Abtrusion Security Click here to send someone a link to this page Click here to Bookmark this page
home   products   buy   download   support   about   news   links   contact

Abtrusion Security home

Security products

Purchase Abtrusion Protector

Download of security software for Windows

Abtrusion Protector support

About Abtrusion Security

Security related news

Security links

 

Download Abtrusion Protector

 

Information for

> Corporate Management

> System Administrators

> Security Professionals

> Software Developers

> Home Users

About Viruses

<< Previous

As soon as viruses started to appear, so did anti-virus software and virus scanners. Most virus scanners work by reading files and comparing sequences of bytes from these files to a database of sequences from known viruses. The database is continually updated by the anti-virus software vendors to keep it up to date. This is of course a problem. No matter how often the database is updated, it will only protect you from the last wave of viruses but not from the next one. To address this problem, some anti-virus software has gone back to using other techniques of recognizing viruses as well.

In the early days of anti-virus software there were really two types around - those that matched sequences of bytes like today's anti-virus scanners and those that tried to recognize "virus behavior". However, when the number of viruses grew, it was soon clear that virus behavior detection was becoming far too complex, and it was abandoned. What some current anti-virus software is trying to do is to combine the two methods. Unfortunately, they guys writing the viruses have access to anti-virus software too, and they will most likely test their creations before letting them off into the wild.

Mutating viruses were the talk of the industry not many years ago. They would change every time they spread so that no string of bytes would ever be the same. They would not be recognized no matter how often virus databases were updated. Regular toolkits for writing mutating viruses appeared on the Internet. That craze died out for some reason. Maybe it is that spreading viruses has become so easy that using more advanced techniques is overkill. I don't know. A clever mutating virus is my biggest fear. (There are still viruses around that modify themselves, but not in any clever way.) It is relatively easy to come up with a mutating virus for anyone who knows a little bit about programming. It would use some encryption technique to hide most of its code and would constantly modify the rest. It would be really hard for virus scanners to detect. It is only a matter of time, I think. Instead, the latest craze are viruses that disable anti-virus scanners. I believe that is a technique that is here to stay. Each generation of viruses keeps getting better at it.

<< Previous

Single-Page View

Copyright 2002 Abtrusion Security AB. All rights reserved. This document may be reproduced provided that it is reproduced in its entirety and that this copyright message is retained.