How to know if a file is a virus...

[Sebouh]

I was just imagining if i were to build an antivirus software, what do i make my software search for in the file to see if it is infected or its a virus. The same implies for an anti spy/adware/trojan softwares.
thanks.

 

[Praetor]

You could have a look at the microops it calls

 

[OS Dragon]

Well, its a complex question because there are many different type of virues: -

• Common Viruses

• Program Viruses

• Boot Viruses

• Stealth Viruses

• Polymorphic Viruses

• Multipartite Viruses

• Macro Viruses

• Windows Viruses

• Malicious Program

And so on and so forth, I'm guessing that the antivirus (program) looks (or checks) at the algorithms in each program file to make sure its not malicious nor is it and algorithm that results in the deletion of a valuable program file. When viruses are applied to images, this is a whole new stage for me.

 

[jancz3rt]

Yeah indeed

It check for certain patterns and algorithms within files and when infected recognizes them. This is why new variants come up often as they fool the antivirus....unless it already has teh virus definition files...into believing that teh files are safe when they are in fact not. They also search for specific .exe files etc...and check for running processes or the memory. It's very hard to answer the question but i hope I have elaborated on teh bove post.

JAN

 

[Sebouh]

so is it impossible for a one person to create an antivirus, or would it take a year to finish?

 

[jancz3rt]

Lol

so is it impossible for a one person to create an antivirus, or would it take a year to finish?

Unless you are extremely skilled, I would advise you to give up. Most antivirus programs that made it somewhere in today's world are made by teams of programmers, designers etc. So ..... prolly not possible.

JAN

 

[Lorand]

This task was so easy in the good old days: write a program that makes a database of all the executables (exe, bat, pif, dll, etc.) with their name and size (or CRC) when the system is clean, then periodically verify them -- an infected file could have different size and surely different CRC. If you add a boot-sector check too then you'll have a bulletproof antivirus for all the viruses that are older than a decade.
But today's viruses are much cleverly written and you could identify them only by they signature. So even if you manage to write an antivirus program, updating it's signature database would be a full-time job...

 

[Sebouh]

well how about an anitspyware or adware progs, i know that spybot is written by one guy, am i wrong??

 

[OS Dragon]

He must reeally know his programming if it was one guy but I don't think that one person could make such a solid program without the help of any outside sources

 

[Lorand]

well how about an anitspyware or adware progs, i know that spybot is written by one guy, am i wrong??

Did you read the Spybot's credits page?

 

[Sebouh]

well when u enter the site i think it said that i (he) created this software...bla bla bla.....well maybe i remember wrong.