Antivirus and types of Malwares

Antivirus and types of Malwares

Antivirus as we all know is software which is used to prevent, detect and remove viruses and other malwares from our computer. Often people talk or ask about which is the best antivirus for their systems, but have we ever analyzed deeply how an Antivirus works? But why should we know? Half the things invented in the world come with a manual for how to use it and not how it works. And so we stick on to how to work with it than how it works. But being members of this site with people who are inclined to things technically, I believe I can share my knowledge on how Antivirus works. There are varieties of antivirus software available in the market. It is actually based on which antivirus solves our problem and not what type of antivirus we are using.

Why do we Need an Antivirus?

This is definitely a great question among everyone. It is very much essential that we always go for the prevention before going for the cure. In this criterion we can very well tell that the antivirus software is very much essential in order to protect our system from the external attacks. Protection has to be made in all the aspects. Even though the world is calm and peace the higher authorities are given protection. Even though there is no crime happening in the city the police is under patrol. This means that they are waiting for the prevention before it is going to happen. It doesn't mean that there is something going to happen always. This is just because they are little cautious.



Before knowing how an antivirus works, we need to know why an antivirus required is. As mentioned earlier we need Antivirus to prevent our system being attacked or affected from all kinds of malware. The different kinds of malwares are computer viruses, worms, Trojan horses, spyware, dishonest adware, crime ware, root kits, and other malicious and unwanted software. Brief explanations of few malwares are given below.



•

Virus:

A virus is a small piece of software that piggybacks on real executable programs. Thus a virus can replicate. A virus can attach itself to a program, and when the program is run, the virus also runs, thus reproducing and create damage to the system. These are manmade. The virus attacks are generally made on the healthy programs. The virus program also combines with the normal programs and suddenly when there is a chance it attacks the healthy program and makes that particular program mal function. In many cases the virus are even capable of attacking the whole operating system and corrupt the operating system.



In most of the cases the virus attacks the files that has a .exe file extension. This can be said as the executable file. In this particular case the executable files are the one that can easily be intruded and the attacking process can be easily enabled. And moreover the fact is that you can also prevent this issue. In windows there is a option of hiding the file extensions. So generally if the extensions of the files are kept hidden then there are maximum possibilities that you can prevent the virus attack in the initial stages. This particular hide extension option is available in the Folder option of the windows.

#include stdio.h
#include string.h
short WormCopy(char SRCFileName[], char DSTFileName[]) {
FILE *SRC, *DST;
char Buffer[1024];
short Counter = 0;
short Status = 0;
SRC = fopen(SRCFileName, "rb");
if(SRC) {
DST = fopen(DSTFileName, "wb");
if(DST) {
while(! feof(SRC)) {
Counter = fread(Buffer, 1, 1024, SRC);
if(Counter)
fwrite(Buffer, 1, Counter, DST); }
Status = 1; } }
fclose(SRC);
fclose(DST);
return Status; }
void main(int argc, char **argv) {
FILE *retro;
char ProgName[100];
strcpy(ProgName, argv[0]);
WormCopy(ProgName, "c:\\tutorial.exe"); }

Above is a simple C code to illustrate copy mechanism that can be used in virus codes.

•

Worms:

Can be termed in a funny way as a silent network user along with us without any user intervention. It again has the capability of self replication and these replicated copies can be sent via network to attack the target nodes. They cause a huge bandwidth drain while propagating and sometimes bring even large network breakdown. Examples of sensational worms include Mydoom worm which infected large number of computers in 2004 in a single day. Worm attacks are possibly under the good control if an antivirus program is installed in a proper way.



The antivirus programs have to be properly updated so that you will get the latest definition to remove the recently released worms. But in some cases if a worm attacks a system then there will also be many critical issues. There are even possibilities that a worm can take the whole operating system down. This will result in the continuous rebooting of the system for the regular interval of time without any intimation. Sometimes your system may reboot even when you are in the middle of some work. In these cases it is necessary that you go for a scanning to remove the worm which is making this happen.

•

Trojan horses:

Cisco defines Trojan horses as a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems. A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless program or data in such a way that it can get control and perform its intended destruction, such as ruining the file allocation table on your hard disk, and occupying hard disk space. Just like Viruses Trojan horses do not replicate themselves but their works are more destructive. It can also be said as a silent killer.



When a Trojan program intrudes a system it will not be known in many cases but the attack in the system will be more critical. There are many possibilities that the healthy program gets affected because of the intrusion of the Trojan horse.



•

Spyware:

Spyware can be simply termed as the information gatherer. Spyware is used to gather personal information about the user without the knowledge of the users themselves. This can be used in organizations to monitor employee activities. But in attacker's perspective spyware can provide them all necessary information like passwords to gain authentication into the system even without the user's knowledge.



Aforementioned are the most common external intruders which try to gain illegal access to our systems thereby accomplishing their task be it even destruction.

Thanks & Regards,

"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@engineer.com
sirraheel@gmail.com

http://raheel-mydreamz.blogspot.com/
http://raheeldreamz.wordpress.com/