Computer Viruses essay
An Introduction to Computer Viruses and Other Destructive Programs
More Essay Examples on Computer Rubric
A computer virus is a piece of programming code that alters the way your computer works without your knowledge or permission - Computer Viruses essay introduction. They are often designed to replicate and spread quickly to other computer users. Computer viruses can be transmitted via a number of ways like attachments to an email note, downloads, diskettes or CD. Computer Viruses do not generate by itself. They must be written by someone and with a specific purpose.
Computer virus executes when an infected program is executed. Therefore only executable files can be infected. On MS-DOS systems, these files usually have the extensions .EXE, .COM, .BAT or .SYS. Another class of files called overlay files can also be infected. These files often have the extension .OVL, although other extensions such as .OV1 are sometimes used.
Types of Viruses:
There are several different types of viruses that can infect PC systems, including:
© Boot sector viruses
© File infecting viruses
© Polymorphic viruses
© Stealth viruses
© Multi-partite viruses
Boot Sector Viruses
Boot sector viruses are those that infect the boot sector (or master boot record) on a computer system. They first move or overwrite the original boot code, replacing it with infected boot code. They will then move the original boot sector information to another sector on the disk, marking
that sector as a bad spot on the disk so it will not be used in the future. Boot sector viruses can be very difficult to detect since the boot sector is the first thing loaded when a computer is starts. In effect, the virus takes full control of the infected computer.
File infecting viruses:
File infecting viruses are, unsurprisingly, viruses that infect files. Sometimes these viruses are memory resident. However, they will commonly infect most, if not all of the executable files (those with the extensions .COM, .EXE, .OVL and other overlay files) on a system. Some file infecting viruses will only attack operating system files (such as COMMAND.COM), while others will attack any file that is executable.
Polymorphic viruses change their appearance with each infection. Such encrypted viruses are usually difficult to detect because they are better at hiding themselves from anti-virus software. That is the purpose of the encryption.
Multipartite viruses have a dual personality. Some are file viruses that can infect system sectors; others are system sector infectors that can infect files.
Stealth viruses attempt to hide from both the operating system and anti-virus software. To do this, they must stay in memory so they can intercept all attempts to use the operating system (system calls). The virus can hide changes it makes to file sizes, directory structures, and/or other
operating system aspects. Since part of the virus is memory resident, there will be less memory available to users. The virus must hide this fact as well as from both users and anti-virus software. Stealth viruses must be detected while they are in memory. Once found, they must be disabled in
memory before the disk-based components can be corrected.
Multi-partite viruses are those that infect both boot sectors and executable files. They are the worst viruses of all because they can combine some or all of the stealth techniques, along with polymorphism to prevent detection.
Classification of Viruses:
Generally, there are three main classes of viruses:
File infectors, also known as parasitic viruses. These viruses usually attach themselves to selected program files like .COM or .EXE files. They are invoked whenever the infected program is run.
Boot-record infectors. A portion of disk is always set by computer operating systems for code to boot the computer. Boot sector viruses infect these system areas on the disk. It can be DOS boot sector on diskettes or the Master Boot Record (MBR) on hard disks. They hide on the first sector of a disk and are loaded into memory before system files are loaded. This allows it to gain control of DOS interrupts to cause damage. Once the MBR or boot sector of the hard drive is infected, the virus will attempt to infect the boot sector of every floppy disk that is inserted into the computer and accessed.
Macro viruses. These are viruses that infect macro utilities in applications like Microsoft Word or Excel. They are the most common type of virus at present. Macro viruses are application-specific, meaning a Word macro virus cannot infect an Excel document and vice versa. They are however not specific to operating systems.
Destructive Non-Virus Programs (Malicious Software)
Aside from viruses, there are other threats to user systems, including:
As well as being potentially destructive by themselves, each can also be used as a vehicle to propagate any virus.
Viruses are far from the only maverick programs that can disrupt a computer system. Worms are constructed to infiltrate legitimate data processing programs and alter or destroy the data. Often what people believe is a virus infection is, in fact, a worm program. This is not as serious because worms do not replicate themselves. But the damage caused by a worm attack can be just as serious as a virus, especially if not discovered in time. For example, suppose a worm program instructs a bank’s computer to transfer funds to an illicit account. The fund transfers may continue even after the worm is destroyed. However, once the worm invasion is discovered, recovery is much easier because there is only a single copy of the worm program to destroy since the replicating ability of the virus is absent. This capability may enable it to re-infect a system several times. A worm is similar to a benign tumor while a virus is like a malignant one.
A Trojan Horse is a destructive program that has been disguised (or concealed in) an innocuous piece of software. Indeed, worm and virus programs may be concealed within a Trojan Horse. Trojan Horses are not viruses because they do not reproduce themselves and spread as viruses do.
A type of Trojan horse designed to open port 21 (the port for FTP transfer) and lets the attacker connect to your computer using File Transfer Protocol (FTP).
These Trojans function as a proxy server and provide anonymous access to the Internet from victim machines. Today these Trojans are very popular with spammers who always need additional machines for mass mailings. Virus coders will often include Trojan-proxies in Trojan packs and sell networks of infected machines to spammers.
Writing a logic bomb program is similar to creating a Trojan Horse. Both also have about the same ability to damage data, too. Logic bombs include a timing device so it will go off at a particular date and time. The Michelangelo virus is embedded in a logic bomb, for example.
Other virus programs often include coding similar to that used in logic bombs, but the bombs can be very destructive on their own, even if they lack the ability of the virus to reproduce. One logic bomb caused major problems in the Los Angeles water department’s system.
Logic bombs are usually timed to do maximum damage. That means the logic bomb is a favored device for revenge by disgruntled former employees who can set it to activate after they have left the company. One common trigger occurs when the dismissed employee’s name is deleted from payroll records. On one occasion, a student left a logic bomb timed to explode and wipe out his university’s records well after he had collected his degree and was long gone. This example illustrates the pernicious nature of logic bombs which can be written literally decades before they explode.
Below are some good practices to prevent your computer from virus infection:
• Turn off automatic opening of email attachments, never open attachments from unknown sources or attachments you are not expecting.
• Always scan diskettes, CD’s and any other removable media before using them.
• Always scan files downloaded from the Internet before using them
• Do not install any unapproved software on your computer.
• Ensure that your virus pattern files are updated.
• Ensure that your computer is patched with the latest security updates.
• Scan your computer on a regular basis
It is always good to perform regular backup of your data. That is the most convenient and secure
way to recover your files should there be a virus attack.
What factors should you consider when designing security appropriate to your operation?
There are five areas of consideration:
1. The number and density of personal computers:
If your company has many PCs or if there is a high ratio of computers to employees, your procedures should be more formal and extensive.
2. The extent to which computers are interconnected:
Note that interconnection does not have to be via a network. If data is routinely moved from one computer to another via “sneaker net” (copying to a floppy disk and walking it across the room to the other computer), your computers are interconnected. The factor you must consider is the extent to which data is moved between computers, not the number of feet (or miles) of wire connecting them.
3. The number of locations where computers are used:
To the extent that computers are physically located at a distance, more people will have to coordinate their security activities. In addition, they will have to agree on what procedures are appropriate. Remember, coordination problems increase in proportion to the square of the number of people involved.
4. The pace of operations:
Some businesses simply operate at a faster pace than others. Examples include security brokerage houses, travel agents and airline reservation operations. All other things being equal, a currency trading unit will work at a faster pace than a research laboratory. The faster the pace of operations
the greater the degree of protection required because the rate at which new data is generated is proportional to the pace of operations. More data equals greater risk.
Software is only one piece of the war against viruses. However, it is an essential component.
Anti-virus software must be able to perform three tasks:
a. Test files and directories for the presence of viruses.
b. Clean infected files
c. Provide ongoing real-time protection against memory resident viruses.
Methods to Avoid Detection:
A spacefiller (cavity) virus.
Some program files, for a variety of reasons, have empty space inside of them. This empty space can be used to house virus code. A spacefiller virus attempts to install itself in this empty space while not damaging the actual program itself. An advantage of this is that the virus then does not increase the length of the program and can avoid the need for some stealth techniques. The Lehigh virus was an early example of a spacefiller virus.
Some viruses will attempt to tunnel under anti-virus monitoring programs in order to bypass their monitoring functions.
When scanners were less sophisticated it might have been possible for a virus to sneak by as scanners sometimes did not display some alarms, knowing them to be false. This type of virus would be extremely hard to write today.
NTFS ADS Viruses:
The NT File System allows alternate data streams to exist attached to files but invisible to some filehandling utilities. A virus can exploit such a system.
History of Viruses:
1981 – The First Virus In The Wild:
As described in Robert Slade’s history, the first virus in the wild actually predated the experimental work that defined current-day viruses. It was spread on Apple II floppy disks (which contained the operating system) and reputed to have spread from Texas
1983 – The First Documented Experimental Virus
Fred Cohen’s seminal paper Computer Viruses – Theory and Experiments from 1984 defines a computer virus and describes the experiments he and others performed to prove that the concept of a computer virus was viable.
1986 – Brain, PC-Write Trojan, & Virdem
The common story is that two brothers from Pakistan analyzed the boot sector of a floppy disk and developed a method of infecting it with a virus dubbed “Brain” (the origin is generally accepted but not absolutely). Because it spread widely on the popular MS-DOS PC system this is typically called the first computer virus; even though it was predated by Cohen’s experiments and the Apple II virus. That same year the first PC-based Trojan was released in the form of the popular shareware program PC-Write. Some reports say Virdem was also found this year; it is often called the first file virus.
The correct English plural of virus is viruses. The point of this is that even in Latin the form “viri” is rarely used. The singular form is used in most every instance.
The encrypted virus does propagate an identical copy of its small decryption routine
from infection to infection.
Removal and Reinstallation:
If you suspect that you have been infected and are comfortable with working in the MSDOS box “command window,” you can relatively easily check for the signature file(s) that are the infection. The procedure is to open “MSDOS” (an icon) or run “Command” from the Windows “Run” box on the start menu, either of which will open a black text screen box or take you to a full screen DOS prompt sceen depending on how your computer is configured. Once in the DOS or Command screen, change to the :\Windows\System directory with a “CD C:\Windows\System <Enter>” command. Step 1 is to type “attrib win*.*”; If you see a SHR WINKUE.EXE or SHR WINKFR.EXE in the list, you have been infected. Possible other Wink??.exe permutations are possible. Step 2 and what I recommend at this point is that you do an “attrib winkue.exe -s -h -r <enter>” which will unhide the file, substituting winkfr.exe or other permutation name if seen in step one. One unhidden, step 3 is to do a “del winkue.exe <enter>” command which should remove the executable file from your computer. Step 4 is then to shut down and then power down your computer for at least seconds so the the infection “dies” in memory. On restarting you may see Windows trying to find this deleted file, just cancel the search and let Windows startup normally.
1. Symantec Corporation, A List of viruses
2. Cert Corporation, Viruses Definition
3. Computer Virus Definitions, Update your anti virus software scanning engine and computer virus definitions
4. Computer Virus Definition, Protecting against Virus, <www.locusdesigns.com/lrncntr/protecting_against_viruses.htm>
5. What is a Computer Virus, <www.actlab.utexas.edu/~aviva/compsec/virus/whatis.html>
6. Your Dictionary, All Definition
7. File Flash, All Files Computer Viruses, <www.fileflash.com/allfiles/computer_virus_information>
8. Fred Cohen, “Computer Viruses: Theory and Experiments”, Computers and Security 6 (1987) (22-35)
9. Fred Cohen, “Computational Aspects of Computer Viruses”, Computers and Security 8 (1989) (325-244)
10. Y. N. Moschovakis, “Notes on Set Theory”, Springer-Verlag, NY, 1994, p. 11
11. Alan Turing, “On Computable Numbers, with an application to the Entscheidungsproblem”, Proceedings London Mathematical Society (series 2)
vol 42, 1936-7, pp.230-265.