntiVirus as being a Trojan and it
was automatically removed, preventing Pegasus Mail from running. Norton
AntiVirus had falsely identified three releases of Pegasus Mail as malware,
and would delete the Pegasus Mail installer file when that happened. In
response to this Pegasus Mail stated:
On the basis that Norton/Symantec has done this for every one of the
last three releases of Pegasus Mail, we can only condemn this product as
too flawed to use, and recommend in the strongest terms that our users
cease using it in favor of alternative, less buggy anti-virus packages.
�Running multiple antivirus programs concurrently can degrade performance and create
conflicts. However, using a concept called multiscanning, several companies (including GData and
Microsoft) have created applications which can run multiple engines concurrently. It is sometimes
necessary to temporarily disable virus protection when installing major updates such as Windows Service
Packs or updating graphics card drivers. Active antivirus protection may partially or completely prevent
the installation of a major update. Anti-virus software can cause problems during the installation of an
operating system upgrade, e.g. when upgrading to a newer version of Windows "in place" without
erasing the previous version of Windows. Microsoft recommends that anti-virus software be disabled to
avoid conflicts with the upgrade installation process.
The functionality of a few computer programs can be hampered by active antivirus software. For exampleTrueCrypt, a disk encryption program, states on its
troubleshooting page that anti-virus programs can conflict with TrueCrypt and
cause it to malfunction or operate very slowly.Anti-virus software can impair the
performance and stability of games running in the Steamplatform.
Support issues also exist around antivirus application interoperability with
common solutions likeSSL VPN remote access andnetwork access control
products.These technology solutions often have policy assessment applications
which require that an up to date antivirus is installed and running. If the antivirus
application is not recognized by the policy assessment, whether because the
antivirus application has been updated or because it is not part of the policy
�IDENTIFICATION METHOD
One of the few solid theoretical results in the study of computer viruses is
Frederick B. Cohen's 1987 demonstration that there is no algorithm that can
perfectly detect all possible viruses.
-Modern antivirus software employs several methods to detect and
remove malware. However, no antivirus software can detect and prevent all
possible malware.
There are several methods which antivirus software can use to
identify
malware:
Signature-based
detection
is the most common method. To identify viruses and other malware,
antivirus software compares the contents of a file to a dictionary of virus
signatures. Because viruses can embed themselves in existing files, the
entire file is searched, not just as a whole, but also in pieces.
�Traditionally, antivirus software heavily relied upon signatures to identify
malware. This can be very effective, but cannot defend against malware
unless samples have already been obtained and signatures created.
Because of this, signature-based approaches are not effective against new,
unknown viruses. As new viruses are being created each day, the
signature-based detection approach requires frequent updates of the virus
signature dictionary. To assist the antivirus software companies, the
Although
theallow
signature-based
approach
effectively
contain
virus
software
may
the user to upload
newcan
viruses
or variants
to the
outbreaks,allowing
virus authors
have
to stay aand
step
ahead
of such
software
company,
the virus
to tried
be analyzed
the
signature
added
to the
by writing "oligomorphic", "polymorphic" and, more recently,
dictionary.
"metamorphic" viruses, which encrypt parts of themselves or otherwise
modify themselves as a method of disguise, so as to not match virus
signatures in the dictionary
HEURISTICS
-Some more sophisticated antivirus software uses heuristic analysis
to identify new malware or variants of known malware.
Many viruses start as a single infection and through either mutation
or refinements by other attackers, can grow into dozens of slightly
different strains, called variants. Generic detection refers to the
detection and removal of multiple threats using a single virus
definition.
�For example:
-the Vundo trojan has several family members,
depending on the antivirus vendor's classification.
Symantec classifies members of the Vundo family into
two distinct categories, Trojan.Vundo and Trojan.Vundo.B
While it may be advantageous to identify a specific virus, it can be quicker to
detect a virus family through a generic signature or through an inexact match to
an existing signature. Virus researchers find common areas that all viruses in a
family share uniquely and can thus create a single generic signature. These
signatures often contain non-contiguous code, using wildcard characters where
differences lie. These wildcards allow the scanner to detect viruses even if they
are padded with extra, meaningless code. A detection that uses this method is
Rootkit
said to be "heuristic detection."
detection
Anti-virus software can attempt to scan for rootkits.
-is a type of malware that is designed to gain administrative-level
control over a computer system without being detected. Rootkits
can change how the operating system functions and in some cases
can tamper with the anti-virus program and render it ineffective.
Rootkits are also difficult to remove, in some cases requiring a
complete re-installation of the operating system.
�- Detecting rootkits is a major challenge for anti-virus programs. Rootkits
have full administrative access to the computer and are invisible to users
and hidden from the list of running processes in the task manager.
Rootkits can modify the inner workings of the operating and tamper with
antivirus programs.
Real-time protection
Real-time protection, on-access scanning, background guard, resident
shield, auto protect, and other synonyms refer to the automatic protection
provided by most antivirus, anti-spyware, and other anti-malware programs.
This monitors computer systems for suspicious activity such as computer
viruses, spyware, adware, and other malicious objects in 'real-time', in other
words while data loaded into the computer's active memory: when inserting a
CD, opening an email, or browsing the web, or when a file already on the
computer is opened or executed.
�LIST OF ANTIVIRUS
SOFTWARE
Kaspersky AntiVirus
-Kaspersky Antivirus often treated as the best
available Antivirus application and has a special
version for file servers. It covers almost all sections
needed for a top class security.
BitDefender
Antivirus
-BitDefender is one of the best antivirus with top class defending ability. It provides
hourly definition updates for latest threats. BitDefender comes with P2P File
Sharing and Registry Startup Protection but lacks Email scanning. This program is
not just limited to documenting the existing viruses in its database, it does more. It
uses artificial intelligence to identify different types of viruses that can harm a
computer. It anticipates what software changes a new virus could contain. It does
this by noting what kinds of changes other viruses have done in the past, such as
modify registry settings or by modifying files.
�-Another feature it has is the use of a virtual machine, which scans software
and decides if it is safe to run in the main system. A virtual machine is a
program that acts like a computer. It mimics the operating system; you might
say that it is a computer inside a computer. Therefore, the virtual test is close to
the real environment; and it can anticipate what the program will do. If it harms
the virtual machine, it is a virus and Bitdefender deletes it.
Trend Micro
-is a well-known and popular antivirus with Spyware and Adware
Protection. It has some great features including Remote File Lock that
safeguards your private files in case your laptop is lost or stolen. But
lacks P2P File Sharing and Registry Startup Scanning .
Norton Antivirus/ Internet
Security
-is
one of the most popular and well-known antivirus application.
The latest version has the ability to map your wireless home
network and safeguards your Wi-Fi networks. It comes with daily
virus definition update but no support for P2P File Sharing and
Registry Startup Protection.
�McAfee
Antivirus
-is one of the leading antivirus in security industry. McAfee introduced 2
features Script Stopper and Worm Stopper. But it has no support for P2P
File Sharing, Instant Messenger and Registry Startup. The inbuilt updater
updates virus definitions on a regular basis to keep your up-to-date.
Panda Antivirus Pro
-it comes with a new feature call UltraFast scan engine that
scan almost 30% faster compared to other antivirus
applications. It has few unique features as follows, identity
protection through Anti-Phishing Filter and Anti-Banking Trojans
Engine, panda Antivirus has an advanced heuristic scan which
maximum possible identity theft and inbuilt Personal Firewall
�ZoneAlarm Anti-virus
The latest version of ZoneAlarm antivirus comes with strong
removal ability of most dangerous viruses and multilayered
security for your PC. But it is not certified by any of the three
major independent testing labs Virus Bulletic, Checkmark, or
ICSA. Zone Alarm scans uses lesser possible system resources.
ESET NOD32 Antivirus
NOD32 is one of the leading antivirus applications with feature
like blocking all attempts to collect and forward your personal
and confidential data, provides best protection against zero day
threat and attacks, virus definition updates comes in very small
size compared to others and multi layered protection including
real-time email scanning
�AVG Antivirus
-is one of oldest and widely used antivirus. Latest version of AVG
comes with a clean interface and the core scanning engine
changed for better performance with multi-core processors. Now
the AVG Antivirus comes with two separate standalone
applications AVG anti-spyware and AVG Antirootkit to give your
best possible security.
F-Secure Antivirus 2009
-F-Secure Antivirus is quite easy to use and comes with predefined options for known threats. F-Secure heuristic scanner
is considered as one of fastest. It provides new definition
update on every two hours to provide you best possible
security from most latest threats. It supports emails scanning
for both Outlook and Thunderbird.
�ComboF
ix a free antivirus program most suitable for removing malware
-is
and rootkits. The first time you open the program, you are asked
whether or not you want to create a backup of your registry.
ComboFix recommends creating the backup to fix any errors that
could occur during virus removal. ComboFix also requires that
you install the "Microsoft Recovery Console," a utility designed
to fix any errors that can happen when you use an antivirus
program. ComboFix is a great solution for those with more
troublesome
infections.
Spybot - virus
Search
and
Destroy
-is a popular antivirus program. It is free and small in file size. It
also receives frequent updates to its virus database, making it
effective at removing newer and less common spyware. The
"Immunize" feature can help prevent infection before it occurs.
�ESET Online Scanner
-more convenient option for some, the free ESET online virus scanner will
search and remove viruses found on your computer without the need to
download and install a program (although, only select web browsers are
supported). You will need to have administrative privileges or be logged into
the administrator account on your computer to use the ESET scanner. ESET
receives constant updates to its virus database. Users can also select which
drives they want to scan
