Contents • Virus Introduction • Types of Viruses • Viruses • Antivirus Introduction • Types of Antivirus • Technical Implementation • Hardware and Software • Features • Future Implementation
Introduction • Computer Virus – Type of Malware, replicates itself • Infects a variety of different subsystems on their hosts • Stealing hard disk space or CPU time • Accessing private information • Corrupting data • Logging users keystrokes
Types of Viruses (1/2) • Boot viruses • These viruses replace the boot record and move it to a different part of the hard disk, or simply overwrite it. • Program viruses • Infects only executable files (with extensions like .BIN, .COM, .EXE, .OVL, .DRV, and .SYS). • Once executed, these programs load into memory, along with the virus contained within them. • Stealth viruses • Redirects the hard disk head, forcing it to read another memory sector instead of their own.
Types of Viruses (2/2) • Polymorphic viruses • Always change their source code from one infection to another. • Each infection is different, and this makes detection very hard. • Macro viruses • Virus that is written in a macro language, and embedded into documents (MS Word, Excel) so that when users open the file, the virus code is executed, and can infect the user's computer.
Viruses (1/2) • Killing New Process • When executed does not allow any new process to start • Does not effect any existing process already running • Application Virus • Aimed to corrupt or kill Windows inbuilt applications like MS Paint, Notepad, Internet Explorer • Also creates many threads so that the CPU become busy and PC starts hanging up
Viruses (2/2) • File Replicating Virus • Consumes the Hard Disk space by replicating the files • Does not effect any existing process already running • Removable Drive Virus • Detects removable drive and copies infected file into removable drive
Antivirus Introduction • Computer software used to prevent, detect and remove malicious computer viruses. • Usually runs at the highly trusted kernel level of the operating system to allow it access to all potential malicious process and files, creating a potential avenue of attack. • Perform one or more of the following actions; • Quarantining • repairing, or deleting. • Quarantining a file will make it inaccessible, and is usually the first action antivirus software will take if a malicious file is found.
Types of Antivirus (1/2) • Signature based detection • To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. • Requires frequent updates of the virus signature dictionary. • Heuristic-based detection • Malicious activity detection, can be used to identify unknown viruses. • Two methods are used; file analysis and file emulation. • File Analysis: analyze the instructions of a program. Based on the instructions, the software can determine whether or not the program is malicious. • For example, if the file contains instructions to delete important system files, the file might be flagged as a virus.
Types of Antivirus (2/2) • File Emulation: the target file is run in a virtual system environment, separate from the real system environment. The antivirus software would then log what actions the file takes in the virtual environment. If the actions are found to be damaging, the file will be marked a virus. • Our Antivirus will be based on Signature based detection mechanism.
Technical Implementation • Viruses and Antivirus will be developed on .NET platform using C# as a coding language. • .NET is Microsoft platform for developing advanced and Robust applications • .NET supports a wide range of library classes which eases the development efforts and hence more time can be utilized in other activities • .NET is called Language Independent Platform as it support 4 native languages and 21 non-native languages. • Native Languages are a Microsoft created languages i.e. C#. VB.Net, J#, VC++
Hardware and Software Virus-Antivirus Software Hardware • Windows XP/ Windows Vista/ Windows 7 • Microsoft .NET Framework 3.5 • Microsoft Visual Studio 2008 • Pentium Core 2 Duo processor or above • 2 GB RAM • 20 GB HDD
Features • Signature based virus detection • Scanning Option – (Full Scan, Drive Scan) • Adding of new virus signatures
Future Enhancement • The future enhancement to this Antivirus will be addition of heuristic technique • Determination of malicious activity on basis of User behavior