• Home
  • Archives
  • Homesteading
  • History
Home Archives Homesteading History

Antivirus Basics: Three Essential Parts

By Steve Hardwick, CISSP

In an allied article, I outline some of the best practices to evaluate antivirus programs. But what are the key elements needed for a virus attack?

Motive. The two predominant motives today are financial and political. In the financial case hackers can either gain direct results or indirect results. Direct would be in the case of ransomeware, the hacker receives payment directly from the target. Indirect would involve either selling information garnered from an attack, or simply renting out the compromised machine. There are many site on the Dark Web that provide markets for stolen credit cards, or just the sale of bot nets.

There is a lot of evidence that viruses are used for political purposes. Perhaps the most famous is Stuxnet. These types of viruses, they tend to be very sophisticated and difficult to detect and remove

Means. A virus needs a place to penetrate the operating system or applications to infect it. The hacker will review the detailed operation of these pieces of software and determine a method to circumvent their normal operation. This is an exploit. For an exploit to work, the compromised software must be on the machine. In many cases unpatched software can exist on machines for months. This leaves a fertile ground for the hackers. A significant portion of new viruses are merely varietals of a previous one continuing to use an existing exploit.

Opportunity. Since the virus is essentially a program in its own right, it must be downloaded and installed on the target computer. The first part is downloading the virus. There are several ways to do this. The easiest is to have the user do it through a click on something in a webpage. Email attachments are also virus vectors.

Conversely, the virus can go from one machine to the next via wireless networks or bluetooth connections. Once the program is on the machine, it needs to be installed and activated. This part is can either be done in background, especially on Windows systems. Or the user can be tricked into installing the program as it hides inside another program, a method known as a Trojan horse.

Good anti-virus programs prevent the means and opportunity, so malware cannot exploit them. Some exploits, especially in applications, may be independent of the operating system. As new exploits are discovered, the anti-virus application must also adapt. This is also true of the second function the anti-virus will perform. It will examine various files, often as they are downloaded, to detect viral payloads. The program is looking for patterns, or signatures, in the data that denote a virus. Typically the program will use a library of signatures, or dictionary, to scan for malicious content. Since it is constantly looking for viruses the program is running continuously.

Once a virus is discovered it needs to be removed. Some  complex malware involves intricate steps to disable and remove it. More importantly, once the virus has been discovered it must be prevented from doing any more harm. This is quarantining. Having the ability to quarantine and then safety remove the malware is a critical attribute of any solution.

Search

Recent Posts

  • Poll shows sites slow to leave 3000
  • Moving the 3000 Into HP’s Gray Areas
  • So now it's 50 years
  • 3000's legacy tales now include tax fraud
  • Graduate to more HP 3000 performance
  • Understanding how to use Mirrored Disk on HP 3000s
  • 3000 Network Hardware: Routers and Switches and Hubs, Oh My!
  • Remote storage emerges as HP 3000 solution
  • Now, HP's Unix transitions to legacy
  • Making Emulation Serve Migration

Categories

  • Hidden Value (419)
  • History (514)
  • Homesteading (2108)
  • Migration (1567)
  • News Outta HP (894)
  • Newsmakers (1121)
  • Newswire Classics (29)
  • Podcasts (76)
  • User Reports (403)
  • Web Resources (487)
See More
Fall 2014 Newswire front page
2007-2015 print editions

Archives

  • December 2022
  • November 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • May 2021

Recent Comments

  • Alan on Graduate to more HP 3000 performance
  • Marise on Graduate to more HP 3000 performance
  • Jim Rogers on Making Your Legacy Foundation Open
  • Patrick Thrapp on Worst Practices: Staying on HP's 3000s?
  • Abby Lentz on Making today's switches handle 9x7s?
  • Frank McConnell on SSD devices head for certain failures
  • Terry Floyd on What MANMAN sites didn't know until now
  • Suresh Dasari on TBT: The Flying HP 3000
  • Frank McConnell on Hurricane season was a hit with a 3000 show
  • Randy Stanfield on How HP-UX has now helped MPE/iX users
  • NewsWire Classic Gateway
Top