Computer Virus--the words alone provoke images of vanishing data, crashing PCs, and financial ruin. Emerging from obscurity 12 years ago to front page news, the computer virus has been portrayed in Hollywood as everything from a way to siphon off millions of dollars, to a secret weapon to bring down an alien enemy. The popular press has had its share of fun with Michelangelo, Melissa, and the Love Letter as well. While maybe not as dramatic as Hollywood portrayals or USA Today reports, viruses are a daily nuisance for both home and corporate computer users. With each new virus, a dozen antivirus vendors swing into action to find a cure. We spoke to product managers and researchers at Panda, McAfee, Symantec, and eSafe to get some insight into their work. In this two-part article, well explore a few of the techniques these vendors use to identify and detect viruses.
Details of the work antivirus researchers conduct is shrouded in secrecy. Their goal is to produce an antivirus product that can discover both known and unknown viruses and malicious code, stop it, and whenever possible, reverse any damage performed. Among the AV companies themselves there is an interesting dichotomy. While an individual companys technology is proprietary, the various antivirus research labs exchange viruses for analysis with other antivirus labs. These exchanges are based on trusts gained through personal relationships, and years of working together in the trenches. The idea of an antivirus company researcher providing a live virus to an untrustworthy source and then seeing that virus released into the wild is unthinkable. Researchers test with existing viruses, and do not create their own. In addition, unlike security companies who hire hackers to find system weaknesses that can assist in designing better security technology, the antivirus companies we spoke with claim they never hire anyone who has written a virus.