Computer Help Blog

Virus programs avoid detection by the user and antivirus programs using a variety of techniques. As technology progresses, newer techniques have to be used to make the virus more effective…

In order to avoid detection by users, viruses programs use different kinds of deception techniques. Older viruses, especially viruses designed for MS-DOS made sure that the “last modified” date of a host file stayed the same when the file was infected by the virus. This approach does not fool anti-virus software, however, especially those which maintain and date Cyclic redundancy checks on file changes.

Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example, the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.

Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.

As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.