Research, Research, and More

 
 
By Jay Munro  |  Posted 2002-07-01 Print this article Print
 
 
 
 
 
 
 


Research"> All antivirus protection starts with researchers dissecting and analyzing unknown viruses. Most antivirus vendors accept files that may or may not contain unknown viruses from their customers, as well as other sources. The research process is a combination of automated and manual analyses. Symantecs Digital Immune System combines automated submissions from customers with automated analysis to look for potential viruses without tying up human researchers unnecessarily. Many unknown viruses can be identified, and detection methods created, without human intervention. If a potential virus is unable to be handled by the automated systems, human researchers analyze the code. Researchers require a wide range of skills to dissect viruses to see how they tick. Executable and boot viruses are written mostly at an assembly language level to have access to the innermost workings of DOS, Windows, and the file system. Some Windows viruses are written in C/C++ or Delphi, and Visual Basic for Applications, as well as assembler, while others are developed in Java and Javascript for script and macro threats. Researchers must understand assembler, higher level languages like C/C++, as well as macro languages. Additionally, they need to be intimately familiar with the operating system and file systems. Lastly, they must have an understanding of how viruses work, a skill that comes with experience.
Every researcher and company works differently, but techniques are similar, such as executing the virus under controlled and instrumented environments to observe behaviors, or using a disassembler to analyze the code structure. Potentially malicious code is run in both virtual and real desktop and server environments, and in the case of some of the latest worms, across networks to reveal distributed infections and methods by which they spread.


 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel