Computer Knowledge - Interception

Search this site or the Internet.

Hot Topics

Please see the CKnow Home Page for a list of current hot topics.

Hot Utilities

Utilities that may help you...

Registry Booster [more]
Free registry scan.
SpeedUpMyPC [more]
Auto maximize performance.
Registry Mechanic [more]
Registry clean, repair & optimize.
Spyware Doctor [more]
Three-way spyware protection.
Associate This [more]
A file extension manager.
TrID [more]
Identify hundreds of file types!
Free Tech Magazines [more]
No charge. No catch. No kidding.

Notes

DewaHost offers premium Web hosting service starting from $8.95/month and a high speed file hosting service - FileBurst!

CKnow does NOT spam.
E-mail is easily forged.

Interception

Interceptors (also known as resident monitors) are particularly useful for deflecting logic bombs and Trojans. The interceptor monitors operating system requests that write to disk or do other things that the program considers threatening (such as installing itself as a resident program). If it finds such a request, the interceptor generally pops up and asks you if you want to allow the request to continue. There is, however, no reliable way to intercept direct branches into low level code or to intercept direct input and output instructions done by the virus itself. Some viruses even manage to disable the monitoring program itself. Indeed, for one widely-distributed anti-virus program several years back it only took eight bytes of code to turn its monitoring functions off.

It is important to realize that monitoring is a risky technique. Some products that use this technique are so annoying to use (due to their frequent messages popping up) that some users consider the cure worse than the disease!

Summary

Interceptors are useful for some simple logic bombs and Trojans.
It would be unwise to depend entirely upon behavior monitors as they are easily bypassed.

**Virus Tutorial Map**
Tutorial Home Page Introduction to Viruses: Virus Behavior \| Number of Viruses \| Virus Names \| How Serious? \| Good Viruses? \| Why Write Viruses? \| Hardware Threats \| Software Threats \| Virus Droppers Types of Viruses What Viruses Infect: System Sector Viruses \| File Viruses \| Macro Viruses \| Companion Viruses \| Cluster Viruses \| Batch File Viruses \| Source Code Viruses \| Visual Basic Worms How Viruses Infect: Polymorphic Viruses \| Stealth Viruses and Rootkits \| Fast and Slow Infectors \| Sparse Infectors \| Armored \| Multipartite \| Spacefiller (Cavity) \| Tunneling \| Camouflage \| NTFS ADS Viruses Specific Threats: Back Orifice \| CIH Spacefiller \| Kakworm \| Laroux \| Love Letter \| Melissa \| Nimda \| Pretty Park \| Stages History of Viruses (Summary) Dr. Solomon's History: 1986-1987 The Prologue \| 1988 The Game Begins \| 1989 Datacrime \| 1990 The Game Gets More Complex \| 1991 Product Launches and Polymorphism \| 1992 Michelangelo \| 1993 Polymorphics and Engines \| The Future Robert Slade's History: Earliest History \| Related Early \| Fred Cohen \| Pranks/Trojans \| Apple Virus \| Lehigh/Jerusalem \| (c) Brain \| MacMag Virus Protection: Scanning \| Integrity Checking \| Interception \| AV Product Use Guidelines \| File Extensions \| Safe Computing Practices (Safe Hex) \| Outlook and Outlook Express \| Disable Scripting \| Backup Strategy \| On-going Virus Information Miscellaneous: Anti-Virus Software \| Tutorial License \| Virus Plural \| Partition Sector \| DOS Boot Sector \| FDISK/MBR \| False Authority \| Logic Bombs \| Trojans \| Worms \| Hoaxes

Last Changed: Thursday, February 02, 2006
Navigation: Computer Knowledge Home :: Virus Tutorial Home :: Interception