Computer viruses are engineered by real people, usually advanced software programmers, simply to create havoc and disruption. This year the financial damage that has resulted worldwide from such maligned programming endeavors is estimated to be over $2.5 billion. Why are so many trained minds bent on delivering such mayhem to us, the innocent bystanders and users of this software technology?
There are as many reasons for creating viruses as there are programmers creating them, so it helps to gain a basic understanding of how viruses deliver their twisted little payload. Simply put, a computer virus is a memory-resident piece of code that reproduces itself, and it includes itself in other computer code without permission. It does unforgiveable things, mostly unnoticeable to the victim --until it's too late! Then you can't help but notice.
Virus Attacks
The experience of a virus attack is not obvious in most organizational settings. First, it is a logarithmic structure. The initial infection can go unseen for months. It is most certain that by the time someone educated in recognizing the problem sees it, the damage is already widespread. The key must be education. The earlier in the reproductive cycle that virus infection is detected, the easier it is to stop. Secondly, a single source point of infection can carry several different viruses, with different paths of infection. Clearly, the more dependent an organization is on the computer facilities it uses for information storage and retrieval, the more vulnerable it is to virus attack.
Part of the key in fighting computer viruses is to identify the possible paths of virus infection. These an be entirely legitimate - such as shrink-wrap software from a distributor - or entirely illicit. Clearly a strong, and enforced, company policy against any illegal software is the simplest step in preventing virus infection. The possibility of a virus infection from legitimate sources - commercial or share-ware - is very small.
Virus Infections
Most users who experience a virus infection don't even know that there is a virus present; until files are discovered damaged or missing. Once a problem is perceived, it is often interpreted as a hard drive error, and the drive is reformatted - taking out the virus. Or, a low-level format is performed, again removing the problem. The difficulty is that, first, far more "surgery" has been performed than necessary, and secondly, the cause has not been identified, and therefore the problem has not been solved. Realistically, virus infections are rare in most cases. However, when they occur, they must be dealt with quickly and with proper knowledge. Lack of understanding is deadly, because both ignorance and the virus infection are lethal, but so is the friendly fire . Much more damage is done by ill-advised attempts to clean up viruses that may - or may not exist -than has ever been caused by the viruses themselves.
So the primary issue in virus management is recognition. The management problem is one of both setting up adequate controls to trap and eliminate computer viruses, and dissemination of the knowledge of software so that a distinction between normal control structures and viruses is available.
Virus Classes
From a functional point of view, any computer viruse can be broken down into a number of simple classes. These classes center on where one would look for virus infection. Not surprisingly, that has become everywhere in a PC's software. Pick any defined part of a PC's software, and there is a virus that will attack it. Boot blocks, Allocation Tables, EXE and COM files, ordinary files just masquerading as functional files, even in a few cases, BAT files, and most recently meta viruses such as "WinWord.CONCEPT."
The basic problem is very simple - Viruses come in all sizes and shapes. Currently, computer viruses are categorized by their mode of infection. This centers on the path used to replicate the virus and the type of system infected:
1.Boot Sector Viruses -
These infect the boot sector on a floppy or hard disk. Typical examples are STONED and MICHAELANGELO. These usually replace the boot sector with all or part of a virus program which stashes itself in memory and moves the boot sector on the disk to another location. Often the damage is done because the boot block is moved blindly to another disk location, over-writing what ever is resident there.
2.File Viruses -
File Viruses infect ordinary *.EXE or *.COM files. Usually they just append the virus code to the file; but recent versions have gotten trickier, and better hide their additions. Friday the 13th loads into memory on execution of the infected file, and if the date matches Friday the 13th, deletes *.exe files - often itself included!
3.Systemic Viruses -
These viruses focus on the system files necessary for DOS. These are files which control the allocation of system resources, such as directories, and files. In some cases a much more basic level of attack against CMOS structures is attempted.
4.Stealth viruses -
A stealth virus tries to conceal its presence on your system. This may be as simple as modifying the file structure to conceal the additional code added to a file. It may go so far as making sure that when added to machine code in the *.COM file that the CRC is not changed (a technically very tricky bit of work).
5.Meta Viruses -
This is a newer for of Virus that execute their nasty work in the very helpful meta languages embedded in powerful modern programs like Microsoft Word. These are also sometimes referred to as Macro Viruses.
6.Trojan Horses -
These types of viruses are crude, front door attacks. They rely on simple naiveté. The level of the threat can be very potent, however, because this type of virus does not require any backdoor - you gave them the key!
Now about the Anti-virus...
How does Antivirus Work?
Today's antivirus software typically adopt one or more of the following methods to screen emails and files moving in ( and out ) of a computer;
1.File Scanning -
usually after antivirus installation and download of latest virus definitions ( file/files containing latest virus info that that the antivirus software uses to detect viruses ). This scans certain or all files on the computer to detect virus infection. All antivirus allows user scheduled background scanning.
2.Email and Attachment Scanning -
since email is the primary virus delivery mechanism, this is the most important function of the antivirus software. All antivirus today scans both email content and attachments for viruses - some like Norton picks up your emails from your email server before passing it to your computer for scanning ( downside : if scanning server is bogged down, you will encounter delays ) and others like Bullguard intercepts your emails and attachments in your computer before passing it to your email program.
3.Download Scanning -
scans files that are being downloaded from a website/FTP. Ex. during a "File Download" - Save this file to disk operation or using a download accelerator.
4.Heuristic Scanning -
used to detect viruslike code in emails and files based on intelligent guessing of typical viruslike code patterns and behaviour. Test labs use 'zoo viruses -fabricated viruses' to test performance of antivirus software in detecting new viruses.
5.Active Code Scanning -
new browsers allows active codes like Java and ActiveX in webpages. But these codes can also be of malicious nature and do severe damage to the computer and go on to infect other computers. Links in emails can invoke active codes in a webpage and do the same damage.
2007-11-23 18:46:30
·
answer #1
·
answered by VIBDIN 1
·
0⤊
0⤋
Most viruses work just like their biological equivalent. They infect the host (in this case the hard drive of a computer.) They do their best to reproduce themselves. Many are not particularly harmful but all are malicious and waste system resources.
Anti Virus programs function by scanning memory and the hard drive for bits of code known to be within the virus. This is sort of like looking for the virus' fingerprint or DNA.
Unfortunately, anti virus software often is late to the party because the definition used to examine the computer requires that the virus (or some variation of it ) to be identified and the definition file updates. With anti-virus software it is critical to update regularly.
2007-11-23 18:27:49
·
answer #2
·
answered by gator_ce 5
·
0⤊
0⤋
Years ago I used to often mention to classes that most computer viruses actually acted like retro viruses instead of true viruses. This usually let me identify any one with medical training who would be nodding there head in understanding while everyone else when "w..hhha ....????"
Since that time the virus has greatly evolved. The media term virus covers a range of computer nasties.
The 3 main categories are
1. Virus
2. Worm
3. Trojan.
These can all be called Malware, only with other categories of computer nasties..
The 3 categories are not seperate and in each category they have different ways of working.
New ways of working are being invented all the time. Once I taught a class on security I told the students that viruses can not infect your computer through the web, unfortunately I said that on the same day that the first virus to use your browser to infect your computer was detected.
But basically the concept is this. I want to do something nasty to many computers. So I need to get my software onto as many computers as possible. Microsoft uses marketing, but what I am going to do is sneak it on.
Maybe it will be hidden on a disk, webpage or even pretending to be something benign (eg how the greeks killed the Trojans in the Illiad). When it gets into your computer computer its job is not to do anything directly to your computer (at first) but to get on out to the rest of the world.
Human diseases that kill quikly (eg ebola) tend not to spread far, because they kill too quickly. While HIV can spread for more than years before a person gets AIDS
So after a few days, months, or years the virus does what it as intended to do (wipe your hard drive, send copies of your bank accound details to a guy named Ivan in Russia or play the Bosnia national anthem very loudly).
All viruses, worms and trojans are basically variantions on this theme. Obviously with the power of modern computers and network systems, the types and capabilities of viruses have increased.
Viruses can attack your antivirus software, morph into new shapes, it will only be a matter of time before we have evolving viruses, ones that are capable of adapting and reinventing themselves. One of the early famous worms brought down the Internet (before most people had heard of it) because the programmer who wrote it made a mistake in the code and it was more viscious than planned. Who is to say a virus that is accidently corrupted might not bring down the Net of future.
Be afraid, be very afraid
2007-11-23 18:43:04
·
answer #3
·
answered by flingebunt 7
·
0⤊
0⤋
Anti Virus programs function by scanning memory and the hard drive for bits of code known to be within the virus. This is sort of like looking for the virus' fingerprint or DNA.
Unfortunately, anti virus software often is late to the party because the definition used to examine the computer requires that the virus (or some variation of it ) to be identified and the definition file updates. With anti-virus software it is critical to update regularly.
this will help you
2007-11-23 18:41:02
·
answer #4
·
answered by avril 1
·
0⤊
0⤋