hi experts
can ny one tel me something ab8 virus signatures
exactly wat is it
as per my knowledge its bits of data which is used to recognize the virus .
but then exactly what bits of data is it . is it a part of code or is it purely attached for sake of identification n if yes then why any virus creater will ever include such code .
coz as per my knowledge an antivirus purely detects viruses on its signature so if no signature no detection !!
plz help me !!!!
:boh:
Virus Signature
Started by
ashishtechi
, Jan 31 2006 05:14 PM
2 replies to this topic
#2
TheSentinel
-
- General Admin
-
- 22,429 posts
The man in the dark
Posted 31 January 2006 - 06:47 PM
QUOTE (ashishtechi @ Jan 31 2006, 06:14 PM)
hi experts
can ny one tel me something ab8 virus signatures
exactly wat is it
as per my knowledge its bits of data which is used to recognize the virus .
but then exactly what bits of data is it . is it a part of code or is it purely attached for sake of identification n if yes then why any virus creater will ever include such code .
coz as per my knowledge an antivirus purely detects viruses on its signature so if no signature no detection !!
plz help me !!!!
:boh:
can ny one tel me something ab8 virus signatures
exactly wat is it
as per my knowledge its bits of data which is used to recognize the virus .
but then exactly what bits of data is it . is it a part of code or is it purely attached for sake of identification n if yes then why any virus creater will ever include such code .
coz as per my knowledge an antivirus purely detects viruses on its signature so if no signature no detection !!
plz help me !!!!
:boh:
Heya ashishtechi
and welcome at GSF Forums. I hope you will enjoy our little community ;)
A virus signature is a pattern of bytes (code elements) being a part of a single virus or family of viruses. This pattern is characteristical for a virus or a family of viruses and like a fingerprint. If a virus scanner recognizes such a "fingerprint" (pattern) in a file (or files), it should alarm the user about the infection of a file(s). The user has to decide if he/she wants to clean or delete the infective file(s).
With time going by viruses have become more specific and difficult by using special and new techniques which are complicating any kind of detection by using virus signature.
Therefore viruses are modifying their code f.e (i.e) after each infection. This new modification(s) are handled as a variant of a virus building a virus family (mutation).
Greetz
B. Udo
#3
Nebon
-
- Member
-
- 1,456 posts
Is GSF inventory
Posted 31 January 2006 - 10:28 PM
There are a few different ways of dectecting viruses. Here are a few examples:
The rest of this arcticle can be found at : http://www.worldstar...ips/tips.php/93
QUOTE
Signatures and definitions
Your first line of defense are all those virus definitions, signatures, and updates that your anti-virus software is always downloading. They provide identifiable characteristics, or finger prints, for malicious code. This is what is meant by "Specific" scanning?your anti virus program takes all these updates and stores them in an internal database. The anti-virus then matches them against any new files being introduced to your system via email or file download for known threats.
Other Methods
Using virus definitions is great for known viruses, but new viruses are growing exponentially every year and it is possible to not have a definition in time to properly diagnose a dangerous line of code. Heuristic and sandboxing are "Generic" scanning methods. They are not perfected yet and can bring up some strange issues including system slowdown and incorrect diagnoses. Generic scanning is really in its infant stage and is used more in larger networks where a server can do all the scanning (not individual PCs). Antivirus companies use Generic scanning to construct new virus signatures and I feel that these methods will be more widely used by single users in the future.
Heuristic
Heuristic is a type of generic scanning that looks through the lines of code, not for exact matches to virus definitions, but for suspicious code. The anti-virus makes intelligent assumptions based on the scrutinized code. Basically this means that the anti-virus can try to determine whether or not a file has a virus in it by looking at how the file or program is constructed and acts. This isn't a perfect system, however, and can bring up some strange results. This is why some programs tell you to turn off your anti-virus before installing. This type of scanning isn't a perfected science, but on the bright side it is better to be safe then sorry.
Sandboxing
Sandboxing is where an antivirus program will take suspicious code and run it in a Virtual Machine (secure from the rest of the system) in order to see exactly how the code works and what its purpose is.
Your first line of defense are all those virus definitions, signatures, and updates that your anti-virus software is always downloading. They provide identifiable characteristics, or finger prints, for malicious code. This is what is meant by "Specific" scanning?your anti virus program takes all these updates and stores them in an internal database. The anti-virus then matches them against any new files being introduced to your system via email or file download for known threats.
Other Methods
Using virus definitions is great for known viruses, but new viruses are growing exponentially every year and it is possible to not have a definition in time to properly diagnose a dangerous line of code. Heuristic and sandboxing are "Generic" scanning methods. They are not perfected yet and can bring up some strange issues including system slowdown and incorrect diagnoses. Generic scanning is really in its infant stage and is used more in larger networks where a server can do all the scanning (not individual PCs). Antivirus companies use Generic scanning to construct new virus signatures and I feel that these methods will be more widely used by single users in the future.
Heuristic
Heuristic is a type of generic scanning that looks through the lines of code, not for exact matches to virus definitions, but for suspicious code. The anti-virus makes intelligent assumptions based on the scrutinized code. Basically this means that the anti-virus can try to determine whether or not a file has a virus in it by looking at how the file or program is constructed and acts. This isn't a perfect system, however, and can bring up some strange results. This is why some programs tell you to turn off your anti-virus before installing. This type of scanning isn't a perfected science, but on the bright side it is better to be safe then sorry.
Sandboxing
Sandboxing is where an antivirus program will take suspicious code and run it in a Virtual Machine (secure from the rest of the system) in order to see exactly how the code works and what its purpose is.
The rest of this arcticle can be found at : http://www.worldstar...ips/tips.php/93
Edited by Nebon, 31 January 2006 - 10:31 PM.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
