ZyXEL Communications ZyWALL USG 300 User Manual page 509

Table 149 Common Computer Virus Types (continued)
TYPE
E-mail Virus
Polymorphic
Virus
Computer Virus Infection and Prevention
The following describes a simple life cycle of a computer virus.
A computer gets a copy of a virus from a source such as the Internet, e-mail, file
1
sharing or any removable storage media. The virus is harmless until the execution
of an infected program.
The virus spreads to other files and programs on the computer.
2
The infected files are unintentionally sent to another computer thus starting the
3
spread of the virus.
Once the virus is spread through the network, the number of infected networked
4
computers can grow exponentially.
Types of Anti-Virus Scanner
The section describes two types of anti-virus scanner: host-based and network-
based.
A host-based anti-virus (HAV) scanner is often software installed on computers
and/or servers in the network. It inspects files for virus patterns as they are
moved in and out of the hard drive. However, host-based anti-virus scanners
cannot eliminate all viruses for a number of reasons:
• HAV scanners are slow in stopping virus threats through real-time traffic (such
as from the Internet).
• HAV scanners may reduce computing performance as they also share the
resources (such as CPU time) on the computer for file inspection.
• You have to update the virus signatures and/or perform virus scans on all
computers in the network regularly.
A network-based anti-virus (NAV) scanner is often deployed as a dedicated
security device (such as your ZyWALL) on the network edge. NAV scanners
inspect real-time data traffic (such as E-mail messages or web) that tends to
bypass HAV scanners. The following lists some of the benefits of NAV scanners.
ZyWALL USG 300 User's Guide
DESCRIPTION
E-mail viruses are malicious programs that spread through e-mail.
A polymorphic virus (also known as a mutation virus) tries to evade
detection by changing a portion of its code structure after each
execution or self replication. This makes it harder for an anti-virus
scanner to detect or intercept it.
A polymorphic virus can also belong to any of the virus types discussed
above.
Chapter 30 Anti-Virus
509