Computer Viruses

Title	Computer Viruses
# of Words	1575
# of Pages (250 words per page double spaced)	6.3

Computer Viruses

Computer Viruses

A virus is a program that copies itself without the knowledge of the computer
user. Typically, a virus spreads from one computer to another by adding itself
to an existing piece of executable code so that it is executed when its host
code is run.   If a virus if found, you shouldn't panic or be in a hurry, and
you should work systematically. Don't rush!

A Viruse may be classified by it's method of concealment (hiding).  Some are
called stealth viruses because of the way that they hide themselves, and some
polymorphic because of the way they change themselves to avoid scanners from
detecting them.

The most common classification relates to the sort of executable code which the
virus attaches itself to. These are:

¨ Partition Viruses ¨ Boot Viruses ¨ File Viruses ¨ Overwriting Viruses

As well as replicating, a virus may carry a Damage routine.

There is also a set of programs that are related to viruses by virtue of their
intentions, appearances, or users likely reactions.  For example:

¨ Droppers ¨ Failed viruses ¨ Packagers ¨ Trojans ¨ Jokes ¨ Test files

THE DAMAGE ROUTINE

Damage is defined as something that you would prefer not to have happened. It is
measured by the amount of time it takes to reverse the damage.

Trivial damage happens when all you have to do is get rid of the virus. There
may be some audio or visual effect; often there is no effect at all.

Minor damage occurs when you have to replace some or all of your executable
files from clean backups, or by re-installing. Remember to run FindVirus again
afterwards.

Moderate damage is done when a virus trashes the hard disk, scrambles the FAT,
or low-level formats the drive. This is recoverable from your last backup. If
you take backups every day you lose, on average, half a day's work.

Major damage is done by a virus that gradually corrupts data files, so that you
are unaware of what is happening. When you discover the problem, these corrupted
files are also backed up, and you might have to restore a very old backup to get
valid data.

Severe damage is done by a virus that gradually corrupts data files, but you
cannot see the corruption (there is no simple way of knowing whether the data is
good or bad). And, of course, your backups have the same problem.

Unlimited damage is done by a virus that gives a third party access to your
network, by stealing the supervisor password. The damage is then done by the
third party, who has control of the network.

CLASSIFICATION OF VIRUSES

Stealth Viruses

If a stealth virus is in memory, any program attempting to read the file (or
sector) containing the virus is fooled into believing that the virus is not
there, as it is hiding. The virus in memory filters out its own bytes, and only
shows the original bytes to the program.

There are three ways to deal with this:

1. Cold Boot from a clean DOS floppy, and make sure that nothing on the hard
disk is executed. Run any anti-virus software from floppy disk. Unfortunately,
although this method is foolproof, relatively few people are willing to do it.

2. Search for known viruses in memory. All the virus scanners do this when the
programs are run.

3. Use advanced programming techniques to probe the confusion that the virus
causes. A process known as the "Anti-Stealth Methodology" in some scanners can
be used for this.

Polymorphic Viruses

A polymorphic virus is one that is encrypted, and the decryptor/loader for the
rest of the virus is very variable. With a polymorphic virus, two instances of
the virus have no sequence of bytes in common. This makes it more difficult for
scanners to detect them.

Many scanners use the "Fuzzy Logic" technique and a "Generic Decryption Engine"
to detect these viruses.

The Partition and Partition Viruses

The partition sector is the first sector on a hard disk. It contains information
about the disk such as the number of sectors in each partition, where the DOS
partition starts, plus a small program. The partition sector is also called the
"Master Boot Record" (MBR).

When a PC starts up, it reads...

This is ONLY a preview of the article. If you would like to view the entire document, you must subscribe to Academic Library. Please register below now!

Subscribe to Academic Library

When you subscribe to the Academic Library, you get 24-hour access to the online database containing full-text articles written by thousands of scholarly students. For only $8.95 per month, you receive unlimited monthly access to view and download all of our 40,000 articles available online. That is less than the price of one textbook!
This price includes:

24-hours-a-day, 7 days a week unlimited access on any computer with Internet access

Complete access to all 40,000 articles, essays, and research papers

Ability to view and download virtually unlimited number of documents

Ability to browse through perfectly arranged catalog of articles

Superior search and relevancy ranking techniques using Google SiteSearch and our local search engine

Instant access to the online database after registration

You can pay by credit card, checking account. You get instant access after registration:

You will be billed $ 8.95 every 30 days (recurring billing) starting on the day you subscribe.
Your credit card will automatically be renewed for your convenience until you cancel.

If you are already registered, please click here to login.


	Home \| Register \| Login \| FAQ \| Forgot Password \| Privacy Policy \| Disclaimer \| Close Account \| Contact Us \| Logout Copyright 1998-2007 Academic Library. Academic Library is designed only to assist students and researchers in the preparation of their own work. Anybody who use our services are responsible not only for writing their own papers, but also for citing Academic Library as a source when doing so. By accessing and using this page you agree to the Disclaimer. If you wish to cancel your subscription to Academic Library, please click here.