Integrity Verification when defending against viruses

by Levi D. Johnson.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on software  

You are here: Categories » Computers and technology » Software

When defending against viruses, we are dealing with creatures that modify their host programs as they spread. Therefore, one way to detect the presence of a virus is to discover files that have been unexpectedly modified. The integrity verification process aims to achieve this goal by following these steps:

  1. While the machine is in a pristine state, compute fingerprints (in the form of checksums or cryptographic hashes) of files that need to be monitored, and record them in a baseline database.

  2. When scanning the file system for suspicious modifications, compute fingerprints of monitored files and compare the values to those in the baseline.

  3. If unexplained differences between the current state and the baseline are detected, issue an alert.

There are several commercial and free applications that are dedicated to implementing such integrity verification procedures. The most famous of these tools is probably Tripwire (available at www.tripwire.com), which has been capable of detecting unauthorized changes to the file system since it was first released in 1992. Tripwire and other software of this type are not virus checkers per se—such programs aim at alerting administrators of suspicious changes to the machine's state regardless of whether the attack was performed by malware or was executed through some other channel. .

Integrity verification approaches can also be used by antivirus software, although vendors are rarely forthcoming about the extent to which they have implemented such mechanisms. Sophos AntiVirus is known to use checksums to help determine whether a file needs to be examined more carefully via other detection methods. When scanning a file, Sophos AntiVirus computes the file's checksum and compares it to the value calculated earlier. If the checksums do not match, then there is a chance that the file was infected, and the antivirus program might need to examine it more thoroughly.

An antivirus product trying to make the most of integrity verification techniques is likely to be selective about the portions of the file that are fingerprinted for baseline comparisons. For example, it could be okay for the contents of a Microsoft Word document to change when the user edits its text; however it is far less common for the macros embedded in the document to be modified. Therefore, antivirus software might be more suspicious of changes detected in the macros section of the document.

The main limitation of the integrity verification method is that it detects the infection only after it occurs. However, it is a useful addition to the toolkit consisting of approaches that look for signatures of known malware specimens and those that use heuristics to detect harmful code. Unfortunately, even antivirus software that implements each of these detection

Share
Leave a comment or ask a question
Total comments: 0

Software Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
The Beginner's Guide to iPad Video Conversion on Mac - So, you've just taken in a shiny new iPad and impressed by its beautiful display. There are several possible sources of content that you will want to convert for viewi (more...)
Touch and View: iPad application - iPad application development has become an extremely popular topic at numerous conferences and workshops since the product introduction keynote. Mobile software companies went boldly into the une (more...)
Deciding on TIFF vs. JPEG Output for Scanned Images - It can be difficult to understand which file type is best for saving your scanned images. Here's a brief breakdown of the two most common options. Preserving beloved memories is on (more...)
Photoshop Clipping Path and Masking Techniques :: Wonderful Technique to Knock Out Image Background - Graphic design is being the promotional key in every spare of business and individual life. Business organizations seek graphic tools to have publicity by dint of bill board, catalogs, magazines, w (more...)
Tips on Getting MP3 from CD as iPhone Ringtone on Mac - Many people must have favorite CDs filled with their bookcase or CD case somewhere at home due to the songs they loved while they still need to pay $0.99 each to get the same songs as their iPhone (more...)
Know about Architectural CAD Drawing - Architectural CAD drawing, which literally mean architectural drawing on the computer. Getting your architectural drawing in digital format. This applies to residential, commercial, pho (more...)
Tips to Develop Mechanical CAD Drawings and Design - The standard mechanical engineering CAD expert photo, as you need to develop such that can easily be explained by mechanical engineers. Before starting work on a mechanical image, you should know h (more...)
Most popular free open source software - Open source software ( OSS) is license-free computer software which can be used, modified, or distributed freely. There is a misconception that OSS is "second rated" or "prototyped" ver (more...)
How to send SMS from Microsoft Dynamics CRM 4.0 - Ozeki offers a solution to send SMS from Microsoft Dynamics CRM 4.0. If you use MS Dynamics to improve customer relationship management in your company, now you can increase the efficienc (more...)
Programming representational state transfer (REST) - REST (representational state transfer) is a process for getting information content from a Web site by reading a designated Web page that contains an XML (Extensible Markup Language) file that desc (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.