Internet Guide Logo

Anti Virus

Last Edit: 10/01/17

Introduction

Anti virus software - while primarily designed to protect against viruses, and to remove viruses from an infected computer system - protect users against a plethora of malware. A computer virus is classified as malware - malicious software - and spreads by attaching itself to "healthy" computer files, and then replicates by attaching itself to another computer file. Just like a biological virus will spread from one healthy body cell to another.

Anti virus software - typically wrote as 'Anti-Virus' - is software that is capable of detecting and deleting computer viruses. Anti virus software is continually updated to combat the evolution of viruses; which have become increasingly sophisticated. Basic anti virus software is usually free to download and use, but advanced versions of the software come with a "suite" of security features, such as: a firewall; spyware protection; adware protection, browser protection against hijack scripts; and can detect and remove trojan horses, cryptoviral extortion, worms, rootkits and diallers. While the "bells and whistles" anti-virus software will cost an annual fee, free anti-virus software is effective for removing the majority of malware threats.

History

The first virus to be created is believed to be Creeper: which was released in 1971, and infected computers attached to the ARPANET computer network. The computers infected by Creeper ran upon a range of operating systems; what they had in common was the ability to support packet switching and the NCP (Network Control Program) protocol. The ARPANET computer network is similar to the Internet, in that, the computers that connect to the Internet use a range of operating systems, but these operating systems support packet switching and the Internet protocol suite.

During the 1970's and 1980's, the amount of viruses was small: during this era most computers were not connected to computer networks, and therefore, it was difficult for standalone computers to become infected with a virus. However, it was evident that computer viruses - at the time, described as self replicating computer programs - could pose a serious threat to the security of computer systems.

Frederick Cohen coined the term 'computer virus' and outlined the theory behind anti-virus software in 1983-1984. Ross Greenberg was one of the pioneers of anti-virus software: he created a program called Flu-Shot in 1986, which could detect over eighty viruses. Greenberg later went on to become a member of the Internet Press Guild. Most of the anti-virus programs created in the 1980's are now defunct, but, in 1987, John McAfee created a anti-virus company, and, in 1989, Eugene Kaspersky began studying computer viruses (which he referred to as computer virology). McAfee and Kasperksy anti-virus products are still market leaders (2014).

The spread of viruses increased exponentially when the general public began using the Internet. The vast majority of computers that connect to the Internet (1990-2014) use the Windows operating system. Therefore, virus writers tend to focus on writing viruses that infect computers running a version of Windows. Due to the security threat viruses pose - due to the widespread use of the Internet, which is an ideal launching pad for viruses - there are plenty of anti-virus programs to pick from. With 'off-the-shelf' anti-virus software based on a yearly subscription service, the growth of free-subscription anti-virus software - that is downloaded from the Internet - has been rapid.

Detection

When viruses attach themselves to a "healthy" computer file they need to modify the file. When a virus modifies the file, it leaves clues which can be detected by anti-virus software; these clues are referred to as the signature of a virus. Anti-virus software will therefore have a dictionary of virus signatures, and when it scans computer files on a computer system, it will compare the contents of a file to see if it matches any of the virus signatures within it's database.

The problem with this detection method is when an anti-virus software does not have a signature for a new virus, and therefore can not detect the virus. Likewise, some viruses attempt to evolve their signature as they modify new files; these mutated viruses are known as polymorphic viruses. A new detection method is being created to detect polymorphic viruses: this detection method is known as a heuristic detection. Heuristic detection attempt to analysis polymorphic viruses when they are first created, and use this signature to analysis and detect a "footprint" within it's later variants.