Detect Virus in Computer

Many of us wonder how our Antivirus software scans for virus, worm, trojan. When we scan a computer or folder or local drive for virus what actually happens during the virus scan period?

What are techniques applied to trace the virus existence in computer?

There are five (5) techniques used by anti virus program to detect virus:
1. Signature Based Scan.
2. Heuristic Based Scan.
3. Threat Sense Technology.
4. Artificial Intelligence.
5. Proactive Defense.

Signature Based Scan:
Traditionally, Antivirus solutions have relied strongly on signature-based scanning, also referred to as “scan string-based technologies”. Signature based scanning anti virus program searches within given files for the presence of certain strings (also only in certain regions). If these predefined strings are found, then antivirus report “A Threat has been detected”.

According to Mcafee Lab, hundreds of viruses are released every day on internet, so it’s gigantic task to catch all those viruses. So, anti virus research labs will be working round the clock in tracking of new viruses and then designing new patches to anti virus program so, in this way anti virus program detect the latest unknown viruses and threats.

Heuristic Based Scan:
The first heuristic engines were introduced to detect DOS viruses in 1989. Heuristic is an adjective for methods that help in problem solving. In this scanning, anti virus program searches instructions or commands within a file that are not found in typical good application programs. As a result, a heuristic engine is able to detect potentially malicious files and report them as a virus.

Threat Sense Technology:
Earlier when a virus was found in computer then it was detected by antivirus experts after many days. By that period of time virus had done enough damage to millions of computers around the world. Now a days anti virus experts designed Threat Sense Technology, this technology monitoring the computer activities when a certain files does suspicious activity in computer, anti virus program keep eye on that file. Next, when you update your anti virus these files are send to anti virus labs of that anti virus that you are using. The security experts then analyze the file, if it is a virus or malicious code then they make it’s signatures and updates the anti virus program. So in this way virus can be caught by anti virus program within very short period of time.

Artificial Intelligence:
These programs monitor you computer activities. If any dangerous or specious activity occurred by a file, then anti virus program inform the user and give some options to user to perform certain actions. Now user of that computer has to take decision whether it is a virus file or something useful file. If user takes wrong decision then the software which is reported by anti virus get corrupted and antivirus quarantined.

Proactive Defense:
There is another technology in anti virus program is “Proactive Defense”. When any program or process in computer gets executed, then “Proactive Defense” tells the user about the activity of the program and asks user whether to allow it or to block the program or process execution.

Files get corrupt by Hackers

An attacker may be able to insert malicious code into any file, including common file types that you would normally consider safe. These files may include documents created with word processing software, spreadsheets, or image files. After corrupting the file, an attacker may distribute it through email or post it to a website. Depending on the type of malicious code, you may infect your computer by just opening the file.

When corrupting files, attackers often take advantage of vulnerabilities that they discover in the software that is used to create or open the file. These vulnerabilities may allow attackers to insert and execute malicious scripts or code, and they are not always detected. Sometimes the vulnerability involves a combination of certain files or only affects certain versions of a software program.

What problems can malicious files cause?

There are various types of malicious code, including viruses, worms, and Trojan horses. However, the range of consequences varies even within these categories. The malicious code may be designed to perform one or more functions, including
Interfering with your computer's ability to process information by consuming memory or bandwidth
Installing, altering, or deleting files on your computer
Giving the attacker access to your computer
Using your computer to attack other computers

How can you protect yourself?

Use and maintain anti-virus software: Anti-virus software can often recognize and protect your computer against most known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Use caution with email attachments: Do not open email attachments that you were not expecting, especially if they are from people you do not know. If you decide to open an email attachment, scan it for viruses first. Not only is it possible for attackers to "spoof" the source of an email message, but your legitimate contacts may unknowingly send you an infected file. If your email program automatically downloads and opens attachments, check your settings to see if you can disable this feature.

Be ware of downloadable files on websites: Avoid downloading files from sites that you do not trust. If you are getting the files from a supposedly secure site, look for a website certificate. If you do download a file from a website, consider saving it to your computer and manually scanning it for viruses before opening it.

Keep software up to date: Install software patches so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

Take advantage of security settings: Check the security settings of your email client and your web browser. Apply the highest level of security available that still gives you the functionality you need.

Mail Account Security

This article describes the Login Activity feature from within the Yahoo! Account Manager that can show you what login activity your account has had over the past several days if you are suspicious that an unauthorized person may have broken into your account.

We know that there is much concern now as to how accounts, such as your Yahoo! account can be accessed by people not authorized to do so. Yahoo! is also concerned about this and has a new feature now that can give your key information about each login your Yahoo! account has had over the last several days. The feature is called "Login Activity" and here is how it works:

1.     Please go to the Yahoo! Account Info website ( http://account.yahoo.com ). 

Note: You may be asked to log in to your Yahoo! account.

2.     Towards the middle of the page under "Sign-in and Security," select View your recent login activity. You should now be able to see all the login activity for your account for the past few days.

3.     If you feel you need to go back further, then click View More towards the bottom of the page.

Once you get there, you'll see four columns:

·         Date/Time: This indicates the date and time the account was accessed.

·         Access Type: This is the method of access such as a browser (IE, Firefox, Chrome, etc..), a mobile device, or a Yahoo! product like Yahoo! Messenger.

·         Event type – This shows exactly how the login took place.

·         Location/ IP Address - This is actually a pull-down menu that allows you to select how you wish the physical location to be displayed. (Location is selected as the default.)

·         Location - Indicates the Country and State of the computer you logged in from.

·         IP Address - Indicates the Internet Protocol Address of the computer you logged in from.

These may be the signs that your account has been compromised:

·         You normally access from just one or two computers, but you see multiple geographic locations.

·         The Access Type column shows your account was accessed from a mobile device, but you never use mobile to access your account.

If you see anything here that looks suspicious to you, we recommend that you change your account password. It is the easiest way to prevent suspicious activity.

You can also create a Yahoo! sign-in seal to prevent such illegal activity such as spam and phishing.