Spiga

Secret Of AntiVirus


How The AntiVirus Works In A Computer


AntiVirus software has a few methods to detect malicious code (virus, Trojan, stealth, ghost). The first thing to understand is most networks use either TCP/IP RFC 793 or IPX. Both are built with layers (OSI Model,internet protocol) to provide communication across cables, airwaves, etc. These layers break down how the communication will take part between computers. Examples are games versus database access.

The Virus signatures are patterns that are matched by the antivirus software within these communication layers. Most viruses do have patterns, but some don't. That is when the intelligent engine in the antivirus software takes over. The OSI model has rules applied through RFC793 (www.rfc.net), and when these rules are broken the antivirus program can sense or detect and report.

Most antivirus software will offer to delete or contain (quarantine) the malicious code. Remember, the antivirus program runs in the random access memory (RAM or memory) of a computer. All communication from that computer through TCP/IP or IPX is programmed to be monitored by the antivirus software, thus when malicious code is detected it is stopped before it can damage the computer.


How antivirus software and System Restore work together

The System Restore in Windows XP, restore your computer to a previous state, and you do not lose personal data files (such as Word documents, graphic files, and e-mail). System Restore actively monitors computer file changes and some program file changes to record or store earlier versions before the changes occurred. You do not have to take computer snapshots because System Restore automatically creates identifiable restore points that you can use to revert to a previous time. Restore points are created when significant computer events occur (such as the installation of a program or a driver) and periodically (each day).

System Restore monitors, records, and in some cases copies these files before they are modified,to help protect critical computer and program files. For example, when a procedure or a program (such as an upgrade, an inadvertent user change, a driver installation, or a virus) modifies a critical computer file or program file, System Restore records and saves a copy of the file before the change occurs. If a problem occurs, a restore operation can replace files with previously saved versions of those files. Antivirus programs use auto-detection or scanning mechanisms to monitor critical and personal files on the computer for signs of infection. The antivirus program then takes action to clean, remove, or quarantine (isolate) files that known viruses have infected. System Restore also tracks an antivirus program when it modifies (cleans), moves, or deletes a monitored, critical, computer or program file.During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.Signature files for antivirus programs are updated as viruses become known. As a result, a restoration that did not work several days ago might succeed after the antivirus program is updated. However, if you undo and retry a restoration to a point that succeeded before, the restoration may not work if a new signature or definition detects a virus that the antivirus program cannot clean on a backed-up file.

0 comments: