7 Replies Latest reply on Jun 27, 2012 8:43 AM by Hayton

    Anti-virus Project: Help Needed

      Hi Everyone,

       

      I am studying as an engineering student in the field of Computer Science. I have now stepped into the last year of my course. So in this year i wil have to do my project. The topic i chose for my project was to make a simple antivirus. The main problem i am experiencing now is i dont know where to start with. I need your help in few areas like:

       

      1)     Which detection method should i use?

      2)     Which language should i use from these {c, c++, visual basic etc. }?

      3)     Please give me some ideas.

       

      I want to make this project very simple but also upto standard also. All are welcome for suggestions.

       

      Try to help me with your best views and ideas and try not to write so much and loose the quality of your content. Please reply as soon as possible because i need to make some decisions which require your ideas.

       

      Thank You very much.

       

      Message was edited by: dencille on 6/24/12 3:19:28 PM CDT
        • 1. Re: Anti-virus Project: Help Needed
          Hayton

          You have only a year to get this done? I wish you luck, you've got your work cut out. Best start somewhere, so start with Wikipedia, which is good enough for entry-level tech stuff. Plus the article has lots of references.

           

          http://en.wikipedia.org/wiki/Antivirus_software

           

          There are several methods which antivirus software can use to identify malware.

          Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.[16]

          Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.

          File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.[17]

           

          This may not be the best place to ask for advice about writing AV code but I hesitate to point you towards any of the White Hat forums unless you really know what you're doing. Lion's Den is the best way to think of most of them.

           

          You could try joining LinkedIn and ask in one of the Information Security groups : at least the members there are (mostly) trustworthy.

          1 of 1 people found this helpful
          • 2. Re: Anti-virus Project: Help Needed

            Thank you Hayton.

             

            I went through the wikipedia article it gave some idea. I printed that article and read it a lot of times. It was quite informative but they didn't mention anything about the languages to be used for the code creation.

            • 4. Re: Anti-virus Project: Help Needed

              This article was really informative. Thank you for your response. If you get more articles do post.

              • 5. Re: Anti-virus Project: Help Needed
                Hayton

                Wilders Security Forums

                http://www.wilderssecurity.com/index.php

                 

                Internet Storm Center

                https://isc.sans.edu/

                 

                WebSense

                http://securitylabs.websense.com/content/ThreatUpdateCenter.aspx

                http://securitylabs.websense.com/content/threatResource.aspx

                 

                Microsoft - huge resource libraries there. You could spend a year just browsing. Try, eg, KillBits -

                http://www.microsoft.com/security/msrc/whatwedo/killbit.aspx

                 

                US-CERT : many links on this page. Check the Vulnerabilities section

                http://www.us-cert.gov/related-resources/

                 

                 

                And don't forget to join LinkedIn and sign up to the InfoSec groups. The "discussions" all start with links to some article somewhere, and occasionally you get a genuine debate. You should be able to learn something from those groups.

                 

                Finally : Google, Google, Google. Follow those links but - especially if the subject is hacker-related - make sure you have both SiteAdvisor and WOT installed and, believe me, TRUST THEM IF THEY SAY A SITE IS DANGEROUS. You'll save yourself a lot of grief. Black Hats, White Hats, Grey Hats - they all set little tests for the unwary visitor. If you're lucky you'll just find yourself thrown off-site and barred from re-entering (IP address blacklisted); if you're not, you could get a wicked little gift of silently-installed spyware, or worse.

                 

                And here's a parting gift  : a view from the other side.

                1 of 1 people found this helpful
                • 6. Re: Anti-virus Project: Help Needed

                  Thanks a lot for considering my question and providing solution. This is the first time i'm getting a lot of positive responses in a forum. If any queries i'l be sure to put it in the forum.

                   

                  Thank you Hayton

                  • 7. Re: Anti-virus Project: Help Needed
                    Hayton

                    Missed this in the comments to that Krebs article. Keep going back to the comments for Krebs' articles, you get some *very* interesting discussions. And this basically answers your original question.

                    Graham Sutherland

                     

                    There are three languages that I’d recommend to anyone thinking of getting into sys-sec:

                    1) PHP
                    Most web-apps are written in it, and it’s a great way to learn about security problems. Most tutorials actually teach you to write terrible security holes into your code, so it’s fun to realise how screwed you are and go fix the problems. As part of it, you should learn SQL.

                    2) Python
                    This is pretty much the de-facto security language. It’s cross-platform, a large number of security tools are written in it, and it’s a great language (though I find its syntax a little abrasive).

                    3) C
                    C is the language of systems development. It allows you to get into the real low-level stuff. You can use it to learn about the sort of  vulnerabilities and exploits that allow attackers to gain root on systems, e.g. stack smashing, heap overflows, SEH exploits, ROP, etc.

                    I’d certainly recommend looking into web languages, especially JavaScript. Web security is a huge industry, so understanding how web exploits work will be greatly beneficial.

                    I also recommend learning x86 assembly (or ARM assembly if you’re that-way-inclined). It teaches you have the processor really works, and allows you to really understand how attacks work at the lowest level.

                    Other languages that might be interesting, in no particular order: Java, C#, Ruby, objective-C, Haskell.