Viruses | << | >> |
Quick heal is designed to deal with file viruses at multiple points and in multiple ways. The method of dealing with known viruses is different than the method of dealing with unknown viruses.
Dealing with Known File Viruses: The virus code is called
the virus signature. Quick Heal can scan the files and look
for such codes into each and every file and if the strain
of the virus is found it removes the virus. If we take File
as F and Virus as V, then we can represent infected file
as F+V. In this case V is known and hence we can restore F
from that information.
Quick Heal On line protection stops the execution of virus
infected files
Dealing with The Unknown File Virus Where Quick Heal Is Pre Installed: Quick Heal comes with an integrity checker as well. When the Kit is installed, it creates a file containing the Vital Statistics of all the executable files in each directory. Here in this case out of the infected mix F+V, we have the information of F in the form of integrity data and hence we can scan and recover the File. Now the process of scanning is done in the following way. First of all, it scans the file for known viruses. Next it reverts to the integrity checker and looks for any integrity failure. In case of integrity failure it tries to rebuild the file with the integrity information. In most of the cases, the file is reverted to the original format. Here again Quick Heal uses its built in intelligence to identify the recompiled programs, Data attachments etc. If it finds any such file it simply updates the Integrity information without bothering the user. Though integrity checker restores from 99% of the unknown viruses, the users are requested to send such file to the nearest support center or to Pune for further research to enable us to provide a better solution.
Dealing with The Unknown File Virus without integrity information : Unlike the boot / partition area the executable files are not generic. Hundreds of thousands of executable codes may exist and finding out a new virus code out of it is definitely a tricky affair. Normally a Heuristic Method of Scanning (Rule Based Scanning) is used for the purpose of identifying unknown viruses. At times if the rule based designing is not done properly it leads to a lot of false alarms (Alarming for a virus even though there is no virus present). Most of the times the user is confused if the alarm is genuine or false. A good Anti Virus shouldn't give too many false alarms.
In case of Heuristic Scanning it is possible to recover the files. In fact it is like seperating the mixture F+V , where both are unknown. When a heuristic scanner suspects a virus like code in a particular file, it is not able to get hold of the actual code of the virus and hence removal of the unknown virus is not possible by this method. To brief the difficulty, with no prior information of the executable file as well as the virus code, detachment of the file from the virus was difficult.