Digital Commons Network^™

How Do Viruses Attack Anti-Virus Programs, Umakant Mishra

Umakant Mishra

As the anti-viruses run in a trusted kernel level any loophole in the anti-virus program can enable attackers to take full control over the computer system and steal data or do serious damages. Hence the anti-virus engines must be developed with proper security in mind. The ant-virus should be able to any type of specially created executable files, compression packages or documents that are intentionally created to exploit the anti-virus’s weakness.

Viruses are present in almost every system even though there are anti-viruses installed. This is because every anti-virus, however good it may be, leads to some extent of false …

Protecting Anti-Virus Programs From Viral Attacks, Umakant Mishra

Umakant Mishra

During a fight between viruses and anti-viruses it is not always predictable that the anti-virus is going to win. There are many malicious viruses which target to attack and paralyze the anti-viruses. It is necessary for an anti-virus to detect and destroy the malware before its own files are detected and destroyed by the malware. The anti-virus may follow thorough testing and auditing procedures to fix all its bugs before releasing the software in the market. Besides the anti-virus may use all the obfuscation techniques like polymorphism that the viruses generally use to hide their codes. This article also shows …

Finding And Solving Contradictions Of False Positives In Virus Scanning, Umakant Mishra

Umakant Mishra

False positives are equally dangerous as false negatives. Ideally the false positive rate should remain 0 or very close to 0. Even a slightest increase in false positive rate is considered as undesirable.

Although the specific methods provide very accurate scanning by comparing viruses with their exact signatures, they fail to detect the new and unknown viruses. On the other hand the generic methods can detect even new viruses without using virus signatures. But these methods are more likely to generate false positives. There is a positive correlation between the capability to detect new and unknown viruses and false positive …

Methods Of Repairing Virus Infected Files, A Triz Based Analysis, Umakant Mishra

Umakant Mishra

Some computer viruses damage the host file during infection either partially or fully. These types of viruses are known as “file modifying viruses”. In these cases, the chance of recovery is less, but the anti-virus has to apply various methods with hope. The virus cleaner must know the characteristics of a virus in order to remove that virus. It cannot remove an unknown virus whose methods of infection are not known. If a virus is wrongly detected to be a different virus, then the cleaner will do wrong operations and build a garbage file.

Most viruses are capable of fixing …

Controlling Virus Infections In Internet And Web Servers A Triz Based Analysis, Umakant Mishra

Umakant Mishra

The viruses not only infect the stand-alone machines or client machines but also infect the web servers. When the web servers are infected with viruses, they disseminate infected content and thereby infect the client computers. The conventional anti-virus programs can run only on one machine. There is no way that an anti-virus in the client machine can determine whether the content of a website is virus safe or not. Hence, different methods are implemented to prevent the client computer from being infected by the infected content of a web server.

One proposed efficient method is to get scanned by the …

Inventions On Generic Detection Of Computer Viruses -A Triz Based Analysis, Umakant Mishra

Umakant Mishra

The conventional methods of signature scanning and heuristic testing depend on prior knowledge of individual virus signatures and virus behaviors. Hence these methods are capable of detecting only the known viruses or viruses behaving in known ways. Hence, these methods cannot detect the viruses unless they are created, released and infected the innocent users. This situation creates the need for generic detectors that can detect even the new and unknown viruses.

The generic scanning methods, in contrast, don’t depend on individual virus signatures or behaviors. Hence they are better applicable to detect the new and unknown viruses and viruses of …

Methods Of Scanning Email Viruses - Applying Triz To Improve Anti-Virus Programs, Umakant Mishra

Umakant Mishra

An email virus makes use of the email technology and attaches itself to an email to transfer itself from one computer to another. Some email viruses create and send new emails using the address book of the victim computer. The email viruses are a matter of concern as they can spread very fast via emails to different geographical locations.

The conventional scanners are file based and not good for scanning emails as the emails can contain different types of files as attachments. Besides they cannot detect viruses until the emails are downloaded and opened by the recipient in order to …

Implementing Virus Scanning In Computer Networks, Umakant Mishra

Umakant Mishra

Some viruses exploit the features and capabilities of computer networks to spread, operate and damage network environments. For example, the virus may copy itself to other computers in the network or may increase network activities congesting the network traffic. The conventional anti-viruses are not efficient enough to detect and control viruses in a network environment. As they are file based they cannot scan the data while being downloaded from the server.

Most of the drawbacks of conventional scanning are taken care by a firewall-based virus scanning. But this method requires high-end machines to withstand the load of centralized scanning. There …

Solving Virus Problems By Anti-Virus Developers- A Triz Perspective, Umakant Mishra

Umakant Mishra

The anti-virus developers play a very significant role in dealing with the computer viruses. They analyze the problems of different levels of users and find solutions for each of those problems. Their goal is not just to sell the product and make profit out of it. They undertake much greater responsibility to ensure that their product meets the expectations of the users and deals with the viruses efficiently.

Different levels of users dealing with computer face different types of problems. The developer must ensure that the product meets the needs of various levels of users and network administrators. The developer …

Detecting Macro Viruses - A Triz Based Analysis, Umakant Mishra

Umakant Mishra

The macro viruses are easy to create but difficult to detect. Even for a virus scanner it is difficult to decide which macro is a virus and which macro is not, as a user macro may also create files, send emails and do all such activities that a macro virus can do. It is difficult to differentiate a genuine macro and a virus macro as both of them do similar type of jobs. Suspecting a macro to be virus just because it is “writing to a file” may result in false positives. It is necessary to improve the emulation method, …

Improving Speed Of Virus Scanning- Applying Triz To Improve Anti-Virus Programs, Umakant Mishra

Umakant Mishra

As the number of viruses increases the amount of time to scan for those viruses also increase. This situation is worsened because of the increasing number of files typically stored in a computer system. Besides more complex tests are required to detect the modern day’s intelligent viruses. Thus a combination of all these factors makes a full virus scan very lingering and resource consuming. With thousands of types of viruses and gigabytes of storages, a typical virus scanning may take several hours. Because of this reason many users don’t like to virus scan their computers unless so required.

This article …

Detecting Boot Sector Viruses- Applying Triz To Improve Anti-Virus Programs, Umakant Mishra

Umakant Mishra

The boot sector virus infects the boot record of the hard disk or floppy disks. It gets loaded onto the memory every time the computer is booted and remains resident in the memory till the computer is shut down. Once entered it alters the boot sector of the hard disk and remains in the hard disk permanently until the system is totally damaged and fails to boot.

While analyzing the problem from TRIZ prospective we try different possibilities to avoid boot sector viruses, such as, Can we do away with boot record? Can we avoid booting from floppies? Can we …

Solving Virus Problems By System Administrators- A Triz Perspective, Umakant Mishra

Umakant Mishra

The computer virus is not only a problem to the end user but also a problem to everybody whoever is associated with computers, including systems administrators, corporate managers and even anti-virus manufacturers. In the previous article we discussed on how to use TRIZ for analyzing and solving virus problems of an end user. In this article we will focus on the problems faced by the systems administrators.

An analysis of virus scenario finds that the same situation of virus infection creates different problems to people at different levels, such as, a computer user, a system administrator, a corporate manager and …

Methods Of Virus Detection And Their Limitations, Umakant Mishra

Umakant Mishra

An anti-virus program typically employs various strategies to detect and remove viruses. The popular methods of detecting virus are signature scanning, heuristic scanning and integrity checking. However each of these methods has its own strengths and weaknesses.

Signature scanning (or searching of known virus patterns) is the most common method of virus detection. But it cannot detect viruses whose signatures are not available in the virus database. The other popular method is to use a heuristic algorithm to find viruses based on common behaviors. This method can be complex, but it has the ability to detect unknown or new viruses. …