how our antivirus works /how it detects the thrts? [by: devendra]

[EVERY COMPUTER GEEK SHOULD KNOW THIS][MUST RD]This is a must rd doc every one should rd this to incrce your knowledge this is crted by me.
So guyzz..evry body uses antivirus but did you ever try to know that, how it works ? how it functions? what is the coding used by antiviruses to de the thrts? why you should regularly update your database? so, dont worry ,herre i will be giving you thnswers of all the above ques.:D..!!!


Working of anti-virus involves two basic technologies namely:1. Dictionary based continuous and fragmented string srch2. Suspicious activity detection (process manipulation)
now let us take the first article ie,
1. Dictionary based continuous and fragmented string srch
As the name is suggesting antiviruse is a dictionary of viruses & thrt 's malicous coding which is present in its database and thru this database it compares the original malicious which is present i the file to the present in its database and when the matches it gives the thrt warning as a detection wether it is a trojan,malware,backdoor,rootkit,worms..etc
here m showing a example to you:Now consider an hypothetical example for better understanding, suppose you have a file whose is something like below:ABEFGHIJKLMNOPQRSTUVWXYZNow when a virus infects a file what it does it manipulates the original file and adds some extra or functionality to it so that the behavior of file changes that mns that defers from its normal functioning. So aftervirus infectionfile becomes something like this:ABEFGHIJKLMNOPQRSTUVWXYZ012345 [now this,012345 is the string that virus has attached to the file after infection]Now what does anti-virus database contains is that 012345 string . It matches the string in database with string in program or and if it matches it identifies it as a virus.Note: This all processing is done on binary format of and sometimes executable.
This coding can be manupulated by using crypters and through the crypter this malicious coding can be sily hide by antivirus . so this phenomena is usd to crypt your trojan/stler to make it FUD...:DThat's the main rson why anti-virus needs updates regularly.Anti-virus companiesdaily adds new detected strings to their database so that the user can remain secure.[ WHILE CONCLUDING THIS PART I WANT TO SAY THAT ALMOST 70-90% TOOLS WE DOWNLOAD ARE INFECTED BY S THEY CRYPT THE TOOL TO MAKE IT FUD ND CAN SILY STL DATA FROM COMPUTERS. ]
now lets move on to second part of article ie.
2. Suspicious activity detection (process manipulation)
This method is slightly diffrent from the above as it doesnot contain any comparision of codings ,rather it is done by the normal working &behaviour of any program/software.
In this ,first an antivirus notices how the software or program runs in a normal way before any infection and saves the recorded data in its database.now , whenever a program gets attacked or manupulated by infections or thrtsthe antivrus notices that functions r not working same as it ws previously doing so..it will detect the process as warning or block that process. this is only the principle which is based on the detections of ,, as viruses coz they modify the functioning of original software nd changes there normal behaviour illegaly .The main drawback of this technique is that its quite annoying as sometimes it detects normal files as virus too but if you want to keep your PC safe then you need to do what your anti-virus suggests.[NOTE: 80% AND WHICH ARE FOUND ON INTERNET ARE MANUALLY INFECTED BY THE S THEY BIND THAT FILE WITH THER TROJANS,BACKDOORS,STLERS AND CRYPT THEM BACKDOOR IS PROGRAM WHICH WILL OPEN YOUR ALL NETWORK GATES TO A ...SOO BE CARE FULL WHILE DOWNLOADING SUCH FILE..:D:D:D...;-) DONT BE AFRAID I HAVE A SOLUTION WHEN U DOWNLOAD ANY IF U DONT HAVE ANY GOOD ANTIVRUSTHAN GOTO www.virustotal.com ONLINE VIRUS SCANNING WEBSITE IT WILL SOLVE YOUR PROBLEM]
SO ,UPDATE YOUR ANTIVIRUS DATABASE RAGULARY. IF U USE OUTDATED ANTIVIRUSES IT IS OF NO USE.!!!
thanxxx for rding this nd do comment if you liked it...have a nice day :).