Difference between pages "Antivirus software" and "Executable"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
(DBG, PDB)
 
Line 1: Line 1:
'''Antivirus software''' is a program or suite of programs working in collaboration with each other in order to protect a device from [[malware]] such as viruses, worms, Trojan horses, and spyware.
+
{{expand}}
  
==Protection Methods==
+
An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.
===Signature Based Detection===
+
Antivirus programs that use signature based detection contain a constantly updated dictionary of virus signatures. Whenever a file is opened or is scanned during a system scan, the antivirus software checks the contents of the file against the signatures in the virus dictionary. This method is efficient at detecting presently existing malware, but is less effective at detecting newer, innovative viruses.
+
  
===Heuristic Based Detection===
+
There are multiple families of executable files:
Because there is such a large number of viruses in existence, viruses are often classified into families. These families consist of the main virus and any variants it may have. This method of protection allows for new viruses to be caught faster than signature based detection because of shared areas of unique code that are identical within that family of viruses.
+
* Scripts; e.g. shell scripts, batch scripts (.bat)
 +
* DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
 +
* ELF
 +
* Mach-O
  
===File Emulation Based Detection===
+
== External Links ==
File emulation based virus detection is performed by opening files in a virtual environment and retaining a log of what actions the program performs. The antivirus software can then review the actions contained in the log and determine whether or not the file is malicious.
+
* [http://en.wikipedia.org/wiki/Executable Wikipedia: Executable]
  
==Mobile Antivirus Solutions==
+
=== MZ, PE/COFF ===
Unlike desktop PCs, applications on smartphones run each application independent of each other. This ensures that each application on the device cannot access the data of other applications. Because of this, any antivirus software installed on the device is not able to access all of the data contained within the other applications unless the device is jailbroken or rooted.
+
* [http://en.wikipedia.org/wiki/Portable_Executable Wikipedia: Portable Executable]
 +
* [http://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx Microsoft PE and COFF Specification]
 +
* [https://googledrive.com/host/0B3fBvzttpiiSd1dKQVU0WGVESlU/Executable%20(EXE)%20file%20format.pdf MZ, PE-COFF executable file format (EXE)], by the [[libexe|libexe project]], October 2011
 +
* [http://seclists.org/fulldisclosure/2013/Oct/157 The Internal of Reloc .text], Full Disclosure Mailing list, October 21, 2013
  
==External Links and Resources==
+
=== DBG, PDB ===
[http://www.dmoz.org/Computers/Security/Malicious_Software/Viruses/Detection_and_Removal_Tools/ Open Directory - Computers: Security: Malicious Software: Viruses: Detection and Removal Tools]
+
* [http://en.wikipedia.org/wiki/Program_database Wikipedia: Program database]
 +
* [http://support.microsoft.com/kb/121366 Description of the .PDB files and of the .DBG files], by [[Microsoft]]
 +
* [http://msdn.microsoft.com/en-us/library/ff553493(v=vs.85).aspx Public and Private Symbols], by [[Microsoft]]
 +
* [https://code.google.com/p/pdbparse/wiki/StreamDescriptions Stream Descriptions], [https://code.google.com/p/pdbparse/ pdbparse project]
 +
* [http://moyix.blogspot.ch/2007/10/types-stream.html The Types Stream], by [[Brendan Dolan-Gavitt]], October 4, 2007
  
[http://www.techrepublic.com/blog/security/how-effective-is-antivirus-software-on-smartphones/7629 How effective is antivirus software on smartphones? - TechRepublic]
+
=== Mach-O ===
 +
* [http://en.wikipedia.org/wiki/Mach-O Wikipedia: Mach-O]
  
[http://en.wikipedia.org/wiki/Antivirus Wikipedia entry regarding antivirus software]
+
== Tools ==
 +
 
 +
=== MZ, PE/COFF ===
 +
* [https://code.google.com/p/pefile/ pefile], multi-platform Python module to read and work with Portable Executable (aka PE) files
 +
 
 +
=== PDB ===
 +
* [https://code.google.com/p/pdbparse/ pdbparse], Open-source parser for Microsoft debug symbols (PDB files)

Revision as of 05:13, 2 November 2013

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

An executable file is used to perform tasks according to encoded instructions. Executable files are sometimes also referred to as binaries which technically can be considered a sub class of executable files.

There are multiple families of executable files:

  • Scripts; e.g. shell scripts, batch scripts (.bat)
  • DOS, Windows executable files (.exe) which can be of various formats like: MZ, PE/COFF, NE
  • ELF
  • Mach-O

External Links

MZ, PE/COFF

DBG, PDB

Mach-O

Tools

MZ, PE/COFF

  • pefile, multi-platform Python module to read and work with Portable Executable (aka PE) files

PDB

  • pdbparse, Open-source parser for Microsoft debug symbols (PDB files)