Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st34_Antivirus.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
94 lines (73 sloc)
4.42 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Malware and Antivirus | |
"Antivirus" refers to software used to detect and remove malicious | |
software, particularly Worms and Viruses. [LD comment: If we define ‘Worms’, ‘Virus’ and ‘Trojan’ in Week 6, Step 23 – we can remind students of these terms again, or add them to the glossary.]() | |
This malicious software, known as "malware", can be installed on a system | |
in a number of ways and can have many purposes. Below, we will look at | |
the ways in which these kinds of malware spread. As for their purpose, it | |
depends on the creator. Some malware steals personal data, payment | |
details and so on. Others will encrypt files and ask for a ransom to be | |
paid in order to decrypt them again, or maybe the creator just wants to | |
have control over your system to be able to use it in attacks on larger | |
targets along with potentially thousands of other infected devices. For | |
the past few years, the number of infections that result in nothing more | |
than the stealing of CPU time for mining cryptocurrencies | |
has been growing steadily - hackers are literally stealing your computing power. | |
The total number of individual malware strains is difficult to know | |
because new ones are discovered regularly, but published detection rates | |
show that the problem is serious. In 2017, Kaspersky announced that their | |
antivirus software detected around 360,000 malicious files *daily*. | |
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-detects-360000-new-malicious-files-daily | |
# Types of Malware | |
## Viruses | |
A virus is a piece of malware that spreads by inserting its own code | |
into other files. For example, you might download software from the | |
Internet, or receive files from a colleague on a USB disk that have | |
been infected. When you inadvertently activate the virus code by | |
using the transferred files, some extra computation happens in | |
addition to what you expect. You might open a document and not notice | |
anything untoward, but in the background, the virus is inserting | |
itself into other files on your system so that when you send these to | |
another party, they too will become infected. | |
The virus does not spread without transfer of files, just like a | |
biological virus requires host cells to replicate. | |
## Worms | |
A worm spreads differently to a virus, even if it's actual function | |
(the payload) is the same. Instead of relying on file transfers, a | |
worm actively seeks new hosts. Usually this is through simply | |
scanning the Internet for targets. When a new host is found, the worm | |
sends a copy of itself and the cycle continues. | |
An important point about this method of propagation is that it | |
requires a vulnerability of some sort in the host. Usually, a | |
computer system would not accept software sent directly to it and then | |
execute what it receives. The worm has to make use of some | |
misconfiguration or software flaw that allows this to happen. | |
## Trojans | |
Another way malware is installed on a system is through downloading | |
and installing software that has either built-in malware or comes | |
bundled with it. Not all software is created with benign intent, and | |
a number of "free" pieces of software have turned out to contain | |
nefarious code. | |
# Antivirus | |
Antivirus products work by detecting malicious code and then either | |
quarantining or deleting it. | |
There are two main methods employed by antivirus software to detect | |
malicious code, and any given antivirus program might use one or both. | |
Behaviour analysis monitors how software functions and what actions it | |
takes. A set of rules are defined for what "looks suspicious" and | |
when any code meets the criteria it is flagged. The benefit of this | |
kind of detection is that it can find previously unseen malware, but | |
unfortunately it can be tricked by malware creators and also can | |
suffer from false positives - benign software flagged as something | |
malicious. | |
Signature-based detection uses a database of code snippets that come | |
from known viruses. The antivirus software can check all code to see | |
if these snippets are present, suggesting a virus, worm or other | |
malware is installed. This kind of detection requires a database of | |
all known malware signatures, which is hard to maintain. Modern | |
antivirus using this method rely on constantly updated databases that | |
are sent out regularly and automatically to users' systems. There are | |
types of malware that can't be detected by signature based systems | |
because they adjust their code whenever they duplicate - a technique | |
known as "metamorphic code". | |
<!-- LocalWords: misconfiguration | |
--> |