Computer
virus
A
computer
virus
is a malware program that, when executed, replicates by inserting
copies of itself (possibly modified) into other computer programs,
data files, or the boot sector of the hard drive; when this
replication succeeds, the affected areas are then said to be
"infected". Viruses often perform some type of harmful
activity on infected hosts, such as stealing hard disk space or CPU
time, accessing private information, corrupting data, displaying
political or humorous messages on the user's screen, spamming their
contacts, or logging their keystrokes. However, not all viruses carry
a destructive payload or attempt to hide themselves—the defining
characteristic of viruses is that they are self-replicating computer
programs which install themselves without the user's consent.
Virus
writers use social engineering and exploit detailed knowledge of
security vulnerabilities to gain access to their hosts' computing
resources. The vast majority of viruses target systems running
Microsoft Windows, employing a variety of mechanisms to infect new
hosts, and often using complex anti-detection/stealth strategies to
evade antivirus software. Motives for creating viruses can include
seeking profit, desire to send a political message, personal
amusement, to demonstrate that a vulnerability exists in software,
for sabotage and denial of service, or simply because they wish to
explore artificial life and evolutionary algorithms.
Computer
viruses currently cause billions of dollars worth of economic damage
each year, due to causing systems failure, wasting computer
resources, corrupting data, increasing maintenance costs, etc. In
response, free, open-source antivirus tools have been developed, and
a multi-billion dollar industry of antivirus software vendors has
cropped up, selling virus protection to users of various operating
systems of which Android and Windows are among the most victimized.
Unfortunately, no currently existing antivirus software is able to
catch all computer viruses (especially new ones); computer security
researchers are actively searching for new ways to enable antivirus
solutions to more effectively detect emerging viruses, before they
have already become widely distributed.
Antivirus
software
Antivirus,
anti-virus,
or AV
software
is computer software used to prevent, detect and remove malicious
computer viruses. Most software described as antivirus also works
against other types of malware, such as malicious Browser Helper
Objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors,
rootkits, trojan horses, worms, malicious LSPs, dialers, fraudtools,
adware and spyware. Computer security, including protection from
social engineering techniques, is commonly offered in products and
services of antivirus software companies. This page discusses the
software used for the prevention, detection, and removal of malware
threats, rather than computer security implemented by software
methods.
A
variety of strategies are typically employed. Signature-based
detection involves searching for known patterns of data within
executable code. However, it is possible for a computer to be
infected with new malware for which no signature is yet known; and
malware is often modified to change its patterns without affecting
functionality. To counter such zero-day
viruses,
heuristics can be used. One type of heuristic approach, generic
signatures, can identify variants by looking for slight variations of
known malicious code in files. Some antivirus software can also
predict what a file will do by running it in a sandbox and analyzing
what it does to see if it performs any actions which could be
malicious.
Antivirus
software has some drawbacks. It can impair a computer's performance.
Inexperienced users can be lulled into a false sense of security when
using the computer, considering themselves to be totally protected,
and may have problems understanding the prompts and decisions that
antivirus software presents them with. An incorrect decision may lead
to a security breach. If the antivirus software employs heuristic
detection, it must be fine-tuned to minimize misidentifying harmless
software as malicious (false positive). Antivirus software itself
usually runs at the highly trusted kernel level of the operating
system to allow it access to all the potential malicious process and
files, creating a potential avenue of attack.
0 comments:
Post a Comment