Data Recovery in case of Virus Attack from Disk Drives

The building blocks of Anti-virus software are computer programs, whose purpose is to spot, thwart and eliminate computer viruses and other such kinds of malicious software. This malicious software is also called malware.
Two different methods are followed by anti-virus software to get accomplish all this:

Scanning files to look for virus programs.
Spotting the different behavior from any computer program which might indicate malfunction. This analysis step might include data captures, port monitoring or other methods.

Some of the anti-virus software uses only one out of these two techniques, where as many commercial anti-virus software uses both the techniques. Now a question arises in our minds and that is how the software knows about the virus. Well it’s simple these anti-virus software follows a virus dictionary approach. If we look at the term anti-virus then we come to know hat historically it has been used for benign computer viruses that spread and combated malicious viruses. It was pretty common on the Amiga computer platform.

Anti-virus software

Anti-virus software follows many approaches for the detection and elimination of virus. Below are some of the techniques.

1. Virus-Dictionary Approach

In this approach, when the software looks at a file, it checks a dictionary of known viruses that have been identified by the authors of particular anti-virus software. If a piece of code in the file matches any virus detailed in the dictionary, then the anti-virus software can take one of the following actions.

Endeavor to repair the file by actually removing the virus from the file.
Quarantine the file
Delete the infected file.

For achieving consistent success against viruses, the virus dictionary approach requires downloads of updates virus dictionary entries. Dictionary based anti-virus software typically examines files when the computer’s operating system creates, opens, closes or e-mails them. Like this it can detect a known virus immediately upon request.

Though the dictionary approach can keep virus outbreaks in the right circumstances, virus authors have tried to stay a point ahead of such software by writing ‘polymorphic’ and more recently ‘metamorphic’ viruses, which modify themselves as a method of disguise, so as to not match the virus’s signature in the dictionary.

2. Suspicious Behavior:

This approach doesn’t try to identify the known viruses, but it monitors the behavior of all the programs. If one program tries to write data to an executable program, then anti-virus will detect this abnormal behavior and give an alert to the user and ask what to do.

The suspicious behavior approach provides protection against brand new viruses that do not yet exist in any virus dictionaries. So it has got an edge over dictionary based approach. However it can bring a large number of false positives and the users might become desensitized to all the warnings.

If the user accepts such warning the anti-virus software gives no benefit to that user. Since 1997 this problem has been worsened, as many non malicious program designs came to change other .exe file without considering this false positive issue. Due to this reason many modern antivirus software uses this technique pretty less.

If you have lost mission critical data as a result of virus attack then no problem as Optimum Data Recovery Inc has got latest tools and technologies for data recovery.

Please feel free to contact us in case of trouble.