CONTENTS

- Antivirus
- History of Antivirus
- Function of Antivirus Software
- Features of Antivirus Software
- How Antivirus software works?
- Why we need Antivirus?
- Why Should Update Your Antivirus?
- Online detection
- Virus removal tools
- List of antivirus software
- Testing Organizations
- Attacking antivirus
- Top 10 Antivirus
- Bitdefender 2011
- Before You Buy Antivirus Software
- How to make a USB Antivirus
- Issues of concern
- Recommendations
Antivirus
Antivirus or anti-virus software is used to prevent, detect, and remove computer viruses,
worms, and Trojan horses. It may also prevent and remove adware, spyware, and other forms of
malware. This page talks about the software used for the prevention and removal of such
threats, rather than computer security implemented by software methods.

A variety of strategies are typically employed. Signature-based detection involves searching for
known patterns of data within executable code. However, it is possible for a computer to be
infected with new malware for which no signature is yet known. To counter such so-called zero-
day threats, heuristics can be used. One type of heuristic approach, generic signatures, can
identify new viruses or variants of existing viruses by looking for known malicious code, or slight
variations of such code, in files. Some antivirus software can also predict what a file will do by
running it in a sandbox and analyzing what it does to see if it performs any malicious actions.

No matter how useful antivirus software can be, it can sometimes have drawbacks. Antivirus
software can impair a computer's performance. Inexperienced users may also have trouble
understanding the prompts and decisions that antivirus software presents them with. An
incorrect decision may lead to a security breach. If the antivirus software employs heuristic
detection, success depends on achieving the right balance between false positives and false
negatives. False positives can be as destructive as false negatives. Finally, antivirus software
generally runs at the highly trusted kernel level of the operating system, creating a potential
avenue of attack.

History Of Anti Virus

Most of the computer viruses written in the early and mid 1980s were limited to self-
reproduction and had no specific damage routine built into the code.[2] That changed when
more and more programmers became acquainted with virus programming and created viruses
that manipulated or even destroyed data on infected computers.

There are competing claims for the innovator of the first antivirus product. Possibly the first
publicly documented removal of a computer virus in the wild was performed by Bernd Fix in
1987.[3][4]

Fred Cohen, who published one of the first academic papers on computer viruses in 1984,[5]
began to develop strategies for antivirus software in 1988[6] that were picked up and continued
by later antivirus software developers.
Also in 1988 a mailing list named VIRUS-L[7] was started on the BITNET/EARN network where
new viruses and the possibilities of detecting and eliminating viruses were discussed. Some
members of this mailing list like John McAfee or Eugene Kaspersky later founded software
companies that developed and sold commercial antivirus software.

Before internet connectivity was widespread, viruses were typically spread by infected floppy
disks. Antivirus software came into use, but was updated relatively infrequently. During this
time, virus checkers essentially had to check executable files and the boot sectors of floppy disks
and hard disks. However, as internet usage became common, viruses began to spread online.[8]

Over the years it has become necessary for antivirus software to check an increasing variety of
files, rather than just executables, for several reasons:

Powerful macros used in word processor applications, such as Microsoft Word, presented a risk.
Virus writers could use the macros to write viruses embedded within documents. This meant
that computers could now also be at risk from infection by opening documents with hidden
attached macros.[9]

Later email programs, in particular Microsoft's Outlook Express and Outlook, were vulnerable to
viruses embedded in the email body itself. A user's computer could be infected by just opening
or previewing a message.[10]

As always-on broadband connections became the norm, and more and more viruses were
released, it became essential to update virus checkers more and more frequently. Even then, a
new zero-day virus could become widespread before antivirus companies released an update to
protect against it.

Function of Antivirus Software

Antivirus software is used to detect harmful viruses and other spyware on a computer system.
Hackers frequently embed viruses on popular websites to infect the computer of anyone that
visits their website. You'll need to locate a suitable type of antivirus software to stop them from
invading your computer system unknowingly. With antivirus software, viruses and spyware will
be properly removed from your infected computer system to protect your important data. Most
antivirus software programs can usefully identify common and uncommon malware applications
that have been unwittingly installed on a computer system

Features of Antivirus Software

Antivirus software have the capability of searching an entire file on a computer system. Instead
of just looking at a small section of an existing computer file, the antivirus software thoroughly
analyzes it. This prevents viruses, spyware, and malware from hiding on your computer system
and compromising the data stored on it. On-access scanning is another useful feature of many
antivirus software. The real time protection will notify you of any irregular file activity that may
indicate your computer system has been infected. Virus removal features are also included in
antivirus software to take them off your current computer system. With frequent virus database
updates, your antivirus software will effectively keep track of the latest threats that could harm
your computer system.

MORE THAN ONE AT A TIME

Although there are multiple types of antivirus software to help keep your computer system
safe, you shouldn't use more than one at a time. Having several antivirus software programs
installed on a single computer system will expose it to vulnerabilities. A missed malicious file
could cause your entire computer system to crash or prevent it from accessing a stable Internet
connection. Instead of tracking a virus threat, each antivirus software will prevent the other
from correctly functioning

How does antivirus works?

Antivirus is computer software that can scan to identify computer virus and can remove or
eliminates the virus to protect computer’s operating system and other important software.

Almost every antivirus works in two ways. They are

a) Dictionary approach
b) Suspicious behavior approach

a) Dictionary approach: All antivirus have virus dictionary. In virus dictionary all known virus are
listed. When antivirus scans computer files then it also try to match files with its virus dictionary.
Antivirus program can detect virus which are in virus dictionary. If it can detect any virus then it
deletes the virus and quarantines it so that the file is inaccessible to other programs. All
antivirus can update from internet. When antivirus takes update from internet, then it also
updates its virus dictionary. Dictionary approach is very effective to search virus.

b) Suspicious behavior approach: Antivirus always observes all applications behavior of

computer. If it sees that any program is trying to write data to an executable program then it
alerts user about the program. Suspicious behaviors approach provides protection against the
brand new viruses which are not listed in virus dictionary. Sometimes antivirus detects
necessary files as virus for suspicious behavior approach. For that suspicious behavior approach
is not always effective.
Antivirus doesn’t work only in two ways. There are many other ways to detect virus. But these
two approaches are common in every antivirus and most of the antivirus work through these

USE Why we need Antivirus?

1. Regular antivirus scanning

To help keep you safe from viruses, worms, and Trojans, Antivirus automatically
scans the files and folders on your computer, including e-mail attachments as you
open them.

2. Continuous firewall monitoring

Firewalls monitor two way traffic. This means that both inbound and outbound
traffic is controlled. The firewall is also updated continually to help protect you

3. Enhanced protection from spyware

Today's Antivirus have antispyware technology helps protect your computer from
spyware programs that secretly monitor your activities or pop-ups that negatively
impact your computer's security and performance.

4. Easy file backup and restore

With Antivirus you can make copies of important files and documents and store
them on a CD, DVD, or an external hard drive in case of an emergency.

5. Continuously updated

Antivirus could updates itself automatically to help ensure that your virus, firewall,
and spyware protection is always up to date and ready to help protect you from the
latest threats.

Why Should Update Your Antivirus

Once you have purchased an antivirus program, you have to make sure you do an antivirus
update as often as you can, maybe even daily so what you may want to do is to put the antivirus
update setting of your program in automatic. Some programs have their antivirus update
settings turned on but some softwares are placed on manual mode so you may want to check
your program's user manual just to make sure.

nitially, your antivirus program has set definitions for all sorts of worms, viruses, malwares,
Trojan horses, bugs and other uninvited softwares. However, due to man's innovation (or
sometimes boredom), new viruses and worms are introduced in a basis so frequent that your
antivirus program needs an antivirus update to make sure it is up to date to the definitions of
new viruses and worms.

Once your program is updated with the latest antivirus updates, then your computer is virtually
safe from the latest line of computer bugs and traps. True there are some programs that have
sophisticated intelligence that even if the virus is not defined in their knowledge, so long as it
behaves in a "virus-like" manner, it is dinged and may be up for deletion, cleaning or is deemed
for vault placing, depending on the action you would command it to do. However, this occurs in
a very shot-in-the-dark manner as you can only hope that the new virus will behave like virus
before it. Doing an antivirus update will make you very sure that you and your program are very
much prepared for all those viruses and worms.

Online detection
Some antivirus vendors maintain websites with free online scanning capability of the entire
computer, critical areas only, local disks, folders or files. Examples include Kaspersky Online
Scanner and ESET Online Scanner and Bitdefender .

Virus removal tools

A virus removal tool is software for removing specific viruses from infected computers. Unlike
complete antivirus scanners, they are usually not intended to detect and remove an extensive
list of viruses; rather they are designed to remove specific viruses, usually more effectively than
normal antivirus software. Sometimes they are also designed to run in places that regular
antivirus software can't. This is useful in the case of a severely infected computer.

List of antivirus software and companies

For corporate market
- Cisco Security Agent (CSA), from Cisco Systems.
- BitDefender from Romania - email security solutions
- Dr.Web by Doctor Web, Ltd. from Russia - email/www security solutions,
corporate networks protection
- GFi WebMonitor and GFi MailSecurity - WWW and email security solutions, by
GFI Software Security solutions by Sybari Software. Sybari Software had been
purchased by Microsoft in early 2005.
- Sophos Anti-Virus by Sophos plc (UK) provides antivirus solutions for desktops,
can create a customised installer and update from the corporate network rather
than the internet.
- Uniwares Leon Enterprise Anti-Spam Server (with integrated AV)
- Virus Chaser from Korea+Russia. -- Anti-Virus/Adware/Spyware/.... Extremely
strong heuristic algorithm for detecting unknown viruses.
Commercial and shareware
- AVG Anti-Virus by Grisoft
- Bullguard Antivirus Software, Firewall and Backup, by BullGuard from
Denmark/UK
- Command Antivirus by Authentium from USA
- Kaspersky Anti-Virus by Kaspersky Lab from Russia
- McAfee VirusScan by McAfee from USA, also driving Dr. Solomon's antivirus
packages
- NOD32 by Eset from Slovak Republic, shareware
- Norman from Norway
- Norton AntiVirus by Symantec
- F-Prot, by FRISK Software International in Iceland
- F-Secure Antivirus by the eponymous firm from Finland
- Panda Software from Spain
- PC-cillin Internet Security by Trend Micro
- Pocket Antivirus by JSJ Software
- Rising AntiVirus from China
- LinuxShield by McAfee
- Virex by McAfee
- Windows Live OneCare by Microsoft

Freeware
- This section includes usable free-of-charge versions of commercial software.
- AntiVir PersonalEdition Classic by Avira from Germany
- Avast! by Alwil from Czech Republic
- AVG Free Edition by Grisoft
- BitDefender Free Linux and Windows editions
- HouseCall Onlinescanner by Trend Micro

Testing Organizations
- AV Comparatives - http://www.av-comparatives.org
- Virus Bulletin - http://www.virusbtn.com
- AV-Test.org - http://www.av-test.org
- ICSA Labs - http://www.icsalabs.com
- West Coast Labs - http://www.westcoastlabs.org
GFI Software - http://www.emailsecuritytest.c
 Attacking Antivirus
WHAT MAKES ANTIVIRUS A PERFECT TARGET

1. People have complete faith in it

The use of antivirus software has become something of an act of faith. People seem
to feel more safe not with a more secure operating system, or with the latest patch,
but with some antivirus software installed in their systems.

A recent study [3] shows that 81 % of all computer users have antivirus software
installed on their computers. Quite clearly, antivirus software is a must-have for
most users.

The questions are: Is that enough? Is such blind faith justified? What if attackers
attack the antivirus software itself instead of the operating system?
Now that would turn the game on its head, wouldn’t it?

Consider an average user, who gets some files (executables, documents, media,
etc.), the installed antivirus on his computer will scan the incoming files
automatically (The user may manually scan it if it looks suspicious). And with this
the antivirus would serves the security gate for incoming files.

Incoming Antivirus Trusted

files

AV Antivirus serves the security gate for incoming files.

What he or she does not know is that many antivirus solutions developed in the
past, were developed without holistic security in mind. Developers would assume
that non- trusted files were safely being scanned by their software. But what if
those very files hurt their solution software itself?
The threat to antivirus security is thus helped along by two things:
 The user’s blind acceptance of the antivirus as a silver bullet.
 And the overconfidence of antivirus vendors in their software’s immunity
against all files.
 2. Antivirus processes are error-prone
Antivirus software is one of the most complicated applications. It has to deal
with hundreds of file types and formats:
 executables (exe, dll, msi, com, pif, cpl, elf, ocx, sys, scr, etc);
 documents (doc, xls, ppt, pdf, rtf, chm, hlp, etc);
 compressed archives (arj, arc, cab, tar, zip, rar, z, zoo, lha, lzh, ace, iso, etc);
 executable packers (upx, fsg, mew, nspack, wwpack, aspack, etc);
media files (jpg, gif, swf, mp3, rm, wmv, avi, wmf, etc),
Each of these formats can be quite complex. Hence, it is extremely
difficult for antivirus software process all these format appropriately.

This is amply clear in recent research into antivirus vulnerabilities. It reveals that
most vulnerabilities exist in the following two components:
 Executable decompression [4].
 Data decompression [5].

Antivirus software will try to decompress the compressed executable and data
before processing them.

The problem with the decompression of executables and data is that both the
processes are highly complicated. The antivirus makes complex calculations,
allocates memory, and extracts data according to the calculation. Any mistake in
these throws open the door for vulnerabilities.

Top 10 Antivirus
Bitdefender 2011
Top 10 Antivirus

Bitdefender 2011
Before You Buy Antivirus Software

The 5 Questions You Must Ask Before You Buy Antivirus

Software
As the threat of computer viruses continues to grow, and antivirus systems try to keep
pace, it is imperative to have a good program on your PC to keep your data, and you,
safe. Basically, antivirus systems keep your vulnerable areas protected from attack, and
detect and remove any viruses that have made their way on to your computer. They will
scan emails for possible attached viruses, monitor files as they are downloaded, opened
or created, and perform system-wide scans to detect any infections.

But what, exactly, makes up a good antivirus system? The answer depends on you, your
computer habits and your level of experience, as well as on what you are willing or able
to spend. But, there are some vital questions that you must ask before you buy or
download any spyware blocker or similar program.

1. How often are the virus definitions updated?

Every new virus has its own signature. Security firms will create a signature, or
definition, for each known virus, and that is how antivirus systems recognize new threats.
Since new threats are being created every day, you must have an antivirus program that
updates its virus definitions consistently and frequently. This is vital, because without
constant updates, your data is vulnerable to attack.

2. By what method are the virus definitions updated?

Viruses spread quickly, and if you have only manual updates your computer may get
infected simply because you went online before you checked for the latest updates for
your antivirus system. Look for a program that updates the definitions automatically,
every time you go online, so you know that you are always getting the latest, highest
level virus protection without you even having to think about it.

3. Does the system allow scheduled scans?

Your computer can have a virus without you being aware of it. Often, an infection will
hibernate, and have no obvious symptoms. The most effective way to remain virus free is
to choose an antivirus system that can be configured to perform regular, scheduled
system-wide scans.

4. Does the program dispose as well as detect?

Some systems simply detect viruses...they offer no way to actually remove them from
your computer. You want a program that will snatch the virus, and at least quarantine it
so that it presents no threat to your data. You should ideally be able to fully remove the
virus from your system, so make sure you ask if and how the program does this.

5. Does the software have any additional security features?

For true internet security, it is often more convenient and economical to choose an
antivirus system that has a suite of security tools. In addition to virus detection, protection
and removal, look for spyware, phishing and spam protection. Also, ask if the program
comes with a firewall. If you want parental controls, look for software that includes
them...many do not.

Before you try or buy antivirus systems, you must know the facts. When you ask these 5
questions, you'll be able to narrow down your choices and choose the system that offers
the best protection and performance for your data, and for you.

How to make a USB Antivirus

I want to warn you again to be careful when using this e book, because you may
loose data on your hard disk or usb memory device, and I am not going take any
responsibility of any damage of your data.

Step 1:
Open your notepad or any text editor

Step 2:
Type the exact text
@ echo off del
d:\*.inf
@ echo file deleted or no file exists pause

Explanation:
@ echo off
is a dos command that makes the system provides no confirmation messages
del d:\*.inf
"del" is the command that deletes the desired file from the drive
"d:"
which "d:" is your usb drive letter and you can
change it as you wish "*.inf" is the file that
must be deleted
Step 3:
Save the file giving the extension bat to the created file so it should be like that
mysimpleantivirus.bat

Step 4:
Test your simple antivirus by creating a dummy autorun.inf file on your usb drive.
When you double click the file mysimpleantivirus.bat it will delete the autorun.inf

Issues of concern
1. It is sometimes necessary to temporarily disable virus protection when
installing major updates such as Windows Service Packs or updating graphics
card drivers .
2. Running multiple antivirus programs concurrently can harm performance and
create conflicts.
3. If an antivirus program is configured to immediately delete or quarantine
infected files (or does this by default), false positives in essential files can
render the operating system or some applications unusable.
 4. When purchasing antivirus software, the agreement may include a clause that
your subscription will be automatically renewed, and your credit card
automatically billed at the renewal time without your approval.

Recommendations

- Computer users should not always run with administrator access to their own
machine.
- Some antivirus software can considerably reduce performance. Users may disable
the antivirus protection to overcome the performance loss, thus increasing the risk
of infection.
- Don’t trust everything. Attacks may come from everywhere
- Computer users should not always run with administrator access to their own
machine.
- Some antivirus software can considerably reduce performance. Users may disable
the antivirus protection to overcome the performance loss, thus increasing the risk
of infection.
- Don’t trust everything. Attacks may come from everywhere

References

- Blocking spam and spyware for Dummies by Peter H. Gregory and Mike Simon.
- PC Magazine Fighting Spyware, Viruses and Malware by Ed Tittel.
- Securing your information in an insecure world: what you must know about
hackers and identity thieves by Hassan Osman.
- www.en.wikipedia.org
- www.microsoft.com
- www.antivirus-software.6starreviews.com
- www.wikipedia.org
- www.bitdefender.com
- www.microsoft.com
- www.symantec.com
- www.mcafee.com