Lecture 7_Virus Detection & Prevention_x_6

Lecture 7_Virus Detection & Prevention_x_6 - Virus...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 COMP 6370 1 Current Techniques For Detecting and Preventing Damage From Computer Viruses COMP 5370/6370 COMP 6370 2 3 Basic Anti-Virus Technologies 3 Basic Anti-Virus Technologies Virus Scanners Integrity Checkers Behavior Blockers COMP 6370 3 Virus Scanners Virus Scanners Examine the contents of each file that can carry executable instructions “.exe”, “.bat”, “.com”, “.vbs”, “.scr”, etc. Search each potential file for certain “search strings” which are present in known viruses. Use a variety of techniques to check for matches Fuzzy search (Heuristic search), exact search Fuzzy search accounts for virus variants by not requiring an exact match, takes more time Exact search will not catch virus variants, but is much faster COMP 6370 4 Virus Scanning Search each file for a known “search string” Search string should be something that uniquely identifies the virus In this case, searching for the two printf statements and the system() call may make a good signature Remember, searching is parsing the hexadecimal executable, so there is no need to worry about case sensitivity, overhead of comparing strings, etc. / COMP 6370 Virus #include <stdio.h> #include <stdlib.h> { printf(“The COMP 6370 virus\n”); printf(“Removing C:\My Documents\n”); system(“deltree C:\My Documents”); } COMP 6370 5 Virus Scanners Problems With Virus Scanners Unable to cope with unknown viruses Since scanners use a database of known viruses, unknown viruses will escape detection Minor variants of known viruses can be missed Fuzzy search is very time intensive, so software developers may not use it as aggressively as it should Time concerns
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 3

Lecture 7_Virus Detection &amp;amp; Prevention_x_6 - Virus...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online