Home reading Computer Viruses



Download 26.73 Kb.
Date02.06.2017
Size26.73 Kb.
#19900
Home reading


Computer Viruses

Created: LU, FMF, DatZ1

Oskars Zīle

Oz05001

Table of contents:





Table of contents: 2

History of Viruses 3

Bad People 6

Hackers 6

Crackers 6

How to protect yourself 7

Firewall 7

Black Ice Defender 7

Lockdown 2000 7

Anti Virus Software 7

Resources 8

History of Viruses


The term computer virus was formally defined by Fred Cohen in 1983, while he performed academic experiments on a Digital Equipment Corporation VAX system. Viruses are classified as being one of two types: research or ``in the wild.'' A research virus is one that has been written for research or study purposes and has received almost no distribution to the public. On the other hand, viruses which have been seen with any regularity are termed in the wild. The first computer viruses were developed in the early 1980s. The first viruses found in the wild were Apple II viruses, such as Elk Cloner, which was reported in 1981 Viruses have now been found on the following platforms:




  • Apple II

  • IBM PC

  • Macintosh

  • Atari

  • Amiga

Note that all viruses found in the wild target personal computers. As of today, the overwhelming number of virus strains are IBM PC viruses. However, as of August 1989, the number of PC, Atari ST, Amiga, and Macintosh viruses were almost identical. Academic studies have shown that viruses are possible for multi-tasking systems, but they have not yet appeared. Viruses have evolved over the years due to efforts by their authors to make the code more difficult to detect, disassemble, and eradicate. This evolution has been especially apparent in the IBM PC viruses; since there are more distinct viruses known for the DOS operating system than any other.


The first IBM-PC virus appeared in 1986 this was the Brain virus. Brain was a boot sector virus and remained resident. These viruses expanded the target executables to include COM and EXE files. Cascade was encrypted to deter disassembly and detection. Variable encryption appeared in 1989 with the 1260 virus. Stealth viruses, which employ various techniques to avoid detection, also first appeared in 1989, such as Zero Bug, Dark Avenger and Frodo. In 1990, self-modifying viruses, such as Whale were introduced. The year 1991 brought the GP1 virus, which is network-sensitive and attempts to steal Novell NetWare passwords. Since their inception, viruses have become increasingly complex.
Personal computer viruses exploit the lack of effective access controls in these systems. The viruses modify files and even the operating system itself. These are legal actions within the context of the operating system. While more stringent controls are in place on multi-tasking, multi-user operating systems, configuration errors, and security holes (security bugs) make viruses on these systems more than theoretically possible.
This leads to the following initial conclusions:


  • Viruses exploit weaknesses in operating system controls and human patterns of system use/misuse.

  • Destructive viruses are more likely to be eradicated.

  • An innovative virus may have a larger initial window to propagate before it is discovered and the average anti-viral product is modified to detect or eradicate it.

It has been suggested that viruses for multi-user systems are too difficult to write. However, Fred Cohen required only 8 hours of expert work to build a virus that could penetrate a UNIX system. The most complex PC viruses required a great deal more effort.


Yet, if we reject the hypothesis that viruses do not exist on multi-user systems because they are too difficult to write, what reasons could exist? Perhaps the explosion of PC viruses (as opposed to other personal computer systems) can provide a clue. The population of PCs and PC compatibles is by far the largest. Additionally, personal computer users exchange disks frequently. Exchanging disks is not required if the systems are all connected to a network. In this case large numbers of systems may be infected through the use of shared network resources.
One of the primary reasons that viruses have not been observed on multi-user systems is that administrators of these systems are more likely to exchange source code rather than executables. They tend to be more protective of copyrighted materials, so they exchange locally developed or public domain software. It is more convenient to exchange source code, since differences in hardware architecture may preclude exchanging executables.
The advent of remote disk protocols, such as NFS (Network File System) and RFS (Remote File System), have resulted in the creation of many small populations of multi-user systems which freely exchange executables. Even so, there is little exchange of executables between different clusters of systems.

Types of Viruses
Computer viruses can be classified into several different types. The first and most common type is the virus which infects any application program. On IBM PC’s and clones running under PC-DOS or MS-DOS, most programs and data which do not belong to the operating system itself are stored as files.
Each file has a file name eight characters long, and an extent which is three characters long. A typical file might be called “TRUE.TXT”, where “TRUE” is the name and “TXT” is the extent. The extent normally gives some information about the nature of a file — in this case “TRUE.TXT” might be a text file. Programs must always have an extent of “COM”, “EXE”, or “SYS”. Under DOS, only files with these extents can be executed by the central processing unit.
Since a virus goal is to get executed by the computer, it must attach itself to a COM, EXE or SYS file. If it attaches to any other file, it may corrupt some data, but it won’t normally get executed, and it won’t reproduce. Since each of these types of executable files has a different structure, a virus must be designed to attach itself to a particular type of file. A virus designed to attack COM files cannot attack EXE files, and vice versa, and neither can attack SYS files. Of course, one could design a virus that would attack two or even three kinds of files, but it would require a separate reproduction method for each file type.
The next major type of virus seeks to attach itself to a specific file, rather than attacking any file of a given type. Thus, we might call it an application-specific virus. These viruses make use of a detailed knowledge of the files they attack to hide better than would be possible if they were able to infiltrate just any file. For example, they might hide in a data area inside the program rather than lengthening the file. However, in order to do that, the virus must know where the data area is located in the program, and that differs from program to program. This second type of virus usually concentrates on the files associated to DOS, like COMMAND.COM, since they are on virtually every PC in existence.
Regardless of which file such a virus attacks, though, it must be very, very common, or the virus will never be able to find another copy of that file to reproduce in, and so it will not go anywhere. Only with a file like COMMAND.COM would it be possible to begin leaping from machine to machine and travel around the world.
The final type of virus is known as a “boot sector virus.” This virus is a further refinement of the application-specific virus, which attacks a specific location on a computer’s disk drive, known as the boot sector. The boot sector is the first thing a computer loads into memory from disk and executes when it is turned on. By attacking this area of the disk, the virus can gain control of the computer immediately, every time it is turned on, before any other program can execute. In this way, the virus can execute before any other program or person can detect its existence.

Bad People




Hackers

A hacker by definition believes in access to free information. They are usually very intelligent people who could care very little about what you have on your system. Their thrill comes from system infiltration for information reasons. Hackers unlike crackers and anarchist know being able to break system security doesn’t make you a hacker any more than adding 2+2 makes you a mathematician. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker.” They have attributed any computer related illegal activities to the term “hacker.” Real hackers target mainly government institution. They believe important information can be found within government institutions. To them the risk is worth it. The higher the security the better the challenge. The better the challenge the better they need to be. These individuals come in a variety of age classes. They range from High School students to University Grads. They are quite 2 6 adept at programming and are smart enough to stay out of the spotlight.

They don’t particularly care about bragging about their accomplishments as it exposes them to suspicion. They prefer to work from behind the scenes and preserve their anonymity. Not all hackers are loners, often you’ll find they have a very tight circle of associates, but still there is a level of anonymity between them.

Crackers

For definition purposes... This is primarily the term given to individuals who are skilled at the art of bypassing software copyright protection. They are usually highly skilled in programming languages. They are often confused with Hackers. As you can see they are similar in their agenda. They both fight security of some kind, but they are completely different type.


How to protect yourself

There is a saying that goes “Prevention is better than cure.” If you want to protect your privacy. Take it back from those who may invade it. The individuals who are responsible for these attacks will always prey off those who do not take an interest in defending their privacy. Protecting your system from being hacked, you’ll quickly regain your sense of security.



Firewall

A firewall in layman terms is essentially a program which filters network data to decide whether or not to forward them to their destination or to deny it. These programs will generally protect you from inbound “net attacks.” This means unauthorized network request from foreign computers will be blocked. I cannot stress how important it is in this day and age to have a firewall of some kind installed and “running” on your computer. I personally recommend that you use one of the following or both if you can.



Black Ice Defender

This is a very user-friendly comprehensive firewall program. I highly recommend it to both advance and novice users. It has a simple graphical interface that is easy to understand and pleasing to the eye. It detects your attacker, stops their attack and or scan and gives you as much information available on the “attacker.”



Lockdown 2000

I also recommend Lockdown 2000 as a security measure. Lockdown2000 has a very nice graphical interface to it also and is user friendly. It does the same thing Black Ice Defender does but also runs scans on your system for Trojans. It monitors our registry and system files for changes that occur. Then gives you the option of either undoing all the changes or allowing it.


Anti Virus Software

This is also another piece of software you should by all means have on your system. We all know it’s a necessity however we are all guilty of not using them. There are numerous anti-virus software out there. Norton Antivirus and Mcafee are two of the more common ones. They are all good and do their job. You can find each of these programs at:




  • http://www.norton.com

  • http://www.mcafee.com

Resources





  • Little black book of Computer viruses (Mark Ludwig)

  • Hacking for dummies (Kevin Beaver)

  • Inside internet security (Jeff Crume

  • Hack proofing (Jeff Forristal)

  • http://www.norton.com

  • http://www.mcafee.com

  • http://csrc.nist.gov





Download 26.73 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page