Sunday, April 1, 2007

Improving Speed of Virus Scanning- Applying TRIZ to Improve Anti-Virus Programs

Author: Umakant Mishra
Abstract:
As the number of viruses increases the amount of time to scan for those viruses also increase. This situation is worsened because of the increasing number of files typically stored in a computer system. Besides more complex tests are required to detect the modern day’s intelligent viruses. Thus a combination of all these factors makes a full virus scan very lingering and resource consuming. With thousands of types of viruses and gigabytes of storages, a typical virus scanning may take several hours. Because of this reason many users don’t like to virus scan their computers unless so required.

This article highlights the common factors that increase the scanning time. For example, apart from the increased number of files and viruses, the scanning of compressed files requires more time, a lot of time is wasted by scanning the same files again and again in different scanning sessions, poor searching and file comparing algorithms can increase the scanning time, a reliable scanning may require a combination of various methods which demand more time to scan.

The article discusses some methods of reducing the duration of a typical virus scanning session. Some of the solutions are; avoiding repetitive scanning by storing the AV state of previously scanned files, selective scanning of files (e.g., scanning only those files which have been changed since last scanning), applying only selected scanning methods relevant to specific file types (e.g., scanning MS Word files for Macro viruses and not for boot sector viruses), applying improved “string search” methods for signature scanning, applying improved method of file comparison for integrity testing, reducing disk read time by reading files in a separate threads etc.

Keywords: Software Innovation, computer virus, anti-virus, anti-virus software, computer vulnerability, computer security, anti-virus design, anti-virus development, inoculation, virus scanning, virus detection, signature scanning, integrity checking, heuristic scanning, emulation, activity monitoring, generic scanning, behavior monitoring, resident scanning, virus database, fast scanning, virus signature, virus definition

Mishra, Umakant, Improving Speed of Virus Scanning - Applying TRIZ to Improve Anti-Virus Programs (January 6, 2012). Available at SSRN: http://ssrn.com/abstract=1980638 or http://dx.doi.org/10.2139/ssrn.1980638
http://papers.ssrn.com/abstract=1980638
http://works.bepress.com/umakant_mishra/83

https://www.researchgate.net/publication/256012451_Improving_Speed_of_Virus_Scanning_-_Applying_TRIZ_to_Improve_Anti-Virus_Programs
Posted by at No comments:
Labels: ,

Solving Problems of Virus definition files- A TRIZ Perspective

Author: Umakant Mishra
Abstract:
Signature scanning is the most popular method of virus scanning and is adopted by all anti-virus programs. Signature scanning is capable of detecting more than 80% of viruses. It uses a simple logic and uses less memory and system resources. Although it has a lot of advantages, it has one big disadvantage. It requires the virus signature to be extracted by the experts and stored in a database called “virus signature database”. This virus signature database has to be updated by the anti-virus developers and the end users periodically in order to deal with the latest viruses.

A typical virus definition file may contain thousands of records, one for each different virus. As the number of viruses increase the size of the virus definition file also increases. An increased size of virus definition file again with different versions for different Operating Systems creates several manageability issues. The need for frequent updating of the virus definition files causes problem not only to the users but also to the anti-virus venders as well.

In this article we will discuss some methods of reducing the problems relating to virus definition files, such as, problem of extracting signatures from viruses, problem of the increasing size of the virus definition files, problem of distributing virus definition files, problem of compatibility with different platforms and operating systems etc.

Keywords: computer virus, anti-virus, anti-virus software, computer vulnerability, computer security, anti-virus design, anti-virus development, inoculation, virus scanning, virus detection, signature scanning, virus database, virus signature, virus definition database


Umakant Mishra, Solving Problems of Virus Definition Files- A TRIZ Perspective (January 6, 2012). Available at SSRN: http://ssrn.com/abstract=1980632 or http://dx.doi.org/10.2139/ssrn.1980632
http://papers.ssrn.com/abstract=1980632
http://works.bepress.com/umakant_mishra/82

https://www.researchgate.net/publication/256012301_Solving_Problems_of_Virus_Definition_Files-_A_TRIZ_Perspective
Posted by at No comments:
Labels: ,

Overcoming limitations of Signature scanning -Applying TRIZ to Improve Anti-Virus Programs

Author: Umakant Mishra
Abstract:
A virus signature is a sequence of bytes that may be found in a virus program code but unlikely to be found elsewhere. Signature scanning is a method of detecting a virus by scanning a target program to detect the presence of any virus signature. If the signature is found then the target program is deemed infected, otherwise the target program is deemed uninfected.

Signature scanning is the most popular method of virus scanning and is adopted by all anti-virus programs. Signature scanning is capable of detecting more than 80% of viruses. It uses a simple logic and uses less memory and system resources. It is capable of detecting encrypted viruses too. Although it has all these advantages, it has some drawbacks too. The worst drawback of signature scanning is that it is not capable of detecting new and unknown viruses. The user has to update the signature database regularly in order to deal with the latest viruses.

In this article we discuss on how to overcome some drawbacks of signature scanning, such as, how to reduce the time lag between virus creation (by the virus programmer) and signature distribution (by anti-virus company), how to reduce the time and resources required for scanning, how to address the problem of scanning compressed files, how to address the problem of updating the signature database, and how to increase the reliability of signature scanning.

Keywords: Software Innovation, computer virus, anti-virus, anti-virus software, computer vulnerability, computer security, anti-virus design, anti-virus development, inoculation, virus scanning, virus detection, signature scanning, virus signatures, generic scanning, virus database,


Umakant Mishra, Overcoming Limitations of Signature Scanning - Applying TRIZ to Improve Anti-Virus Programs (January 6, 2012). Available at SSRN: http://ssrn.com/abstract=1980629 or http://dx.doi.org/10.2139/ssrn.1980629
http://papers.ssrn.com/abstract=1980629
http://works.bepress.com/umakant_mishra/81

https://www.researchgate.net/publication/262013317_Overcoming_limitations_of_Signature_scanning_-_Applying_TRIZ_to_Improve_Anti-Virus_Programs
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)