The drawback that presents this kind of algorithm is that may be suspected of many things that are not viruses. This makes it necessary that the user who uses it knows a little about the structure of the operating system, in order to possess tools that facilitate discrimination of any false alarm generated by a heuristic method. Some of the antivirus on this class are: F-Prot, Norton Anti Virus, and Dr. Solomon s Toolkit. Well, another way to detect the presence of a computer virus on a system is to monitor PC activities noting if any process attempts to modify the critical sectors of storage devices or executable files.
Programs that perform this task are called integrity checkers. On the basis of these considerations, we can consign a good anti-virus system must be composed of a detector virus program, that it is always resident in memory and a program which verifies the integrity of critical sectors of your hard disk and their executables. There are antivirus products that cover two aspects, or you configured different products can be combined so that there is no conflict between them. The structure of an anti-virus program, consists of two main modules: the first called the so-called second response and control. In turn, each of them is divided into several parts: 1. control module: possesses the technical verification of integrity which allows the registration of changes in executable files and critical areas of a hard drive.
It is, in short, a tool preventive to maintain and control the information components of a hard drive are not changed unless the user requires it. Another option within this module is the identification of viruses, which includes various techniques for the detection of computer viruses. The most common forms of detection are algorithms, such as for example, the heuristics and the scanning. Likewise, the identification of malicious code is another tools of detection which, in this case, seeks to dangerous instructions included in programmes, for the integrity of the information on your hard disk. This implies decompile (or disassemble) in automatically stored files and locate sentences or groups of dangerous instructions. Finally, the control module also has a resource management to carry out a monitoring routines through which you access (access to disk, etc.) computer hardware. This way you can limit the action of a program by restricting the use of these resources, as for example to prevent access to critical areas of the disc writing or avoid the same formatting functions are implemented. 2. Answer module: function alarm is included in all anti-virus programs and consists of stopping the action of the system at the suspicion of the presence of a computer virus, and report the situation via a notice on the screen. Some anti-virus programs offer, once detected a computer virus, the possibility of eradicating it. Therefore, the function repair is used as a momentary solution to maintain the operability of the system until a proper solution can be instrumented. On the other hand, there are two techniques to avoid infection of executable entities: avoid that you spread throughout the program or prevent that infection to expand beyond a fixed scope. Although the first option is the most appropriate, it raises major problems of implementation. A.V.P.D.