[EVERY COMPUTER GEEK SHOULD KNOW THIS][MUST READ]
This is a must read doc every one should read this to increace your hacking knowledge this is created by me.
So guyzz..evry body uses antivirus but did you ever try to know that, how it works ? how it functions? what is the coding used by antiviruses to decode the threats? why you should regularly update your database? so, dont worry ,herre i will be giving you theanswers of all the above ques.:D..!!!
Working of anti-virus involves two basic technologies namely:
1. Dictionary based continuous and fragmented string search
2. Suspicious activity detection (process manipulation)
now let us take the first article ie,
1. Dictionary based continuous and fragmented string search
As the name is suggesting antiviruse is a dictionary of viruses & threat 's malicous coding which is present in its database and thru this database it compares the original malicious codes which is present i the file to the code present in its database and when the codes matches it gives the threat warning as a detection wether it is a trojan,malware,backdoor,rootkit,worms..etc
here m showing a example to you:
Now consider an hypothetical example for better understanding, suppose you have a file whose code is something like below:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Now when a virus infects a file what it does it manipulates the original file and adds some extra code or functionality to it so that the behavior of file changes that means that defers from its normal functioning. So after virus infection file becomes something like this:
ABCDEFGHIJKLMNOPQRSTUVWXYZ012345 [now this, 012345 is the string that virus has attached to the file after infection]
Now what does anti-virus database contains is that 012345 string . It matches the string in database with string in program or code and if it matches it identifies it as a virus.
Note: This all processing is done on binary format of codes and sometimes executable.
This coding can be manupulated by using crypters and through the crypter this malicious coding can be easily hide by antivirus . so this phenomena is usd to crypt your trojan/stealer to make it FUD...:DThat's the main reason why anti-virus needs updates regularly. Anti-virus companiesdaily adds new detected strings to their database so that the user can remain secure.
[ WHILE CONCLUDING THIS PART I WANT TO SAY THAT ALMOST 70-90% TOOLS WE DOWNLOAD ARE INFECTED BY HACKERS THEY CRYPT THE TOOL TO MAKE IT FUD ND CAN EASILY STEAL DATA FROM COMPUTERS. ]
now lets move on to second part of article ie.
2. Suspicious activity detection (process manipulation)
This method is slightly diffrent from the above as it doesnot contain any comparision of codings ,rather it is done by the normal working &behaviour of any program/software.
In this ,first an antivirus notices how the software or program runs in a normal way before any infection and saves the recorded data in its database.
now , whenever a program gets attacked or manupulated by infections or threats
the antivrus notices that functions r not working same as it ws previously doing so..it will detect the process as warning or block that process. this is only the principle which is based on the detections of keygens,patches,cracks as viruses coz they modify the functioning of original software nd changes there normal behaviour illegaly .
The main drawback of this technique is that its quite annoying as sometimes it detects normal files as virus too but if you want to keep your PC safe then you need to do what your anti-virus suggests.
[NOTE: 80% KEYGENS AND CRACKS WHICH ARE FOUND ON INTERNET ARE MANUALLY INFECTED BY THE HACKERS THEY BIND THAT FILE WITH THER TROJANS,BACKDOORS,STEALERS AND CRYPT THEM BACKDOOR IS PROGRAM WHICH WILL OPEN YOUR ALL NETWORK GATES TO A HACKER...SOO BE CARE FULL WHILE DOWNLOADING SUCH FILE..:D:D:D...;-) DONT BE AFRAID I HAVE A SOLUTION WHEN U DOWNLOAD ANY CRACK IF U DONT HAVE ANY GOOD ANTIVRUS
SO ,UPDATE YOUR ANTIVIRUS DATABASE RAGULARY. IF U USE OUTDATED ANTIVIRUSES IT IS OF NO USE.!!!
thanxxx for reading this nd do comment if you liked it...have a nice day :).
how our antivirus works /how it detects the threats? [by: devendra]