Please tell me how to fight against modern viruses
Q. How are viruses detected? A. It is based on pattern matching, but it has evolved more recently. |
Infected simply by connecting to the Internet
Before the spread of the Internet, most viruses were transmitted through floppy disks. But nowadays, viruses can get infected by email, messenger, USB memory sticks, browsing websites, and even just connecting to the Internet if there is no firewall protection. With the development of the broadband environment, the speed of virus propagation has become much faster.
Then, what exactly is a computer virus in the first place? As categorized in Table 1, the name virus only refers to a small portion of malicious code that harms personal computers. Let's take a look at some representative examples.
Table 1 Classification of malicious code and harmful programs. These days, they are all collectively called “malware”.
Viruses rewrite part of normal files and propagate while "parasitic", so they are subject to "disinfection". There are types that remain dormant until symptoms appear, and there are types that develop according to certain computer operations.
Worms are basically independent files that copy and propagate themselves, so they need to be "deleted" after being discovered.
A Trojan horse enters a computer disguised as a normal file, opens the computer's "back door" and steals information.
In addition, spyware is a relatively new concept, but some of it is used as ordinary software, and not all of it is necessarily dangerous, so it is necessary for the user to decide and remove it.
Virus detection method
So, how does the "anti-virus software" sold to deal with these things work?
General anti-virus software compares the file (pattern file) that records the pattern (characteristics) of the virus program with the file that enters the computer, and if it matches, it is determined to be a virus. Detect as virus. This is the so-called "pattern matching" scheme. Ahn Lab calls this 'engine' and distributes a new version every day. Although names such as "signature" and "definition file" differ depending on the antivirus software maker, you can interpret them as almost the same thing.
In order to create the engine (pattern file), antivirus software makers are available 24 hours a day, 365 days a year. They work around the clock to protect users from the dangers of viruses.
However, in July 2008, for example, the number of viruses handled by AhnLab with pattern files exceeded 1,500 on average per day. These are not all original viruses, but contain many "variants". A variant is a virus that makes minor changes to the original virus. On July 2, 1992, the virus creation group NuKE began distributing a tool called "VCL (Virus Creation Laboratory)", which could be called a virus creation machine. As a result, even crackers with low technical levels can easily create virus variants. Thus, the number of virus types/subspecies has grown enormously, and pattern files have become larger and more complex than ever before. Antivirus software makers are working to reduce the size of pattern files, but the current situation is that they are not keeping up with the rapidly increasing number of viruses.
(Continued on the next page, "Heuristic method and whitelist method")