Erbil Technical University

Soran Technical Institute

IT department
Second Stage

Antivirus

Prepared by: Ismahil Sabah Supervised: Abdulbast Ali

2020-2021
 Table content

Introduction…………………………………………………………………………p.2

Define Antivirus …………………………………………………………………….p.2

History of Antivirus Software………………………………………………………p.2

Features of an Effective Antivirus………………………………………………….p.3

Antiviruses are also of different types based on the OS compatibility…………...p.3

Types of Antivirus Programs……………………………………………………….p.4

Anti-Virus Program Issues………………………………………………………….p.4

How an Antivirus Program Works………………………………………………...p.5

How to Choose Antivirus Software………………………………………………...p.6

1
Introduction

Antivirus software is a class of applications that protect computers and remove malicious software or
code designed to damage computers or data. Today, malware is evolving so rapidly that some estimate
a new malware instance is created nearly every second. Conventional antivirus solutions alone are no
longer as effective as they need to be in order to counter threats. For these reasons, many of today’s
antivirus solution vendors are adopting methodologies that combine global scanning, human expert
threat analysis, industry collaboration, cloud integration, and alerting services.

Define Antivirus

Antivirus software is a type of program designed and developed to protect computers from malware
like viruses, computer worms, spyware, botnets, rootkits, keyloggers and such. Antivirus programs
function to scan, detect and remove viruses from your computer. There are many versions and types of
anti-virus programs that are on the market. However, the prime objective of any antivirus program is
to protect computers and remove viruses once detected.
Most antivirus programs incorporate both automated and manual filtering abilities. The instant
scanning option may check files - downloaded from the Internet, discs that are embedded into the PC,
and files that are made by software installers. The programmed scanning process may likewise check
the entire hard drive on a day-to-day basis. The manual scanning system enables you to check single
documents or even to scan the complete network at whatever point you feel it is necessary.

History of Antivirus Software

There are competing claims for the innovator of the first antivirus product. Possibly the first publicly
documented removal of a computer virus in the wild was performed by Brent Fix in 1987. An antivirus
program to counter the Polish MKS virus was released in 1987. Dr. Solomon’s Anti-Virus Toolkit,
AIDSTEST and Antivirus were released by in 1988. Dr. AhnChula Soo (Charles Ahn, founder of
AhnLab Inc) in South Korea also released the Anti-Virus software called ‘V1’ in June 10, 1988. By
late 1990, nineteen separate antivirus products were available including Norton AntiVirus and McAfee
VirusScan. Early contributors to work on computer viruses and countermeasures included Fred Cohen,
Peter Tippett, and John McAfee.Before Internet connectivity was widespread, viruses were typically
spread by infected floppy disks. Antivirus software came into use, but was updated relatively
infrequently. During this time, virus checkers essentially had to check executable files and the boot
sectors of floppy and hard disks. However, as internet usage became common, initially through the use
of modems, viruses spread throughout the Internet. Powerful macros used in word processor
applications, such as Microsoft Word, presented a further risk. Virus writers started using the macros to

2
write viruses embedded within documents. This meant that computers could now also be at risk from
infection by documents with hidden attached macros as programs.
Later email programs, in particular Microsoft Outlook Express and Outlook, were vulnerable to viruses
embedded in the email body itself. Now, a user’s computer could be infected by just opening or
previewing a message. This meant that virus checkers had to check many more types of files. As
always-on broadband connections became the norm and more and more viruses were released, it
became essential to update virus checkers more and more frequently. Even then, a new zero-day virus
could become widespread before antivirus companies released an update to protect against it.

Features of an Effective Antivirus

The following features of any antivirus are to be looked for when you decide on installing one
Proactive scanning for malwares, and deleting once detected
Default-Deny Protection – Default-Deny protection that is implemented to prevent the entry of
suspicious files by default.
Auto Sandbox Technology – A virtual environment where suspicious and unknown files are secluded
and run to check for any malicious activity without interfering with the normal operations.
Containment Technology – Validates and authorizes the programs that are executable and ensures that
the processes are run without effecting the regular operations of the system.

Antiviruses are also of different types based on the OS compatibility

Antivirus for Windows OS

Antivirus for Linux OS
Antivirus for Android OS
Antivirus for MAC OS

3
Types of Antivirus Programs

 McAfee
 G DATA
 ESET
 Avira
 Avast
 AhnLab
 Solomon’s Anti-Virus Toolkit
 Sophos
 Kaspersky
 F-PROT
 Symantec
 Panda
 Trend Micro
 VirIT explorer
 Norton
 AVG
 Web
 F-Secure
 Bitdefender
 ClamAV

Anti-Virus Program Issues

Unfortunately, both viruses and anti-virus programs can lead to DNS errors. When the anti-virus
database is updated, there can be errors that lead the program to think your computer is infected
when it actually isn't. This, in turn, can lead to "DNS server not responding" errors when trying to
connect.You can check to see if this is the problem by temporarily disabling your anti-virus
program. If your connectivity issue is resolved, the problem was likely caused by the program.
Changing programs or simply getting the most recent update can rectify the issue.
 

4
How an Antivirus Program Works

The first and most important task of an antivirus program is to protect, prevent, or block any malicious
activity in your computer or home and office network in real-time. The real-time protection should
trigger an alert or provide automatic action whenever a suspected or positively identified malware
When an antivirus program is installed, it will start monitoring the activity of the system by searching
files that are being accessed, transferred, or stored to or from the hard disks and external/removable
drives. Files that are being downloaded from the Internet are scanned. If a suspicious activity is
detected, the antivirus program will automatically remove the file or stop the processes that are posing
risk to your system, your contacts, or other computers or devices in on your network, unless you trust
the file that you are receiving.

Antivirus programs offer several types of detection methods to identify malware, but the most common
detection methods are heuristic analysis and by using traditional virus detection (signature-based).

1. Characteristics of a program – This is called heuristics scanning. Heuristic scanning engines work on
the principle that viruses will usually use certain “tricks” or methods of infecting, and therefore if a
program looks like it might be using those tricks, there is a possibility that the program is a virus.
Sound simple? No, not really, it’s actually incredibly hard to write a fool proof 100% effective
heuristics engine. (Engine, simply put, is just a word we use to describe the bit that drives the virus
detector and compares files to the database of known infection agents) The more aggressive heuristic
scanner may well detect large numbers of so called “False Positives” i.e., files that are really totally
innocent but look like they might alter other files, the less aggressive ones might miss files that really
are viruses. A method of heuristic analysis is for the anti-virus program to decompile the suspicious
program, and then analyse the source code contained within. In reality heuristics work quite well for
some types of viruses, such as Macro Viruses, but not so well for other types. However, they are a
reasonable attempt at providing protection against currently unknown viruses. The advantage to this
method is the fact that there is no time period when the computer is not protected after specific viruses
are released. The disadvantages include the fact that false positives may occur and some viruses may
not be identified during the length of a scan. The first heuristic engines were introduced to detect DOS
viruses in 1989. However, there are now heuristic engines for nearly all classes of viruses.

5
2. Footprint or Signature-based detection of virus program – A virus signature is a particular pattern of
‘bits’ or information contained in a virus that appears in no other file or program in the world, except
for that virus. This method is the most common method used to identify viruses and false positives are
very rare. It compares the virus footprint against a library of known footprints which match viruses. A
footprint is a pattern in the data included in a file. Using this method, viruses must be identified as
viruses, and then added to the library of footprints. The advantage to this method lies in the fact that
false positives are very rare. The disadvantage to this method is the fact that there is a time period
between when the virus is released to when the library of known footprints is updated. During this time
period, the virus will not be recognized and could infect a computer.

How to Choose Antivirus Software

The market is flooded with antivirus programs that claim to provide optimal protection for your
computer, your files, and your personal data. With such strong competition, finding the best antivirus
software for your computing needs may prove difficult. When choosing an antivirus program for your
personal use, you need to consider its effectiveness against cyber threats, its performance, the features
it includes, the operating systems it is compatible with, as well as the number of devices it can protect.

While there are plenty of free antivirus programs, they might not be such a great choice, even for a
budget-conscious buyer. For one, they never provide full protection against all threats, which means
that you’ll also have to install at least one additional anti-malware program on your PC. Most of them
are also ad-supported, which is why they’re often classified as adware. What’s more, they may even
include a spyware component so that the authors can track your browsing activity and display better-
targeted ads.

Although it’s not free, the best antivirus software is often available at a sizeable discount. These
programs are the only way to ensure that your computer and your files are protected at any given time.
They will monitor your computer 24/7 to detect and remove any existing viruses and malware, as well
as to ward off all incoming threats. In addition to your computer, they will also protect your
smartphones, tablets, smart television sets, and all other internet-connected devices without slowing
them down.
6
Reference

1. https://www.rwu.edu/sites/default/files/downloads/it/what_is_anti_virus.pdf
2. https://www.desjardins.com/ressources/pdf/f20-aide-memoire-antivirus-e.pdf?
resVer=1528830199000
3. https://www.numbones.com/2019/01/antivirus.html?m=1
4. https://lifehacker.com/the-difference-between-antivirus-and-anti-malware-and-1176942277
5. http://cba.mit.edu/events/03.11.ASE/docs/VonNeumann.pdf