Pages

Wednesday, April 28, 2010

Need for Every System - AVG Antivirus!

Technical Overview of AVG Antivirus:

Scanning engine

The heart of AVG Anti-Virus is the scanning engine - you can imagine it as a "black box" into which requests to scan objects enter and the box returns information indicating if these objects are virus-free or infected.

The scanning engine includes an application interface for communication with other AVG Anti-Virus components (Resident Shield, Scans, E-mail scanner modules and plug-ins etc.) which use this service. It was created with an emphasis on AVG Anti-Virus modularity and is common for all of the mentioned components.

Detection methods

Efficiency in detecting infected files is guaranteed by using a combination of different detection levels. Before the scan itself, the file is pre-processed, which involves removing any parts unnecessary for virus analysis. A quick scanning process is achieved using this technique.

I. Known virus detection

This is the simplest technique in which files are scanned for the presence of virus identifiers (a sequence of bytes characteristic for an exact virus). Based on this kind of detection, detailed analysis is performed to identify the exact infection.

II. Generic detection

This is a more common method for the detection of known viruses and this is used to determine new variants of known viruses. If no known virus is identified, generic detection looks for sequences within the file typical for certain viruses. Such sequences usually don't change within the virus when it is modified, even if the behavior of the new variant is different. This method is effective especially in the detection of macro-viruses and script-viruses.

III. Heuristic analysis

The last method for detecting viruses (where previously mentioned methods were not successful) is Heuristic analysis. Its skill lies in its capacity to (in some cases) detect a virus which is not included in the internal virus database. During Heuristic Analysis, two methods are used:

i. Static Heuristic analysis - looking for suspicious data constructions

ii. Dynamic Heuristic analysis - code emulation: this means the file is started inside the protected environment of a virtual computer inside AVG. The file is analyzed for actions typical for viruses. An example being an application which when run looks for other executable files in order to modify them.

and Lots More etc,...

Halloween Costumes