Transcript Viruses - DREAM IT Projects

VIRUS
ANTIVIRUS
CONTENTS
Virus Introduction
 Types of Viruses
 Viruses
 Antivirus Introduction
 Types of Antivirus
 Technical Implementation
 Hardware and Software
 Features
 Future Implementation

VIRUS
INTRODUCTION
Computer Virus – Type of Malware, replicates
itself
 Infects a variety of different subsystems on their
hosts
 Stealing hard disk space or CPU time
 Accessing private information
 Corrupting data
 Logging users keystrokes

TYPES
OF
VIRUSES
TYPES OF VIRUSES (1/2)

Boot viruses


Program viruses



These viruses replace the boot record and move it to a
different part of the hard disk, or simply overwrite it.
Infects only executable files (with extensions like
.BIN, .COM, .EXE, .OVL, .DRV, and .SYS).
Once executed, these programs load into memory,
along with the virus contained within them.
Stealth viruses

Redirects the hard disk head, forcing it to read
another memory sector instead of their own.
TYPES OF VIRUSES (2/2)

Polymorphic viruses
Always change their source code from one infection to
another.
 Each infection is different, and this makes detection
very hard.


Macro viruses

Virus that is written in a macro language, and
embedded into documents (MS Word, Excel) so that
when users open the file, the virus code is executed,
and can infect the user's computer.
VIRUSES
VIRUSES (1/2)

Killing New Process
When executed does not allow any new process to
start
 Does not effect any existing process already running


Application Virus
Aimed to corrupt or kill Windows inbuilt applications
like MS Paint, Notepad, Internet Explorer
 Also creates many threads so that the CPU become
busy and PC starts hanging up

VIRUSES (2/2)

File Replicating Virus
Consumes the Hard Disk space by replicating the
files
 Does not effect any existing process already running


Removable Drive Virus

Detects removable drive and copies infected file into
removable drive
ANTIVIRUS
ANTIVIRUS INTRODUCTION



Computer software used to prevent, detect and
remove malicious computer viruses.
Usually runs at the highly trusted kernel level of
the operating system to allow it access to all potential
malicious process and files, creating a potential
avenue of attack.
Perform one or more of the following actions;



Quarantining
repairing, or deleting.
Quarantining a file will make it inaccessible, and is
usually the first action antivirus software will take if
a malicious file is found.
ANTIVIRUS
TYPES
TYPES OF ANTIVIRUS (1/2)

Signature based detection
To identify viruses and other malware, antivirus software
compares the contents of a file to a dictionary of virus
signatures.
 Requires frequent updates of the virus signature
dictionary.


Heuristic-based detection
Malicious activity detection, can be used to identify
unknown viruses.
 Two methods are used; file analysis and file emulation.

File Analysis: analyze the instructions of a program.
Based on the instructions, the software can determine
whether or not the program is malicious.
 For example, if the file contains instructions to delete
important system files, the file might be flagged as a virus.

TYPES OF ANTIVIRUS (2/2)


File Emulation: the target file is run in a virtual
system environment, separate from the real system
environment. The antivirus software would then log
what actions the file takes in the virtual
environment. If the actions are found to be damaging,
the file will be marked a virus.
Our Antivirus will be based on Signature based
detection mechanism.
TECHNICAL
IMPLEMENTATION
TECHNICAL IMPLEMENTATION
Viruses and Antivirus will be developed on .NET
platform using C# as a coding language.
 .NET is Microsoft platform for developing
advanced and Robust applications
 .NET supports a wide range of library classes
which eases the development efforts and hence
more time can be utilized in other activities
 .NET is called Language Independent Platform
as it support 4 native languages and 21 nonnative languages.
 Native Languages are a Microsoft created
languages i.e. C#. VB.Net, J#, VC++

HARDWARE
AND
SOFTWARE
HARDWARE AND SOFTWARE
VirusAntivirus
•Pentium Core
2 Duo processor
or above
• 2 GB RAM
• 20 GB HDD
• Windows XP/
Windows Vista/
Windows 7
• Microsoft .NET
Framework 3.5
• Microsoft Visual
Studio 2008
FEATURES
FEATURES
Signature based virus detection
 Scanning Option – (Full Scan, Drive Scan)
 Adding of new virus signatures

FUTURE
ENHANCEMENT
FUTURE ENHANCEMENT
The future enhancement to this Antivirus will be
addition of heuristic technique
 Determination of malicious activity on basis of
User behavior
