 |
| Virus and Antiivirus |
Introduction of virus.
basically Computer Virus is of two types
- Intentional Virus (Later You will learn, how you can create Intentional Virus)
- Automatic Virus
what is virus:-A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems
History of Virus
History of Virus
Since 1987, when a virus infected ARPANET, a large network used by the Defense Department and many universities, many antivirus programs have become available. These programs periodically check your computer system for the best-known types of viruses.
experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simple.
experts estimate that the Mydoom worm infected approximately a quarter-million computers in a single day in January 2004. Back in March 1999, the Melissa virus was so powerful that it forced Microsoft and a number of other very large companies to completely turn off their e-mail systems until the virus could be contained. The ILOVEYOU virus in 2000 had a similarly devastating effect. In January 2007, a worm called Storm appeared -- by October, experts believed up to 50 million computers were infected. That's pretty impressive when you consider that many viruses are incredibly simple.
Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.
Types of Computer Viruses.
Not all computer viruses behave, replicate, or infect the same way. There are several different categories of viruses and malware. Below I list and discuss some of the most common types of computer viruses.
Trojan Horse:
A trojan horse program has the appearance of having a useful and desired function. While it may advertise its activity after launching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.
Worms:
A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.
Bootsector Virus:
A virus which attaches itself to the first part of the hard disk that is read by the computer upon bootup. These are normally spread by floppy disks.
Backdoor
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootki
Spyware
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.
While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, resulting in slow Internet connection speeds, un-authorized changes in browser settings or functionality of other software.
Sometimes, spyware is included along with genuine software, and may come from an official software vendor. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is provided by the term privacy-invasive softwareMacro Virus:
Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel and are typically spread to other similar documents.
Memory Resident Viruses:
Memory Resident Viruses reside in a computers volitale memory (RAM). They are initiated from a virus which runs on the computer and they stay in memory after it's initiating program closes.
Rootkit Virus:
A rootkit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the linux administrator root user. These viruses are usually installed by trojans and are normally disguised as operating system files.
Polymorphic Viruses:
A polymorphic virus not only replicates itself by creating multiple files of itself, but it also changes it's digital signature every time it replicates. This makes it difficult for less sophisticated antivirus software to detect.
Logic Bombs/Time Bombs:
These are viruses which are programmed to initiate at a specific date or when a specific event occurs. Some examples are a virus which deletes your photos on Halloween, or a virus which deletes a database table if a certain employee gets fired.
E-mail viruses: An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file
for examle. 0011 code is in dictionary of Anti-virus. when you start to scan Computer. If infected file code 0011 match with code in Anti-virus's dictionary then virus is detected.
Types of Computer Viruses.
Not all computer viruses behave, replicate, or infect the same way. There are several different categories of viruses and malware. Below I list and discuss some of the most common types of computer viruses.
Trojan Horse:
A trojan horse program has the appearance of having a useful and desired function. While it may advertise its activity after launching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.
Worms:
A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.
Bootsector Virus:
A virus which attaches itself to the first part of the hard disk that is read by the computer upon bootup. These are normally spread by floppy disks.
Backdoor
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootki
Spyware
Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.
While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like Internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with user control of a computer by installing additional software or redirecting Web browsers. Some spyware can change computer settings, resulting in slow Internet connection speeds, un-authorized changes in browser settings or functionality of other software.
Sometimes, spyware is included along with genuine software, and may come from an official software vendor. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is provided by the term privacy-invasive softwareMacro Virus:
Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel and are typically spread to other similar documents.
Memory Resident Viruses:
Memory Resident Viruses reside in a computers volitale memory (RAM). They are initiated from a virus which runs on the computer and they stay in memory after it's initiating program closes.
Rootkit Virus:
A rootkit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term rootkit comes from the linux administrator root user. These viruses are usually installed by trojans and are normally disguised as operating system files.
Polymorphic Viruses:
A polymorphic virus not only replicates itself by creating multiple files of itself, but it also changes it's digital signature every time it replicates. This makes it difficult for less sophisticated antivirus software to detect.
Logic Bombs/Time Bombs:
These are viruses which are programmed to initiate at a specific date or when a specific event occurs. Some examples are a virus which deletes your photos on Halloween, or a virus which deletes a database table if a certain employee gets fired.
E-mail viruses: An e-mail virus travels as an attachment to e-mail messages, and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Some e-mail viruses don't even require a double-click -- they launch when you view the infected message in the preview pane of your e-mail software
How does anti-virus software work?
An anti-virus software program is a computer program that can be used to scan files to identify and eliminate computer virusesmalicious software (malware).
Anti-virus software typically uses two different techniques to accomplish this:- Examining files to look for known viruses by means of a virus dictionary(Data Dictionary)
- Identifying suspicious behavior from any computer program which might indicate infection(Suspicious Acitvity)
In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file
for examle. 0011 code is in dictionary of Anti-virus. when you start to scan Computer. If infected file code 0011 match with code in Anti-virus's dictionary then virus is detected.
Suspicious behavior approach
The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.
unauthorized program running in the system is suspicious activity .
The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do.
unauthorized program running in the system is suspicious activity .
Other ways to detect viruses
Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.
Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.
Issues of concern Macro viruses, arguably the most destructive and widespread computer viruses, could be prevented far more inexpensively and effectively, and without the need of all users to buy anti-virus software, if Microsoft would fix security flaws in Microsoft Outlook and Microsoft Office related to the execution of downloaded code and to the ability of document macros to spread and wreak havoc.
Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using self-modifying code or otherwise appears as a virus (it immeadeatly tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.
Yet another detection method is using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, the sandbox is analysed for changes which might indicate a virus. Because of performance issues this type of detection is normally only performed during on-demand scans.
Issues of concern Macro viruses, arguably the most destructive and widespread computer viruses, could be prevented far more inexpensively and effectively, and without the need of all users to buy anti-virus software, if Microsoft would fix security flaws in Microsoft Outlook and Microsoft Office related to the execution of downloaded code and to the ability of document macros to spread and wreak havoc.
No comments:
Post a Comment