Premium Members Get 10% Off and Earn Rewards Find Out More
Anti-Virus Tools and Techniques for Computer

Anti-Virus Tools and Techniques for Computer

Anti-Virus Tools and Techniques for Computer
Add to Wishlist
ISBN-10:
081551364X
ISBN-13:
9780815513643
Pub. Date:
01/01/1995
Publisher:
Elsevier Science
ISBN-10:
081551364X
ISBN-13:
9780815513643
Pub. Date:
01/01/1995
Publisher:
Elsevier Science
Anti-Virus Tools and Techniques for Computer

Anti-Virus Tools and Techniques for Computer

Overview

Anti-Virus Tools & Techniques for Computer

Product Details

ISBN-13: 9780815513643
Publisher: Elsevier Science
Publication date: 01/01/1995
Series: Advanced Computing and Telecommunication Series
Pages: 108
Product dimensions: 7.00(w) x 10.20(h) x 0.50(d)

Read an Excerpt


Chapter 2: Functionality

Anti-virus tools perform three basic functions. Tools may be be used to detect, identify, or remove viruses.' Detection tools perform proactive detection, active detection, or reactive detection. That is, they detect a virus before it executes, during execution, or after execution. Identification and removal tools are more straightforward in their application; neither is of use until a virus has been detected.

2.1 Detection Tools

Detection tools detect the existence of a virus on a system. These tools perform detection at a variety of points in the system. The virus may be actively executing, residing in memory, or stored in executable code. The virus may be detected before execution, during execution, or after execution and replication.

2.1.1 Detection by Static Analysis

Static analysis detection tools examine executables without executing them. Such tools can be used in proactive or reactive fashion. They can be used to detect infected code before it is introduced to a system by testing all diskettes before installing software on a system. They can also be used in a more reactive fashion, testing a system on a regular basis to detect any viruses acquired between detection phases.

2.1.2 Detection by Interception

To propagate, a virus must infect other host programs. Some detection tools are intended to intercept attempts to perform such "illicit" activities. These tools halt the execution of virus-infected programs as the virus attempts to replicate or become resident. Note that the virus has been introduced to the system and attempts to replicate before detection can occur.

All viruses cause modification of executables in their replication process. As a result, the presence of viruses can also be detected by searching for the unexpected modification of executables. This process is sometimes called integrity checking.

2.1.3 Detection of Modification

Detection of modification may also identify other security problems, such as the installation of Trojan horses. Note that this type of detection tool works only after infected executables have been introduced to the system and the virus has replicated.

2.2 Identification Tools

Identification tools are used to identify which virus has infected a particular executable. This allows the user to obtain additional information about the virus. This is a useful practice, since it may provide clues about other types of damage incurred and appropriate clean-up procedures.

2.3 Removal Tools

In many cases, once a virus has been detected it is found on numerous systems or in numerous executables on a single system. Recovery from original diskettes or clean backups can be a tedious process. Removal tools attempt to efficiently restore the system to its uninfected state by removing the virus code from the infected executable.....

Table of Contents

Part I Guide to the Selection of Anti-Virus Tools and Techniques1. Introduction2. Functionality3. Selection Factors4. Tools and Techniques5. Selecting Anti-Virus Techniques6. Selecting the Right Tool7. For Additional InformationPart II Computer Viruses and Related Threats: A Management Guide1. Introduction2. A Brief Overview on Viruses and Related Threats3. Virus Prevention in General4. Virus Prevention for Multiuser Computers and Associated Networks5. Virus Prevention for Personal Computers and Associated Networks

Appendix A—ReferencesAppendix B—Suggested Reading

Introduction

This document provides guidance in the selection of security tools for protection against computer viruses. The strengths and limitations of various classes of anti-virus tools are discussed, as well as suggestions of appropriate applications for these tools. The technical guidance in this document is intended to supplement the guidance found in NIST Special Publication 500-166, Computer Viruses and Related Threats: A Management Guide [WC89], included as Part II of this book.

This document concentrates on widely available tools and techniques as well as some emerging technologies. It provides general guidance for the selection of anti-virus tools, regardless of platform. However, some classes of tools, and most actual products, are only available for personal computers. Developers of anti-virus tools have focused on personal computers since these systems are currently at the greatest risk of infection.

From the B&N Reads Blog
Page 1 of

Related Subjects

Computers
Computers - General & Miscellaneous
Networking & Telecommunications
Computer Security
Security - Computer Networks
Computers
Computers - General & Miscellaneous
Networking & Telecommunications
Computer Security
Security - Computer Networks

Customer Reviews