Webmaster Articles: Computer Viruses and Antiviruses

What is a Virus?

A virus is a self-replicating lifeform which survives by infecting carriers or other host bodies for long enough durations to illicit the exposure to and infection of further host bodies.

Computer Viruses

A computer virus could be either a maliciously written computer program or an unintended bug in a mistakenly written but well-intended computer program. The hosts of computer viruses are the infected program files.

Worms

Worms are computer viruses which can spread independently of when their hosts replicate. Most modern computer viruses are worms.

Trojan Horses (Trojans)

A computer trojan horse is a malicious computer program which uses deceptive tactics to infiltrate a computer system, often to then hide unnoticed for a period of time. A computer trojan horse is usually deployed for the purpose of directly attacking a presumedly secure computer system from the inside or to stealthily capture and send sensitive information back to a hacker.

Retaliator Viruses

Much like an antivirus is brought to a computer for the purpose of defeating a virus, an easily detectable virus often stands the best chance of survival by intentionally seeking out, infecting and manipulating an antivirus program. Such a virus is known as a retaliator virus.

Virus Signatures and Polymorphic Viruses

Each virus contains a piece of code (DNA in the case of a biological virus) which is unique to that version of virus but common to all copies of that virus. This unique piece of code can be used like a fingerprint and is formerly known as the virus signature.

Polymorphism

If all human beings were genetically identical, any virus which threatens a single being would threaten the whole species. Humans, like lifeforms, defeat this species-wide threat by evolving into uniquely coded specimens with each instance of self-replication. This makes different individuals immune and vulnerable to different threats, so any one problem is not likely to simultaneously affect all units of the species.

Polymorphic viruses survive in quite the same way, by changing their signature with each new copy.

Heuristic Analysis by Antiviruses

Even with regular updates and immunisations, antiviruses cannot easily defeat polymorphic viruses by simply checking for known virus signatures. For this reason, antiviruses also use heuristic analysis.

Heuristic analysis involves monitoring a computer system (or biological system) to detect any suspicious behaviour. In the case of a computer virus, suspicious behaviour might include unexpected data requests or file modifications; and in the case of biological viruses, unexpectedly dying or ill-performing cells might encourage special treatment by the immune system.

Upon descovering which program file is triggering suspicious activity, a computer antivirus program can alert the user and block the suspected virus from running.

The common cold

The common cold is a biological polymorphic virus, and as with the computerised equivalents, an antivirus or vaccine cannot be created until after infection has occurred and has been recognised by the antivirus program or immune system with heuristic analysis.

Comparing Computer Antivirus Programs

Antivirus companies tend to share information with each other for mutual benefit and for the benefit of the consumer. Albeit with some delay, such sharing of information eventually ensures that all major antivirus vendors stay relatively up-to-date with all known virus signatures.

While more popular antivirus programs are likely to be backed by sharper updates, they're also more likely to be targeted by retaliator viruses.

Due to the interfering nature of intervening upon suspicious heuristic activity, the more secure of antivirus programs are also likely to be the most disturbing.

By running multiple antivirus programs, each from different antivirus vendors, essential updates are likely to come faster and the joint heuristic analysis is likely to detect more threats; but the programs will probably interfere with each other, triggering endless unwanted alerts. One program may even attempt to automatically block another.

Summary

In summary, the best antivirus solution for any computer system will probably be a compromise between security and convenience, and will vary according to the preferences of each user.