Since first discovered the virus has undergone substantial technological development, as well as existing antivirus program. Unfortunately the development Antivirus virus usually only pursue development rather than trying preceded it. Antivirus lag (technology) can actually invite danger to the user.
When the viruses were detected its existence, the new viruses are always popping up with more advanced technology that makes antivirus become helpless. Antivirus old for example, can always be'tipu 'with stealth technology, so when the antivirus is trying to detect other files, a stealth virus had in fact spread itself to every file is checked.
In various magazines of course you've seen any antivirus programs "unit" (specific) that aim to detect one type of virus. Usually antivirus makers do not make the correct ways to use this antivirus program, although specific antiviral have a great risk if not used correctly.
Antivirus is only able to detect one specific type of virus (and perhaps some variants) and is usually able to disable the virus in memory. If you find a virus and you believe the name of the virus you can use this kind Antivirus, but if you do not know, you should not try. If it turns out that active virus is another virus, which certainly is not detected by antivirus, the antivirus can actually spread the virus throughout the program files are examined.
A more sinister danger is that if any antivirus detects a virus and one to clean so that the program file you are trying to fix it become damaged. This incident never happened for example in the case DenHard virus, this virus is really similar to the die hard, but this virus uses different techniques to restore the original header file, some antivirus software that tries to clean it actually damaged the program files where the virus is located. In addition to the case in DenHard virus, even this case was (and probably still will continue to) occur in some viruses. One reason the virus makers make a similar virus is so difficult to clean the virus, because the antivirus makers do not like if the virus can be easily cleaned by the user.
HAZARD SOURCE ANTIVIRUS PROGRAM
Antivirus programs can be dangerous because it causes the following:
* Some antivirus programs using only simple techniques that can easily be deceived by the virus example antivirus program just to check a few bytes at the beginning of the virus, the virus could have made another version of the same virus at the beginning but it differs in important parts , for example in routine encryption / decryption header of the original file. This will make the antivirus program into a file rather than a rescue destroyer file. Some antivirus software can also be deceived by varying the antivirus signature files. Signature file is a file that contains the ID of any known viruses by antivirus, if ID is in changing the antivirus would not know him. A good antivirus should be able to check if the file signature is changed.
* Antivirus program does not create a backup file is cleared. Often the antivirus program (mainly specific) does not provide a means to create backup files are cleared, but this is very important if the cleaning process failed.
* Antivirus programs do not do self-check. Self check is necessary, the antivirus program can only be changed by someone else before getting into the hands of users. Commercial antivirus programs usually performs a self check to make sure he was not modified by anyone, but some are not and this is dangerous. At the local antivirus programs, which are often included on some computers article, typically includes source code, you should compile the source yourself if you doubt the authenticity of his exe file.
* Antivirus Program resident can easily turn off a good Antivirus resident should not be detected and uninstalled with ease. Examples of poor resident antivirus is VSAFE (in the DOS package). VSAFE can be detected and disabled by using the interrupt (try you learn / debug vsafe program in DOS so you understand). Users will get a false sense of security by using this kind of antivirus. There is no sense of security was better than a false sense of security.
* Antivirus program does not give warning expired. Over time, viruses are popping up more and more and more sophisticated techniques. A good antivirus program should give a warning if used Antivirus'm too out of date. This is important so that antiviral events that spread the virus does not recur.
YOU NEED TO DO THIS AS A USER
As a user's antivirus program there are several things you can do to minimize the risk of the use of antiviral
1. Look for a good antivirus, well here it means the program can be trusted to
detect and eradicate the viruses that exist. Do not be lulled by the promises offered by the antivirus vendors, and do not be lulled also with a fairly well-known brand name. Try to find comparisons between various antivirus in various magazines / websites on the internet.
2. Always use the latest Antivirus, you can get it from the Internet or from some magazine. Antivirus which long had a substantial risk if used (more than 6 months have been very dangerous).
3. Make a backup for your data and programs are important.
4. Perform a virus cleaning process correctly if you find a virus
5. Make sure that your antivirus program can is the original, it is possible someone has changed the antivirus, or maybe menularinya with a virus.
6. Contact an expert if you feel unable to cope with the virus on your computer or network.
A good step cleaning process is as follows:
If you run a personal computer
1. Boot your computer with a clean startup disk from viruses (and write-protected)
2. Run the virus scanner / cleaner on an infected file
3. Try running the file, if the file becomes damaged, do not go on anymore
4. If the program can run smoothly, once again experimented with in some files (look for a size small, medium and large). The file size is greater need to be checked, this file usually contains internal overlay that makes the file is damaged if exposed to the virus.
If you are a network administrator, we recommend you take a sample of the virus to a floppy and tried to clean it on another computer, this is done to not interfere with work that is likely being done by others. It is also to anticipate, the possibility of a new virus that is similar to other viruses (imagine what would happen if there is one cleaning so the entire program on the network becomes unusable!). If it fails to clean you need to call an expert to deal with, or seek further information on the Internet. Experiments on some files aim to prevent false or incorrect detection and repair by antivirus programs. If the virus is considered dangerous and activities using the network can be delayed temporarily, perhaps to temporarily shut down the network.
PROGRAMMER AS YOU NEED TO DO THIS
Currently, to become a good antivirus programmer is not easy, you need to know the techniques of programming a virus that every day more and more difficult. Antivirus program that you create should also follow the development of virus technology. To make a good antivirus program is not easy, but there are some things you need to remember as a maker of Norton Antivirus if you want a program you use someone else, and do not endanger the person
1. Your program should be able to kill viruses in memory, and can give a
warning if there is something strange on the user's computer memory (eg a
large base to less than 640 Kb)
2. In making the ID viruses select multiple locations, a good location is at the
beginning of the virus and on the important viruses (eg the decryption
header in the original program) is to make sure nothing is changing
locations and encryption system (if any) header of the original program.
3. If the data / header in encrypt, verify the data obtained from the calculation,
for instance see whether the CS and the original IP in the can from the
calculations are still in the file size limit, or whether the first JMP instruction
at reasonable COM files (less than the length of the file).
4. Create a backup file if the file is cleared feared damaged
5. Perform self-check at the beginning of the program. If not all parts of the
program could be in the self check, the ID virus needs to be examined
whether the change or not (eg checksum).
6. Make a clear explanation on how to use antivirus
7. If the program can only be run in DOS when the program is run always
check whether the program actually running in DOS
8. If you want to create an antivirus program resident, do not wear ID viruses
which are not encrypted in memory, other antivirus which antivirus you are
not familiar with it, it will assume the existence of a (or several) active virus
in memory. This can happen, because some anti-virus scans all memory of
the ID virus.
9. For non-resident antivirus technique No. 8 also needs to be used, this need
for other antivirus programs do not think the program is exposed to the
virus. Sometimes the programs also leave a mark in memory, which may be
suspected by other antivirus as a virus. If you do not want to apply these
techniques, you can erase the memory variable ID virus after use.
10.If possible, for polymorphic viruses that use heuristic methods (and / or
emulation) to scan and emulation techniques to decrypt, or restore the
original program.
Should these 10 things enough, you can add your own things if necessary. For example, the scanning speed problems and others.
Conclusions and closing
Presumably after reading the above articles, users and programmers can get antivirus new knowledge about antivirus computer. For users of antivirus, you should more carefully, and diligently to update your antivirus. It is very necessary, especially for those who connect to the Internet, many viruses that spread themselves through e-mail, and by exploiting some bug of the email client you some viruses can be spread without your awareness (when the article was made, there are reports from trusted sources that there is a bug in Outlook that allows attachment in execution without the knowledge of the user).
For anti-virus programmers, presumably you are moved to learn some more about the virus techniques, and techniques for membasminya. Today virus writers in Indonesia have not too much, but later when it emerged a variety of high-tech artificial virus with the nation itself, of course, we should be able membasminya (properly of course), would not we be ashamed, if you have to rely on foreign-made antivirus ?.
This article is not a complete article about the making of a good antivirus program, also not a complete tutorial on the use of antivirus software properly, but just a short article for the users and programmers more wary of viruses with more attention to aspects of antivirus.
Authors: Johannes Nugroho
source: http://www.klik-kanan.com/bahaya-program-anti-virus.htm
My friend
Search
» » Tell People About Me « «
Tukaran Link? Copy/paste code HTML berikut ke blog anda
0 komentar:
Posting Komentar