5Techniques and Tools for Detecting Intrusions
5.1. Introduction
Viruses are the most serious, widespread and well-known kind of intrusion. A large number of malwares, especially viruses, are produced every day. For this kind of problem, a protection tool is necessary, hence antiviruses have been developed as a specific security solution.
Firewalls are a general security solution that limits the probability of attacks, whereas antiviruses are a specific security solution whose objective is to protect computers from the virus. However, these two solutions remain limited in guaranteeing the security of a computer system. Therefore, the use of an intrusion detection system is necessary to ensure security, as well as to overcome the insufficiencies of both the firewall and the antivirus. It is a more complex solution that uses diverse means to detect and disinfect intrusion tools.
5.2. Antivirus
This is software that detects, isolates and destroys viruses on hard drives, external drives and memory.
5.2.1. Functions of an antivirus
An antivirus has three functions: detection, isolation and destruction
- – Detection: an antivirus must be able to detect known viruses by analyzing files and searching for their signatures. In some cases, it can detect unknown viruses using heuristics and by their behavior.
- – Isolation: this involves quarantining a virus or an infected program to prevent it from either reproducing or damaging the computer system.
- – Destruction: files related to the ...
Get Computer Science Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
