Monday, 2 November 2009

Network Security Part 2 Antivirus System:

Antivirus System:

Is a software system that uses a database or as so called dictionary containing a full description a bout all the malicious files or programs like Viruses, Worms, Trojan and Spyware that attempt to identify, neutralize or eliminate.


A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user, The original virus may modify the copies, or the copies may modify themselves, A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive.


A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program.

Trojan Horse:

a Trojan horse, also known as a trojan, is malware that appears to perform a desirable function but in fact performs undisclosed malicious functions. Therefore, a computer worm or virus may be a Trojan horse. The term is derived from the classical story of the Trojan Horse.


Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

How Antivirus Work

In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:

1. attempt to repair the file by removing the virus itself from the file,

2. quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread), or

3. delete the infected file.

To achieve consistent success in the medium and long term, the virus dictionary approach requires frequent (generally online) downloads of updated virus dictionary entries. Civically-minded and technically-inclined users, and those who want help find viruses not detected by the software, can send their infected files to the authors of antivirus software, who analyze them and include identifying features and removal information in their dictionaries.

Antivirus management consol & components diagram

In many work place networks they use an antivirus management console that is an antivirus server that takes the function of:

  • updating all antivirus clients on every PC inside the network.
  • Scanning the entire network.
  • Installing\uninstalling antivirus clients.
  • Grouping computers inside the network to ease scheduling scans.
  • Logs every threat located.

No comments:

Post a Comment