1 / 0

Maintain Computer Systems and Networks

Maintain Computer Systems and Networks. What is antispyware?.

rex
Download Presentation

Maintain Computer Systems and Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Maintain Computer Systems and Networks

  2. What is antispyware? Antispyware is a type of computer software that is typically designed to detect and remove malicious or threatening programs from a computer. These programs are often calledspyware, hinting at their propensity to collect and send an individual’s personal information to a third party without his or her consent.
  3. What is spyware? Spyware is a type of malicious program, also called malware, that sends information from a computer to a third party without the user’s knowledge or consent. The type of data retrieved by these programs varies, but many collect information about a user’s Internet-surfing habits, online purchases, and even keystrokes, such as passwords. Also, these programs may change the computer’s settings and functionality. Antispyware seeks to block or remove such programs.
  4. There are two main ways that antispyware functions. The first is by catching incoming spyware in real time. This system scans computer transactions coming over the Internet. When it detects a potential spyware, it attempts to block it before the malicious program has a chance to lodge itself in the root directory, or another area, on the computer. This real time detection typically occurs at the time of download.
  5. The second type of antispyware uses an updateable list of known spyware to protect a computer. Many users frequently download new versions of this record to keep their protection software up-to-date. Instead of blocking potentially harmful programs from being downloaded, this type of software detects and removes those that have already loaded themselves onto the computer.
  6. Antispyware of this type typically scans the registry, programs, and operating system files. Then, it compares these files to its list of known malware. If a file matches one on the list, the antispyware usually isolates and removes it.
  7. Activity Read this article online, http://www.bellaonline.com/articles/art51570.asp, and answer the following questions: How does the antispyware protect your computer? Spyware is thought to be harmful to your computer. Why? Give at least 3 antispyware software examples and list the steps on how to install these software.
  8. Anti-spyware software Spy Sweeper CounterSpy StopZilla Spyware Doctor Malwarebytes Anti malware Super Anti Spyware Professional
  9. Activity Installation of antispyware
  10. Anti-Virus Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and trojan horses. Such programs may also prevent and remove adware, spyware, and other forms of malware.  software utility that searches a hard disk for viruses and removes any that are found. Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered.
  11. History of Antivirus Most of the computer viruses that were written in the early and mid '80s were limited to self-reproduction and had no specific damage routine built into the code (research viruses[3]). That changed when more and more programmers became acquainted with virus programming and released viruses that manipulated or even destroyed data on infected computers. It then became necessary to think about antivirus software to fight these malicious viruses. There are competing claims for the innovator of the first antivirus product. Possibly the first publicly documented removal of a computer virus in the wild was performed by Bernd Fix in 1987.[4][5] Fred Cohen, who published one of the first academic papers on computer viruses in 1984[6], started to develop strategies for antivirus software in 1988[7] that were picked up and continued by later antivirus software developers.
  12. Also in 1988 a mailing list named VIRUS-L[8] was initiated on the BITNET/EARN network where new viruses and the possibilities of detecting and eliminating viruses were discussed. Some members of this mailing list like John McAfee or Eugene Kaspersky later founded software companies that developed and sold commercial antivirus software. Before Internet connectivity was widespread, viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently. During this time, virus checkers essentially had to check executable files and the boot sectors of floppy and hard disks. However, as internet usage became common, initially through the use of modems, viruses spread throughout the Internet.[9] Over the years antivirus software had to check many more types of files (and not only executable files) for several reasons:
  13. Powerful macros used in word processor applications, such as Microsoft Word, presented a further risk. Virus writers started using the macros to write viruses embedded within documents. This meant that computers could now also be at risk from infection by documents with hidden attached macros as programs.[10] Later email programs, in particular MicrosoftOutlook Express and Outlook, were vulnerable to viruses embedded in the email body itself. Now, a user's computer could be infected by just opening or previewing a message.[11] As always-on broadband connections became the norm and more and more viruses were released, it became essential to update virus checkers more and more frequently. Even then, a new zero-day virus could become widespread before antivirus companies released an update to protect against it.
  14. Identification methods There are several methods which antivirus software can use to identify malware. Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.[12] Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses. File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.[13]
  15. Signature based detection Traditionally, antivirus software heavily relied upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained and signatures created. Because of this, signature-based approaches are not effective against new, unknown viruses. Because new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary.[12] Although the signature-based approach can effectively contain virus outbreaks, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and, more recently, "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.[14]
  16. Heuristics Some more sophisticated antivirus software uses heuristic analysis to identify new malware or variants of known malware. Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition.[15] For example, the Vundotrojan has several family members, depending on the antivirus vendor's classification. Symantec classifies members of the Vundo family into two distinct members, Trojan.Vundo and Trojan.Vundo.B.[16][17]
  17. While it may be advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code. [18] Padded code is used to confuse the scanner so it can't recognize the threat. A detection that uses this method is said to be "heuristic detection.“
  18. Rootkitdetection Anti-virus software now scans for rootkits; a rootkit is a type of malware that is designed to gain administrative-level control over a computer system without being detected. Rootkits can change how the operating system functions and in some cases, rootkits can tamper with the anti-virus program and render it ineffective. Rootkits are also very difficult to remove, in some cases requiring a complete re-installation of the operating system.[19][20]
  19. Activity Install antivirus software
More Related