Effects Of Antivirus Protection System Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Virus attacks and intrusion attempts have been causing lots of troubles and serious damages to almost all the computer users. Ever the day, one starts using a computer, virus infection becomes an issue of concern. One is always left in a frightened situation, worried about the security of crucial data, completion of mission critical tasks and achievement of important goals.

Antivirus software currently available is particularly suitable for detecting and eliminating known viruses. This traditional concept is becoming obsolete because it doesn't do anything about new threats. Encrypted viruses pose a major headache. These are viruses coded using encryption software, which cannot be identified by antivirus software. This means that they can track down and neutralize viruses despite their encryption. This is modelled on the multiple operating systems at the same time concept. It allows us to run malicious code in a protected environment so that the code can't harm our data. Antivirus can protect our system against unknown threats because it operates within a few simple rules. We could, for example, define our system registry as being off-limits to changes.

an antivirus program will take suspicious code and run it in a Virtual Machine (secure from the rest of the system) in order to see exactly how the code works and what its purpose is. The proactive antivirus technology basically involves enclosing a running application. The Antivirus is responsible for trapping downloaded applications in a controlled environment such as the temporary files folder where it monitors them for malicious code. This means that before we have a chance to release a potentially harmful virus into our network, the software will lock it away from critical network resources.


Computer virus have become today's headline news With the increasing use of the Internet, it has become easier for virus to spread Virus show us loopholes in software and Most virus are targeted at the MS Windows OS.

The first academic work on the theory of computer viruses (although the term "computer virus" was not invented at that time) was done by John von Neumann in 1949 who held lectures at the University of Illinois about the "Theory and Organization of Complicated Automata". The work of von Neumann was later published as the "Theory of self-reproducing automata". In his essay von Neumann postulated that a computer program could reproduce.

In 1972 Veith Risak published his article (Self-reproducing automata with minimal information exchange). The article describes a fully functional virus written in assembler language for a SIEMENS 4004/35 computer system.

In 1980 Jürgen Kraus wrote his diplom thesi (Self-reproduction of programs) at the University of Dortmund. In his work Kraus postulated that computer programs can behave in a way similar to biological viruses.

In 1984 Fred Cohen from the University of Southern California wrote his paper "Computer Viruses - Theory and Experiments". It was the first paper to explicitly call a self-reproducing program a "virus"; a term introduced by his mentor Leonard Adleman.

In the mid-eighties, so legend has it, the Amjad brothers of Pakistan ran a computer store. Frustrated by computer piracy, they wrote the first computer virus, a boot sector virus called Brain. From those simple beginnings, an entire counter-culture industry of virus creation and distribution emerged, leaving us today with several tens of thousands of viruses. In just over a decade, most of us have been familiar with the term computer virus. A large portion of modern computing life is to secure the information that we are creating and processing. There are many aspects of information security, ranging from physical access to ensuring that the information has not been changed in any way. One of the most high-profile threats to information integrity is the computer virus. Surprisingly, PC viruses have been around for two-thirds of the IBM PC's lifetime, appearing in 1986. With global computing on the rise, computer viruses have had more visibility in the past two years.

Antivirus" is protective software designed to defend your computer against malicious software. Malicious software, or "malware" includes: viruses, Trojans, key loggers, hijackers, dealers, and other code that vandalizes or steals your computer contents. In order to be an effective defence, your antivirus software needs to run in the background at all times, and should be kept updated so it recognizes new versions of malicious software.

Generation of Antiviruses:

First generation: (simple scanners)

scanner uses virus signature to identify virus

or change in length of programs

Second generation: (heuristic scanners)

uses heuristic rules to spot viral infection

or uses crypto hash of program to spot changes

Third generation: (activity traps)

memory-resident programs identify virus by actions

Fourth generation: (full featured protection)

packages with a variety of antivirus techniques like access control capability.

E.g. scanning & activity traps, access-controls

Despite our awareness of computer viruses, how many of us can define what one is, or how it infects computers? The Project aims to demystify the basics of computer viruses, summarizing what they are, how they attack and what we can do to protect ourselves against them.

Global Aims

The ideal solution to the threat of viruses is prevention. Do not allow a virus is get into the system in first place. This goal is in general difficult to achieve, although prevention can reduce the no: of successful viral attacks. The next best approach is to be able to do the following.

• Detection: Once the infection has occurred, determine that it has occurred and locate the virus.

• Identification: Once detection has been achieved, identify the specific virus has infected a program.

• Removal: Once the specific virus has been identified, remove all traces of the virus from the infected program and restore it to its original state.

Advances in viruses and antivirus technology go hand in hand. As the virus arms race has evolved, both viruses and antivirus software have grown more complex and sophisticated.

There are three main kinds of anti-virus programs. Essentially these are scanners, monitors and integrity checkers.

Global aims broken down into WBS Objectives.

• Detection:

To Detect viruse first i have to develop a File Scanners which is program that scan the executable objects (files and boot sectors) for the presence of code sequences that are present in the known viruses. Currently, these are the most popular and the most widely used kind of anti-virus programs. There are some variations of the scanning technique, like virus removal programs (programs that can "repair" the infected objects by removing the virus from them), resident scanners (programs that are constantly active in memory and scan every file before it is executed)

• Identification:

Virus identifiers (is programs that can recognize the particular virus variant exactly by keeping some kind of map of the non-modifiable parts of the virus body and their checksums), heuristic analyzers (programs that scan for particular sequences of instructions that perform some virus-like functions), and so on. The reason that this kind of anti-virus program is so widely used nowadays is that they are relatively easy to maintain. This is especially true for the programs which just report the infection by a known virus variant, without attempting exact identification or removal. They consist mainly of a searching engine and a database of code sequences (often called virus signatures or scan strings) that are present in the known viruses. When a new virus appears, the author of the scanner needs just to pick a good signature (which is present in each copy of the virus and in the same time is unlikely to be found in any legitimate program) and to add it to the scanner's database. Often this can be done very quickly and without a detailed disassembly and understanding of the particular virus. Furthermore, scanning of any new software is the only way to detect viruses before they have the chance to get executed. Having in mind that in most operating systems for personal computers the program being executed has the full rights to access and/or modify any memory location (including the operating system itself), it is preferable that the infected programs do not get any chance to be executed.


The monitoring programs are memory resident programs, which constantly monitor some functions of the operating system. Those are the functions that are considered to be dangerous and indicative for virus-like behavior. Such functions include modifying an executable file, direct access of the disk bypassing the operating system, and so on. When a program tries to use such a function, the monitoring program intercepts it and either denies it completely or asks the user for confirmation


Therefore, in order to be a virus, a program must be able to infect. And, in order to infect, the program must cause modifications to the programs that are infected. Therefore, a program, which can detect that the other executable objects have been modified, will be able to detect the infection. Such programs are usually called integrity checkers.

Brief Background and Literature review

In this proposal, I will be implementing the use of protection system which will secure personal computer users from quite numerous kind of viruses and Trojans ect,, In order to deal with the viruses it is necessary to have a deep knowledge of the way in which different viruses exploits our system's weakness, thereby causing destruction of data or hampering of security. Furthermore, it is also impossible to create antivirus against a particular virus without knowing the way it affects our system.

The only possible way to detect such viruses is to understand their mutation engine in detail. Then one has to construct an algorithmic "scanning engine" specific to the particular virus. However, this is a very time-consuming and effort-expensive task, so many of the existing scanners have problems with the polymorphic viruses. And we are going to see more such viruses in the future. The Bulgarian virus writer known under the handle Dark Avenger has even released a "mutating engine" - a tool for building extremely polymorphic viruses... Very few scanners are able to detect the viruses, which are using it, with 100 reliability.

One last drawback of the scanners is that scanning for lots of viruses can be very time-consuming. The number of currently existing viruses is about 2 million and is expected to reach 4 million at the end of 2011 . Indeed, some scanners use clever scanning methods like fixed-point scanning, top-and-tail scanning, hashing and so on.

Simultaneously, it is very difficult to keep a scanner up-to-date. In order to produce an update, which can detect a particular new virus, the author of the scanner must obtain a sample of the virus, disassemble it, understand it, pick a good scan string that is characteristic for this virus and is unlikely to cause a false positive alert, incorporate this string in the scanner, and ship the update to the users. This can take quite a lot of time. And new viruses are created every day - with a current rate of up to 100 thousands per month. Very few anti-virus producers are able to keep up-to-date with such a production rate. One can even argue that the scanners are somehow responsible for the existence of so many virus variants. Indeed, since it is so easy to modify a virus in order to avoid a particular scanner, lots of "wannabe" virus writers are doing it.

However, the fact that the scanners are obsolete as a single line of defence against the computer viruses became obvious only with the appearance of the polymorphic viruses. These are viruses, which use a variable encryption scheme to encode their body and which even modify the small decryption routine, so that the virus looks differently in each infected file. It is impossible to pick a simple sequence of bytes that will be present in all infected files and use it as a scan string. Such sequence simply does not exist. Some polymorphic viruses can be detected using a wildcard scan string, but more and more viruses appear today, which cannot be detected even if the scan string is allowed to contain wildcard bytes.

Analysis and Design

Seytem analyseis first start with file scanner flowchart :




Implementation and Testing

The main screen where user can start the scanner and search for a virus after click on Browse button the user can select a specific folder or even the entire system


After choosing the folder and click the start green button the system scanner will start searching for a virus and after finishing the search it will display the quantity of files scanned and the object detected and cleaned 1.jpg

Processor info is giving the user list of file already running by the OS and he can check if there is a suspicious file and close it



Viruses: A virus is basically an executable file which is designed such that first of all it should be able to infect documents, then it has to have the ability to survive by replicating itself and then it should also be able to avoid detection. Computer viruses can be classified into several different types. File or program viruses: They infect program files like files with extensions like .EXE, .COM, .BIN, .DRV and .SYS. Some file viruses just replicate while others destroy the program being used at that time. Boot Sector Viruses (MBR or Master Boot Record): Boot sector viruses can be created without much difficulty and infect either the Master boot record of the hard disk. Polymorphic Viruses: They are the most difficult viruses to detect. They have the ability to mutate this means that they change the viral code known as the signature each time it spreads or infects etc.

Trojan: A Trojan Horse is a program that does something else that the user thought it would do. It is mostly done to someone on purpose. The Trojan Horses are usually masked so that they look interesting. A Trojan Horse differs from a destructive virus in that it doesn't reproduce.


A worm is a program which spreads usually over network connections. Unlike a virus which attach itself to a host program, worms always need a host program to spread. In practice, worms are not normally associated with one person computer systems. They are mostly found in multi-user systems such as Unix environments. A classic example of a worm is Robert Morrisis Internet-worm 1988.

Macro virus:

Macro viruses spread from applications which use macros. The macro viruses which are receiving attention currently are specific to Microsoft Word , WordBasic and Excel. However, many applications, not all of them Windows applications, have potentially damaging and infective macro capabilities too. A CAP macro virus, now widespread, infects macros attached to Microsoft Word for Windows.

What makes such a virus possible is that the macros are created by WordBASIC and even allows DOS commands to be run. WordBASIC in a program language which links features used in Word to macros.

A virus, named "Concept," has no destructive payload; it merely spreads, after a document containing the virus is opened. Concept copies itself to other documents when they are saved, without affecting the contents of documents. Since then, however, other macro viruses have been discovered, and some of them contain destructive routines.

Microsoft suggests opening files without macros to prevent macro viruses from spreading, unless the user can verify that the macros contained in the document will not cause damage. This does NOT work for all macro viruses.

Why are macro viruses so successful? Today people share so much data, email documents and use the Internet to get programs and documents. Macros are also very easy to write. The problem is also that Word for Windows corrupts macros inadvertently creating new macro viruses.

Antiviruses: The ideal solution to the threat of viruses is prevention. Do not allow a virus is get into the system in first place. This goal is in general difficult to achieve, although prevention can reduce the no: of successful viral attacks. The next best approach is to be able to do the following.

Detection, Identification, Removal.

Basic techniques are

Scanners: Scanners are programs that scan the executable objects (files and boot sectors) for the presence of code sequences that are present in the known viruses.

Monitors: The monitoring programs are memory resident programs, which constantly monitor some functions of the operating system.

Integrity Checking: A program, which can detect that the other executable objects have been modified, will be able to detect the infection. Such programs are usually called integrity checkers.


Project Plan


In order to develop the Antivirus protection System. There will be basic resources that are necessary to complete this project which are the hardware requirement and the software. Below are specification needed.

Hardware Requirement-

ï‚· 256 MB RAM, (1 GB recommended) for Windows XP, Windows XP Embedded, and Windows Fundamentals for Legacy PCs

ï‚· 1 GB RAM minimum (2-4 GB recommended) for Windows Vista, Windows 7, Windows Server 2003 (all editions), and Windows Server 2008 (all editions)

ï‚· 600 MB on the hard disk

Plus a BT Home Hub Wired/Wireless Broadband with a ranging speed of 100Mbps for fast processing browsing.

Software Requirement -

Windows XP or Vista or 2000

Adobe Flash Professional Software

Microsoft Visual BASIC 6.0