The application software/hardware which works against viruses is called Anti-virus. A lot of questions can be framed on this topic. Here are some important points all CISA aspirants and Information Security Professionals are required to know about anti-viruses.

1. Virus signature / database/data mask/ is an algorithm or a set of algorithms which calculate a hash to distinctively identify the strains of a virus.

2. A generic anti-virus checks the database or virus signature and a heuristic anti-virus uses heuristic algorithm and checks malicious character in virus behaviour by different statistical and other advanced means.

3. Common place where a virus may reside are

RAM
Boot Records
Master Boot records
Different type of files

4. A good anti-virus should have the following capabilities:

Script checking
Compressed Files/folder checking
Quarantine capability
Email and web mail checking
P2P/File Sharing Protection
Registry checking
Macro protection


5. Inoculators calculate snapshot of a fresh program and checks any change thereafter. This is one of the best ways to counter virus but think what will happen if snapshot is calculated on infected file/program. ?

6. Integrity checker anti-virus calculates Calculates Cyclic Redundancy Checks (CRC).

7. Immunizer inserts a small piece of malicious code to provide protection against that malicious agent.

8. How Behaviour blocker anti-viruses work?. I leave this point for my readers to answer.

9. False positive condition means anti-virus reports a virus when actually no virus is there.

10. False negative is actually reverse of the false positive. In false negative is a situation where anti-virus fails to find a virus when virus actually exists in the system.