1 of 1 people found this helpful
You have only a year to get this done? I wish you luck, you've got your work cut out. Best start somewhere, so start with Wikipedia, which is good enough for entry-level tech stuff. Plus the article has lots of references.
There are several methods which antivirus software can use to identify malware.
Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.
Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.
File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.
This may not be the best place to ask for advice about writing AV code but I hesitate to point you towards any of the White Hat forums unless you really know what you're doing. Lion's Den is the best way to think of most of them.
You could try joining LinkedIn and ask in one of the Information Security groups : at least the members there are (mostly) trustworthy.
Thank you Hayton.
I went through the wikipedia article it gave some idea. I printed that article and read it a lot of times. It was quite informative but they didn't mention anything about the languages to be used for the code creation.
This article was really informative. Thank you for your response. If you get more articles do post.
1 of 1 people found this helpful
Wilders Security Forums
Internet Storm Center
Microsoft - huge resource libraries there. You could spend a year just browsing. Try, eg, KillBits -
US-CERT : many links on this page. Check the Vulnerabilities section
And don't forget to join LinkedIn and sign up to the InfoSec groups. The "discussions" all start with links to some article somewhere, and occasionally you get a genuine debate. You should be able to learn something from those groups.
Finally : Google, Google, Google. Follow those links but - especially if the subject is hacker-related - make sure you have both SiteAdvisor and WOT installed and, believe me, TRUST THEM IF THEY SAY A SITE IS DANGEROUS. You'll save yourself a lot of grief. Black Hats, White Hats, Grey Hats - they all set little tests for the unwary visitor. If you're lucky you'll just find yourself thrown off-site and barred from re-entering (IP address blacklisted); if you're not, you could get a wicked little gift of silently-installed spyware, or worse.
And here's a parting gift : a view from the other side.
Thanks a lot for considering my question and providing solution. This is the first time i'm getting a lot of positive responses in a forum. If any queries i'l be sure to put it in the forum.
Thank you Hayton
Missed this in the comments to that Krebs article. Keep going back to the comments for Krebs' articles, you get some *very* interesting discussions. And this basically answers your original question.
There are three languages that I’d recommend to anyone thinking of getting into sys-sec:
Most web-apps are written in it, and it’s a great way to learn about security problems. Most tutorials actually teach you to write terrible security holes into your code, so it’s fun to realise how screwed you are and go fix the problems. As part of it, you should learn SQL.
This is pretty much the de-facto security language. It’s cross-platform, a large number of security tools are written in it, and it’s a great language (though I find its syntax a little abrasive).
C is the language of systems development. It allows you to get into the real low-level stuff. You can use it to learn about the sort of vulnerabilities and exploits that allow attackers to gain root on systems, e.g. stack smashing, heap overflows, SEH exploits, ROP, etc.
I also recommend learning x86 assembly (or ARM assembly if you’re that-way-inclined). It teaches you have the processor really works, and allows you to really understand how attacks work at the lowest level.
Other languages that might be interesting, in no particular order: Java, C#, Ruby, objective-C, Haskell.