virus/non virus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

andyoaks

Thread Starter
Joined
Nov 17, 2001
Messages
153
Can someone explain why some files are considered to be viruses and others not. I downloaded a small programme (56k) with the extention .exe. It is an online timer. What is to stop that programme from infecting files and causing disruption and how does anti virus software know that it is a malicious programme. Is it just that a list of known viruses is used to match it, so meaning that someone first has to be infected and then they inform the anti virus programme makers??

thanks andy
 
Joined
Dec 9, 2000
Messages
45,855
That's a good question Andy, unfortunately I couldn't in a quick search come up with a site which gives a detailed explanation of how antivirus programs work, but someone here probably will, so I'll wing it in the mean time and give you a link on how viruses work.

Basically antivirus programs use two types of methods for detection. One involves a "signature" file which contains identified strings of data that are unique to each virus and allow for identification that way. The second is to include what they call "heuristic" detection analysis. This basically involves looking at the type of behavior exhibited by a specific program and matching it with the type of behavior associated with particular viruses, worms or trojans.

They get this information primarily from submissions of clients who send suspected files to them for analysis. All major antivirus vendors have posted instructions for doing this.

Here is the link on how viruses work:

http://www.zdnet.com/devhead/stories/articles/0,4413,382431,00.html

Here's a link on how antivirus programs work which I just found by plugging "heuristic detection" into google. They cover four methods, I haven't had time to read it yet though:

http://cse.stanford.edu/classes/cs201/projects-00-01/viruses/anti-virus.html
 

andyoaks

Thread Starter
Joined
Nov 17, 2001
Messages
153
Thanks for the links Rog. The second informs us that it is only known viruses that are detected.
'Currently, when a new virus is discovered (unfortunately only through execution,) samples are sent to virus analysis centers. These centers analyze the virus, and extract a unique string from the virus that will identify it. This and other information about the virus is added into a database that users can then download'
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top