Since the discovery of the virus has undergone considerable technological development, as well as existing antivirus program. Unfortunately the development Antivirus usually only pursue the development of the virus and not try to intercept them. Antivirus is up (technology) can actually invite danger to the wearer.
When the viruses were detected its existence, the new viruses are always popping up with more advanced technology that makes antivirus become helpless. Antivirus old for example, can always be made with stealth technology, so when the antivirus is trying to detect files that other, was actually a stealth virus that spread itself to every file that is checked.
In various magazines of course, you often see any antivirus programs special unit (specific) which aim to detect one type of virus. Normally the antivirus makers do not make the correct ways to use this antivirus program, although specific antiviral are at great risk if not used correctly.
Antivirus can detect only one specific type of virus (and possibly some of its variants) and is usually able to disable the virus in memory. If you find a virus and you are sure the name you can use the Antivirus virus of this kind, but if you do not know, you should not try. If you find that active virus is another virus, which is certainly not detected by antivirus, the antivirus can actually spread the virus exist throughout the program files are examined.
The danger is even scarier is that if one of the antivirus detects a virus and one to clean so that the program file you are trying to fix it become damaged. This incident never happened for example in the case DenHard virus, the virus is really similar to the die hard, but these viruses use different techniques to restore the original header file, some antivirus trying to clean it destroys the virus's program files are located. In addition to the case DenHard virus, even this case ever (and probably still will continue to) occur in some viruses. One reason the virus makers make a similar virus is a virus that is difficult to clean, because the antivirus makers do not like it if the virus can easily be cleaned by the user.
HAZARD SOURCE ANTIVIRUS PROGRAM
Antivirus programs can be dangerous because of the following reasons:
Some antivirus programs using only simple techniques that can easily be devised by the virus for example an antivirus program to check only a few bytes at the beginning of the virus, the virus could have made other versions of the same virus at the beginning but it differs in important parts, for example in routine encryption / decryption of the original file header. This would make a destroyer antivirus program file is not the savior file. Some antivirus can also be tricked by varying the antivirus signature files. Signature file is a file that contains the ID of any known viruses by antivirus software, if the ID is the change then the antivirus will not know him. A good antivirus should be able to check if the file signature is changed.
Antivirus programs do not create a backup file is cleared. Often the antivirus program (mainly specific) does not provide a means to create backups of the files cleaned up, but this is very important if the cleaning process failed.
Antivirus programs do not do self check. Self check is necessary, the antivirus program can only be changed by someone else before getting into the hands of users. Commercial antivirus programs usually do a self check to make sure he was not modified by anyone, but some are not and this is dangerous. At the local antivirus programs, which often included several articles on computers, typically include source code, you should compile your own source if you are in doubt on the authenticity of his exe file.
Antivirus programs can be resident in the off easily Antivirus resident who either should not be detected and uninstalled easily. Examples of poor resident antivirus is VSAFE (in the DOS package). VSAFE can be detected and disabled by using the interrupt (try you learn / debug vsafe existing programs in DOS so you understand). Users will get a false sense of security by using this kind of antivirus. There is no sense of security was better than a false sense of security.
Antivirus programs do not give warnings expired. Over time, viruses are popping up more and more sophisticated techniques. A good antivirus program should give a warning if the Antivirus used is too out of date. This is important so that antiviral events that spread the virus did not recur.
HERE'S WHAT YOU NEED TO DO AS A USER
As the user's antivirus program there are several things you can do to minimize the risks of using antiviral
Look for a good antivirus, well here it means the program can be trusted to detect and eradicate viruses that exist. Do not be seduced by the promises offered by the antivirus vendor, and do not be lulled by the name of the brand is quite famous. Try to find comparisons between various antivirus in various magazines / websites on the internet.
Always use the latest Antivirus, you can get it from the Internet or from magazines. Antivirus old are at great risk if used (more than 6 months have been very dangerous).
Make a backup for your data and programs are important.
Make the process of cleaning the virus correctly if you find a virus
Make sure that your Antivirus programs can is the original, it is likely someone has changed the antivirus, or perhaps menularinya with a virus.
Call an expert if you feel unable to cope with a virus on your computer or network.
A good step cleaning process is as follows:
If you run a personal computer
Boot your computer with a startup floppy disk clean of viruses (and write-protected)
Run the program a virus scanner / cleaner on an infected file
Try running the file, if the file becomes corrupted, do not go on anymore
If the program can run smoothly, piloted once again on some files (look for the small size, the medium and large). The file size is huge need to be checked, this file usually contains internal overlay that makes the file is damaged if exposed to the virus.
If you are a network administrator, you should take a sample of the virus to a floppy disk and try to clean it on another computer, this was done not to disturb the work was probably done by someone else. It is also to anticipate, the possibility of a new virus that is similar to other viruses (imagine what would happen if something goes wrong cleaning so the entire program on the network becomes unusable!). If it fails to clean you need to call an expert to deal with, or seek further information on the Internet. Experiments on several files aim to prevent false or incorrect detection and repair by antivirus programs. If the virus is considered dangerous and activities using the network can be postponed temporarily, perhaps to temporarily shut down the network.
PROGRAMMER IF YOU DO THIS YOU NEED
Nowadays to be a good antivirus programmer is not easy, you need to know the techniques of programming a virus that is every day more and more difficult. Antivirus program that you create should also follow the development of virus technology. To make a good antivirus program is not easy, but there are some things you need to remember as a maker of antivirus if you want to program you used another person, and not endanger the person
Your program should be able to turn off the virus in memory, and can give a warning if there is something strange on the user's computer memory (eg a large base to less than 640 Kb)
In making the ID viruses select multiple locations, a good location is at the beginning of the virus and the important viruses (eg the decryption header in the original program) is to make sure nothing is changing locations and encryption system (if any) the original program header.
If the data / header encrypt, verify the data obtained from the calculations, for instance see whether the CS and the original IP in the can from the calculations still within the limits of the file, or whether the first instruction in the COM file jmp reasonable (less than the length of the file).
Create a backup file if the file is cleaned feared damaged
Do a self check at the beginning of the program. If not all parts of the program can be self check, the ID viruses need to be examined whether changed or not (eg checksum).
Make a clear explanation of how the use of antiviral
If the program can only be run in DOS when the program is run always check whether the program is actually running in DOS
If you want to create an antivirus program resident, do not wear ID viruses which are not encrypted in memory, other antivirus which antivirus you are not familiar with it, it will assume the existence of a (or several) active virus in memory. This could happen, because some antivirus scan all memory of the ID virus.
For a non-resident antivirus technique No. 8 also needs to be used, is necessary for the other antivirus programs do not think the program is exposed to the virus. Sometimes the programs also leave scars in memory, which may be suspected by other antivirus as a virus. If you do not want to apply these techniques, you can erase the memory variable ID virus after use.
If possible, for polymorphic viruses that use heuristic methods (or emulation) to scan and emulation techniques to decrypt, or restore the original program.
10 things that should be enough, you can manually add it if necessary. Eg problems scanning speed and others.
Presumably after reading the above article, users and antivirus programmers can gain new knowledge about the computer's antivirus. For users of antivirus, you should more carefully, and diligently to update your antivirus. It is very necessary, especially for those who are connected to the Internet, many viruses that spread themselves via e-mail, and by utilizing some of the bugs from the email client you some viruses can be spread without your knowing it (the time this article was made, there are reports from reliable sources that there is a bug in Outlook that allow attachment in execution without the knowledge of the user).
For the programmer antivirus, presumably you are moved to learn some more about the techniques of virus, and techniques to eradicate. Today virus writers in Indonesia have not been too much, but later when it emerged a variety of high-tech artificial virus with the nation itself, of course, we should be able to remove it (properly of course), would not we be ashamed, if you have to rely on foreign-made antiviral ?.
This article is not a complete article about the making of a good antivirus program, nor is it a complete tutorial on the use of antiviral properly, but only a short article for the users and programmers more aware of viruses with more attention to aspects of the antivirus.
When the viruses were detected its existence, the new viruses are always popping up with more advanced technology that makes antivirus become helpless. Antivirus old for example, can always be made with stealth technology, so when the antivirus is trying to detect files that other, was actually a stealth virus that spread itself to every file that is checked.
In various magazines of course, you often see any antivirus programs special unit (specific) which aim to detect one type of virus. Normally the antivirus makers do not make the correct ways to use this antivirus program, although specific antiviral are at great risk if not used correctly.
Antivirus can detect only one specific type of virus (and possibly some of its variants) and is usually able to disable the virus in memory. If you find a virus and you are sure the name you can use the Antivirus virus of this kind, but if you do not know, you should not try. If you find that active virus is another virus, which is certainly not detected by antivirus, the antivirus can actually spread the virus exist throughout the program files are examined.
The danger is even scarier is that if one of the antivirus detects a virus and one to clean so that the program file you are trying to fix it become damaged. This incident never happened for example in the case DenHard virus, the virus is really similar to the die hard, but these viruses use different techniques to restore the original header file, some antivirus trying to clean it destroys the virus's program files are located. In addition to the case DenHard virus, even this case ever (and probably still will continue to) occur in some viruses. One reason the virus makers make a similar virus is a virus that is difficult to clean, because the antivirus makers do not like it if the virus can easily be cleaned by the user.
HAZARD SOURCE ANTIVIRUS PROGRAM
Antivirus programs can be dangerous because of the following reasons:
Some antivirus programs using only simple techniques that can easily be devised by the virus for example an antivirus program to check only a few bytes at the beginning of the virus, the virus could have made other versions of the same virus at the beginning but it differs in important parts, for example in routine encryption / decryption of the original file header. This would make a destroyer antivirus program file is not the savior file. Some antivirus can also be tricked by varying the antivirus signature files. Signature file is a file that contains the ID of any known viruses by antivirus software, if the ID is the change then the antivirus will not know him. A good antivirus should be able to check if the file signature is changed.
Antivirus programs do not create a backup file is cleared. Often the antivirus program (mainly specific) does not provide a means to create backups of the files cleaned up, but this is very important if the cleaning process failed.
Antivirus programs do not do self check. Self check is necessary, the antivirus program can only be changed by someone else before getting into the hands of users. Commercial antivirus programs usually do a self check to make sure he was not modified by anyone, but some are not and this is dangerous. At the local antivirus programs, which often included several articles on computers, typically include source code, you should compile your own source if you are in doubt on the authenticity of his exe file.
Antivirus programs can be resident in the off easily Antivirus resident who either should not be detected and uninstalled easily. Examples of poor resident antivirus is VSAFE (in the DOS package). VSAFE can be detected and disabled by using the interrupt (try you learn / debug vsafe existing programs in DOS so you understand). Users will get a false sense of security by using this kind of antivirus. There is no sense of security was better than a false sense of security.
Antivirus programs do not give warnings expired. Over time, viruses are popping up more and more sophisticated techniques. A good antivirus program should give a warning if the Antivirus used is too out of date. This is important so that antiviral events that spread the virus did not recur.
HERE'S WHAT YOU NEED TO DO AS A USER
As the user's antivirus program there are several things you can do to minimize the risks of using antiviral
Look for a good antivirus, well here it means the program can be trusted to detect and eradicate viruses that exist. Do not be seduced by the promises offered by the antivirus vendor, and do not be lulled by the name of the brand is quite famous. Try to find comparisons between various antivirus in various magazines / websites on the internet.
Always use the latest Antivirus, you can get it from the Internet or from magazines. Antivirus old are at great risk if used (more than 6 months have been very dangerous).
Make a backup for your data and programs are important.
Make the process of cleaning the virus correctly if you find a virus
Make sure that your Antivirus programs can is the original, it is likely someone has changed the antivirus, or perhaps menularinya with a virus.
Call an expert if you feel unable to cope with a virus on your computer or network.
A good step cleaning process is as follows:
If you run a personal computer
Boot your computer with a startup floppy disk clean of viruses (and write-protected)
Run the program a virus scanner / cleaner on an infected file
Try running the file, if the file becomes corrupted, do not go on anymore
If the program can run smoothly, piloted once again on some files (look for the small size, the medium and large). The file size is huge need to be checked, this file usually contains internal overlay that makes the file is damaged if exposed to the virus.
If you are a network administrator, you should take a sample of the virus to a floppy disk and try to clean it on another computer, this was done not to disturb the work was probably done by someone else. It is also to anticipate, the possibility of a new virus that is similar to other viruses (imagine what would happen if something goes wrong cleaning so the entire program on the network becomes unusable!). If it fails to clean you need to call an expert to deal with, or seek further information on the Internet. Experiments on several files aim to prevent false or incorrect detection and repair by antivirus programs. If the virus is considered dangerous and activities using the network can be postponed temporarily, perhaps to temporarily shut down the network.
PROGRAMMER IF YOU DO THIS YOU NEED
Nowadays to be a good antivirus programmer is not easy, you need to know the techniques of programming a virus that is every day more and more difficult. Antivirus program that you create should also follow the development of virus technology. To make a good antivirus program is not easy, but there are some things you need to remember as a maker of antivirus if you want to program you used another person, and not endanger the person
Your program should be able to turn off the virus in memory, and can give a warning if there is something strange on the user's computer memory (eg a large base to less than 640 Kb)
In making the ID viruses select multiple locations, a good location is at the beginning of the virus and the important viruses (eg the decryption header in the original program) is to make sure nothing is changing locations and encryption system (if any) the original program header.
If the data / header encrypt, verify the data obtained from the calculations, for instance see whether the CS and the original IP in the can from the calculations still within the limits of the file, or whether the first instruction in the COM file jmp reasonable (less than the length of the file).
Create a backup file if the file is cleaned feared damaged
Do a self check at the beginning of the program. If not all parts of the program can be self check, the ID viruses need to be examined whether changed or not (eg checksum).
Make a clear explanation of how the use of antiviral
If the program can only be run in DOS when the program is run always check whether the program is actually running in DOS
If you want to create an antivirus program resident, do not wear ID viruses which are not encrypted in memory, other antivirus which antivirus you are not familiar with it, it will assume the existence of a (or several) active virus in memory. This could happen, because some antivirus scan all memory of the ID virus.
For a non-resident antivirus technique No. 8 also needs to be used, is necessary for the other antivirus programs do not think the program is exposed to the virus. Sometimes the programs also leave scars in memory, which may be suspected by other antivirus as a virus. If you do not want to apply these techniques, you can erase the memory variable ID virus after use.
If possible, for polymorphic viruses that use heuristic methods (or emulation) to scan and emulation techniques to decrypt, or restore the original program.
10 things that should be enough, you can manually add it if necessary. Eg problems scanning speed and others.
Presumably after reading the above article, users and antivirus programmers can gain new knowledge about the computer's antivirus. For users of antivirus, you should more carefully, and diligently to update your antivirus. It is very necessary, especially for those who are connected to the Internet, many viruses that spread themselves via e-mail, and by utilizing some of the bugs from the email client you some viruses can be spread without your knowing it (the time this article was made, there are reports from reliable sources that there is a bug in Outlook that allow attachment in execution without the knowledge of the user).
For the programmer antivirus, presumably you are moved to learn some more about the techniques of virus, and techniques to eradicate. Today virus writers in Indonesia have not been too much, but later when it emerged a variety of high-tech artificial virus with the nation itself, of course, we should be able to remove it (properly of course), would not we be ashamed, if you have to rely on foreign-made antiviral ?.
This article is not a complete article about the making of a good antivirus program, nor is it a complete tutorial on the use of antiviral properly, but only a short article for the users and programmers more aware of viruses with more attention to aspects of the antivirus.
No comments:
Post a Comment