Computer Viruses Essay, Research Paper
What is a computer virus?
Sometimes the term “virus” is misused. Some people tend to use the word “virus” to refer to anything undesirable that can happen to a computer, but this is not completely accurate. Viruses are short programs that are not accidental. Someone, somewhere, has purposely designed them, usually with malicious intent. It is usually copied and passed along many times before it reveals its existence. “A virus is any program that reproduces itself by using the resources of your computer without your knowledge or consent.”
A virus just copies itself and spreads. A virus cannot move by itself, it must attach itself to another program. Viruses may be written to multiply, to damage other programs, or to alter data.
There are many different kinds of viruses. Viruses come in a wide variety. They are often small and well hidden, therefore difficult to find. Some are slow while others are fast. Some take days, weeks, months or years before they start damaging a computer. They may be benign and result only in amusement or mere annoyance, or they can be malignant and malicious.
Before we start talking about the different characteristics of a virus, we should first see how a virus works.
How does a virus work?
The first step of a virus is to initialize the computer. It remains hidden and tries to gain control from the operating system. The next step is for the virus to set up virus processing and modifies the system to support virus control. Then the virus wants to find available hosts. Its job is to seek new receptive hosts and determine if they are available for infection. They want to infect as many systems as possible. They infect the system by attaching themselves to the host. They moderate their infection activities to reduce the risk of being found. This is when a virus officially begins its destruction of a system. A virus wants to determine if it is time to activate. This depends on a number of things. It needs to know the preset number of infections, the elapse time in the system, the preset data or time, and other external events, which have occurred. Depending on these factors the virus determines if it should be destructive at this time or if it should wait. At the end the computer is usually unaware of the infection.
Basically all a virus does is live in a host program. Each time the host program is executed, so is the virus. When the virus is executed, it seeks at least one other program to which it can copy itself. This is why a virus is constantly spreading.
What are some intrusive programs?
Viruses are not the only programs that can disrupt a computer system. Sometimes other programs get confused with viruses. Some of these programs are Trojan Horses, Worms and Logic or Time Bombs.
A Trojan Horse is a program that does something more than the user was expecting, where this extra something is damaging. It is not a virus because it does not reproduce itself. It is designed to look innocent but when they are run it causes harmful effects. These programs were named after the Trojan Horse used by the Greeks at the siege of Troy. Greek soldiers hid inside a wooden horse and when the Trojans took this horse inside the city of Troy, the Greeks jumped out and attacked. This is the same way a Trojan horse in a program works inside the computer. Trojans hide with in a program that appears legitimate. When you load this program…TROUBLE BEGINS.
Worms are also programs that alter or destroy data. Worms are easier to deal with than viruses once they are found. The reason being that unlike viruses, worms do not duplicate themselves. It is a program that is designed to invade a workstation. Once it invades this workstation, it then disables it.
Logic or Time Bombs are like Trojan Horses. They are similar in their programming and ability to damage data. However, the differences are in the design. It is designed with a built-in timing device so it will go off at a certain time. They can be detected before they are activated if you use a good scanning program regularly.
Where do viruses reside?
The areas where they initially infect can classify computer viruses. There are two general categories: File infections and System or Boot-Record infections.
File infections (or program viruses) attach themselves to ordinary program files. These are usually .COM or .EXE files. File infections can be either Direct Action Viruses or Resident Viruses. Direct Action Viruses have one major concern. Their job is to search for other programs to infect each time it is executed. Resident Viruses hide themselves in memory. Then when an infected program is executed it infects other programs.
System or Boot-Record infections also called Boot Sector Viruses, deals with the computer as it is being loaded. The boot segment contains instructions for the computer. It is the first part of the system to be activated when a computer is turned on. It contains small programs necessary to start (boot up) the system. It is a hidden part of the hard or floppy disk. Boot viruses infect code found on a disk and gains control of the system. Boot viruses monitor all of the processes in a computer and modify them. It implements the self-defense mechanism. Attempts to erase, replace, or modify the boot area are intercepted by the virus and canceled. Since boot sectors become infected by a floppy disk it can be prevented. You must always remember, never to boot up your system from an unknown, unchecked floppy disk.
There are other types of viruses called Multipartite Viruses. These viruses infect both the boot system and the executable file.
What are some types of viruses?
Sometimes virus hackers are too lazy to make their own viruses so they take already existing viruses and modify them. The original is called virus strain and the modified versions are called varieties. The two main viruses, which I came across during my research, are a Stealth Virus and a polymorphic virus.
A Stealth Virus is designed to conceal their presence and avoid detection. It hides the modifications it has made and forges the results so that when the program tries to read these areas, it sees the original uninfected form instead of the actual infected form. Stealth Viruses use several techniques to invade a computer and escape detection. The most common method involves complex code encryption. This is designed to change the code each time the program is generated. Thus, there is no recognizable pattern and it is hard to detect.
A polymorphic Virus is designed to combine strategies to attack the integrity of the operating system. It produces varied copies of itself so that it has the ability to change its characteristic pattern or shape encryption so that each new copy looks different.
What are some characteristics of viruses?
There are different ways to categorize viruses depending on their characteristics. Viruses can be classified as either slow or fast viruses, determined by their mode of infection.
Fast infections, as the name denotes spread rapidly within a computer by infecting everything that is accessed. It is a virus that when it is activated in memory, it infects not only the programs that are executed but also infects those programs that are merely opened.
Slow infections are viruses that are less likely to be noticed. Because they spread slowly, they are hard to detect. They infect files only as they are modified.
Some other characteristics include a sparse infection, a Companion virus, or an Overwriting virus.
A Sparse infection is a virus that infects only occasionally. It will infect files whose length falls within a certain range.
A Companion Virus is known to create a new program, which gets executed by the command-line interpreter instead of the intended program. Companion viruses uses the fact that files have the same filename but with different extensions (ex. EXE. Files have companion COM programs). It then switches these files. The problem arises when you try to run these EXE programs; you end up running the COM programs.
An Overwriting Virus overwrites each file it infects with itself. Then the original programs no longer functions.
What is the severity of a virus?
There are different amounts of damage that a computer virus can cause. The severity of a virus can range from mild too severe. If you were to get a virus, hope for mild one. There are six terms that can be used to classify viruses; three of them can be considered on the mild side and the next three are more severe.
The mildest virus would be considered a trivial virus. It does nothing except duplicate itself. In most cases, you do not even know that a trivial virus exists. The next level would be classified as a minor virus. This is when significant damage occurs. This is a type of virus that alters or deletes one or more executable program files, which the virus has infected. A moderate virus would be the next level. This type of virus causes destruction to all of the files on the hard disk. A moderate virus does one of two things. It either alters the formatting of programs or it alters files by overwriting part of it with garbage.
The next level of virus severity would be called a major virus. This leads the discussion into more serious types of viruses. A Major virus is when a virus slowly corrupts the data over a period of time. However, a severe virus is worse. A severe virus is when a virus makes subtle changes in the data. What makes it so bad is that it does not leave any clues as to what has been changed. These viruses work gradually and progressively to make obvious changes. The most severe virus would be classified as an unlimited virus. This can cause many problems. This type of virus spends its time seeking out the password to the most powerful users on the system. Once it obtains this information, it passes it on in hopes that it will be used for the wrong purposes.
How are viruses spread?
The spread of computer viruses has increased rapidly over the years. This could be attributed to the increase of technology but there are also other reasons. One reason is because viruses have become easier to create. As a matter of fact, how to create a virus can be found on bulletin boards. Hackers can go here to find programs that give step-by-step directions on how to create a virus.
There are numerous ways in which viruses spread from one computer to another. There is a possibility of getting a virus anytime a program is run, which alters one or more programs. Contaminated disks mainly spread viruses. When an infected disk is inserted into the computer and the program is running, the virus separates itself from its host and makes copies of it. The copy then looks for new hosts. These contaminated disks can be pirated copies of software, which you obtained or they can belong to an outsider who uses the system. An example of these outsiders is hardware engineers. They can easily pick up and spread a virus. Another way viruses can be spread is by computer communication over telephone lines.
How do you know if a virus exists?
Many people assume that if there is something wrong with their computer, it is because they have a virus. How do you know when you have a virus? Well, it is important to be able to detect a virus as early as possible. Every moment counts when you are dealing with a virus. The more time it takes you to realize you have a virus, the more the virus will spread. This is especially important when dealing with a network. If you are unable to stop it right away, it will spread throughout the whole system. There are two things you should do in order to insure that a virus is stopped as soon as possible. First of all, you should make yourself aware of possible viruses that exist and then secondly, obtain the latest versions of several major virus scanners.
Viruses do have different characteristics, but there are some changes you can look for to see if a virus may exist. Some viruses display messages, music or pictures but these are not the main indicators. The main indicators are the changes in size and content of your programs. There are several questions that you should be asking yourself if you think you have a virus:
Are there changes in your file lengths as well as in memory?
Does it take longer than usual to load up and run your programs?
Does your disk drive light stay on longer than usual?
Are your executable files disappearing?
Are strange things appearing on display (like unusual messages)?
Is there anything out of the ordinary happening to your computer?
After you can answer these questions and you have detected and identified a virus, it must be stopped. In order to remove a virus you should be aware that you want to do the least bit possible to restore the system to its normal state. You should boot your system from a clean diskette, and using a disinfecting program, go through all your disks to remove the virus.
What are some ways to decrease and prevent viruses?
There are several ways you can prevent viruses. The most important way is to obtain several up-to-date, anti-viral software. Make sure that every time you receive a new disk or program you use this anti-viral software to check it.
When checking disks or programs you should always use a couple of different scanners. The reason for this is because no one scanner can detect all viruses.
You should always keep you disks write-protected. That is unless you need to write to them.
If you have important data that is of value, you should back these files up. You should do this each time they are modified.
Another important thing to remember is when booting up your computer, you should never boot it up from a diskette, unless that disk is write-protected. Every time you boot up your computer, you should always uses the same diskette.
Here are some of the web sites that I visited to do some of my research:
Dr. Solomon’s – Virus Statistics
Dr. Solomon’s – Don’t Panic
Dr. Solomon’s – on-line
Dr. Solomon’s – The Virus Tutorial
Here are some of the books that I used while doing my research:
“RxPC The Anti-Virus Handbook.” by Janet Endrijonas
“Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other Threats to Your System. What They Are, How They Work, and How to Defend Your PC, Mac, or Mainframe.” by John McAfee and Colin Haynes
“Computers Under Attack: Intruders, Worms and Viruses” by Peter J Denning.