Antivirus

From the above simple explanation, it means that no proper introduction of the subject can be made without talking about the word virus itself. This is because the existence of a virus leads to the need for solution. A program written for the purpose of removing viruses is referred to as an antivirus. The next question then is, what is a virus?

What is a virus?

Virus is a generic term applied to a variety of malicious computer programs. A program that infects systems by writing files, or by inserting or attaching a copy of itself to a file (this includes e-mail files) It is malicious because the real intention is to hurt or harm the host.

How does it achieve this?

According to its name, it is called a virus because it is a self-replicating code designed to spread from system to system much like an illness. And the word "malicious" indicates that the program is intended to achieve something other than what the virus is presented to look like. There are thousands of different viruses that have been identified, although only a few hundreds are active. These different viruses have been experienced by people at different times and they all have one common objective, to create problem for the receiving user, that is, it's host computer.

How would you then recognise a virus?

There are several types of programs besides viruses, but all are out to hurt the host system. But there are some differences on how they achieve their results. Some of them are are Worms and Trojan horse that can be grouped as malicious code as a result of their activities, although each type poses a different threat to the integrity and availability of the computer data.

The Trojan Horse

This is a program which masquerades itself as a legitimate program, but does something other than what was originally intended or expected. This is achieved by hiding a malicious program inside a legitimate program. This malicious program gets to work after loading the original legitimate program.

The Worm

Worm is a program which copies itself into nodes in a network, without permission. Worm usually exploits the vulnerability of the computer programs in order to replicate itself unlike the Trojan Horse which needs to hide itself inside a legitimate program before it can gain access into the systems.

The Logic Bomb

Another form of malicious code is referred to as the logic bomb because it remains dormant in the system until a pre-determined action takes place either a date already set in the malicious code or the loading of the program or an activity by any computer personnel or the happening of an event. In the past, this is common to the activities of disgruntled employees.

How to recognise the existence of a virus?

The best approach is to look at the characteristics of a virus

What are the characteristics of a computer virus?

i) Virus attaches itself to programs or data files

ii) Virus infects the user computer

iii) Virus replicates itself on the users hard disk, and

iv) Damages data, hard disk or files

Part of the computer usually attacked by viruses

i) executable program files

ii) file directory system that tracks the location of all the computer files

iii) boot and system areas that are needed to start the computer

iv) data files

Common sources of contracting and transmitting viruses

1) Internet serves as the major sources of viruses today. This happens when emails attachment from an unknown or un-trusted source is opened or.

2) When a software (free available software) or file is downloaded from an unknown or un-trusted source

3) Computer bulletin board systems

4) Sharing of diskette of flask disk etc

5) Through the Local Area Network (LAN)

6) Through purchase of off-the-shelf software

How to prevent a virus attack

a) Control the access to the computer, file and site.

b) The most important control over viral infection is the user’s information security awareness education i.e general training in malicious code, the possible sources and how to handle any data containing suspected malicious codes. This means adopting behaviours that will help in controlling the contracting and transmitting viruses.

c) For corporate entities, there should be policies and procedures which must be properly implemented. It must be reviewed constantly to check whether it is functioning and also to determine its continuous relevance. There must be adequate backup which can serve as a way of correcting a corrupted file when it happens.

d) There must be adequate technical facility i.e. a program that is capable of recognising the identity of a virus. It must also be updated as and when new signatures are discovered.

How does an antivirus software work?

An antivirus program is a control program developed by a vendor which looks for the malicious codes through their known behaviour and then delete them.

From the above, it means that the behaviour or the characteristics of such a virus must have been known for an antivirus program to be prepared. This makes the preparation of an antivirus software to be trailing the problem i.e existence of virus.

To minimise the damage to any system, the owner of the system must then be up-to-date in the existence of viruses and the availability of new patches to correct or take care of the new virus. This can be resolved by linking up with vendors software in-use and if it is one of the freely available software, there are publicly available forums where up-to-date reports of new developments are always made available.

Characteristics of a good antivirus program

1) It should be able to recognise both the old and current viruses, meaning that the signature must be up-to-date.

2) It must be able to correct any damage on the system or file or computer.

3) It must have facilities to update itself automatically.