Computer Virus
In 1983, Fred Cohen coined the term computer virus, postulating a virus was "a program that can 'infect' other programs by adjusting them to contain a possibly evolved copy of itself. The term virus is actually an acronym for Vital Information Resources Under Seize. Mr. Cohen distended his definition a annual later in his 1984 periodical, A Computer Virus, noting that a virus can spread throughout a computer system or network using the authorizations of every user using it to infect their programs. Every program that gets infected may also perform as a virus and thus the infection grows. Computer viruses, as we know them immediately, originated in 1986 with the production of Brain - the first virus for private computers. Two brothers wrote it (Basid and Farooq Alvi who ran a small software house in Lahore,
cheap hollister T-shirt, Pakistan) and started the race between viruses and anti-virus programs which still works on today.
Using the above explanation, it can be said that viruses infect program files. However, viruses can also infect certain types of data files, specifically those types of data files that support executable content, for instance, files created in Microsoft Office programs that rely on macros.
Compounding the definition hardship, viruses also exist that demonstrate a alike ability to infect data files that don't typically support executable content - case in point, Adobe PDF files, widely secondhand for document sharing, and .JPG picture files. However, in both cases, the respective virus has a dependency on an outside executable and thus nor virus can be thought more than a simple proof of concept. In other cases, the data files themselves may not be infectable, but can permit for the introduction of viral code. Specifically, vulnerabilities in certain products can allow data files to be manipulated in such a way that it will cause the host program to become unstable, after which malicious code can be introduced to the system. These examples are given simply to memorandum that viruses no longer relegate themselves to simply infecting program files, as was the circumstance when Mr. Cohen first defined the term. Thus, to simplify and modernize, it can be safely stated that a virus infects other files, whether program or data.
Computer viruses are called viruses because they share some of the traits of biological viruses. A computer virus passes from computer to computer like a biological virus passes from human to person.
There are similarities at a deeper level, as well. A biological virus is not a alive thing. A virus is a fragment of DNA inside a protective jacket. Unlike a cell, a virus has no way to do everything or to reproduce by itself -- it is not alive. Instead, a biological virus must inject its DNA into a cell. The viral DNA then uses the cell's existing mechanism to clone itself. In some cases, the cell fills with new viral particles until it explosions, releasing the virus. In other cases, the new virus motes bud off the cell one as long as, and the cell remains alive.
A computer virus shares some of these traits. A computer virus must piggyback on altitude of some other program or document in order to get executed. Once it is running, it is then capable to infect other programs or documents. Obviously, the semblance between computer and biological viruses stretches things a bit, but there are ample similarities that the label sticks.
A computer virus is a program that replicates. To do so, it needs to attach itself to other program files (for instance, .exe, .com, .dll) and execute anytime the host program executes. Beyond simple replication, a virus virtually all seeks to fulfill another purpose: to cause damage.
Called the damage routine, or payload, the disastrous part of a virus can range from overwriting fussy information kept on the hard disk's partition table to scrambling the mathematics in the spreadsheets to just taunting the user with sounds, pictures, or unpleasant effects.
Its worth bearing in mind, however, that even without a damage routine, if viruses are allowed to run unabated then it will persist to propagate--consuming system memory, disk space, slowing network traffic and generally degrading rendition. Besides, virus code is often buggy and can also be the source of secret system problems that take weeks to understand. So, whether a virus is harmful or not, its presence on the system can lead to instability and should not be tolerated.
Some viruses, in conjunction with "logic bombards," do not make their presence known for months. Instead of causing damage in a moment, these viruses do nothing but replicate--until the preordained trigger day or event when they unleash their damage routines on the host system or across a network.
Impact of Viruses on Computer Systems
Virus can be reprogrammed to do many varieties of impair including the retinue.
1.Copy themselves to other programs or districts of a disk.
2.Replicate as quickly and frequently as possible, filling up the infected systems disk and memory rendering the systems useless.
3.Display information on the screen.
4.Modify, corrupt or destroy selected files.
5.Erase the contents of entire disks.
6.Lie dormant for a specified time or until a given condition is met, and then become lively.
7.Open a back door to the infected system that allows something else to access and even control of the system through a network or internet connection.
8.Some viruses can crash the system by causing some programs (typically Windows) to behave oddly.
How viruses spread from one system to another?
The most probable virus entrance points are email, Internet and network connections, floppy disk drives, and modems or other reg code or parallel port connections. In today's increasingly interconnected workplace (Internet, intranet, shared drives, removable drives, and email), virus explosions now can spread faster and wider than ever before.
The following are some common ways for a virus to enter the users’ computer system:
•Email attachments
Malicious scripts in network pages or HTML email
•FTP traffic from the Internet (file downloads)
Shared network files & web vehicle in general
•Demonstration software
•Pirated software
Shrink-wrapped, product programs (rare)
•Computer labs
Electronic bulletin boards (BBS)
Diskette swapping (using other peoples diskettes for carrying data and programs behind and ahead)
High risk files
The most dangerous files types are:
.EXE, .COM, .XLS, .DOC, .MDB
Because they don't need any special transition to infect a computer -- all they've got to do is run and consequently the virus spreads. It has been estimated that 99% of all viruses are written for these file formats.
A catalogue of possible virus carriers includes:
EXE - (Executable file)
SYS - (Executable file)
COM - (Executable file)
DOC - (Microsoft Word)
XLS - (Microsoft Excel)
MDB - (Microsoft Access)
ZIP - (Compressed file, general in the America)
ARJ - (Compressed file, common in the USA)
DRV - (Device driver)
BIN - (Common boot sector image file)
SCR - (Microsoft shade saver)
Common Symptoms Of Virus Infection
?Computer does not boot.
?Computer hard drive space is diluted.
?Applications will not load.
?An application takes longer to load than natural time duration.
?Hard swoop movement increases especially when nothing is creature done on the computer.
?An anti virus software message appears.
?The number of hard drive wrong sectors steadily increases.
?Unusual graphics or messages seem on the screen
?Files are lacking (canceled)
?A message appears that hard drive cannot be detected or recognized.
?Strange sounds get cracking the computer.
?Some viruses take control of the keyboard and occasionally substitute a neighboring opener for the one actually pressed. Another virus "swallows" key receptions so that naught appears on the screen.
?Also amusing are system time effects. Clocks going backwards are especially frightening for laborers who cannot wait to go home. More seriously whereas, this type of virus can cause confusion for programs which depend on the system time or date.
?Some viruses can cost the user dearly by dialing out on his modem. We do not know of one which dials bonus telephone numbers but no doubt we shall see one soon. One especially malicious virus dials 911 (the emergency number in the USA) and takes up the invaluable time of the emergency services.
Categories of viruses
Depending on the source of information different types of viruses may be categorized in the following ways:
PDA VIRUSES
The increasing power of PDAs has spawned a new propagate of viruses. Maliciously ingenious programmers have leveraged the PDA's ability to communicate with other devices and run programs, to cause digital mayhem.
The blissfully secure world where users of these devices could synchronize and download with impunity came to an bring an end to ... August 2000 with the finding of the virus Palm Liberty. Since then, many more viruses have been discovered.
Though even now as harmful as their PC-based cousins, these viruses still pose a threat to unsuspecting users. Their effects vary from the harmless flashing of an unwanted message or an increase in power expense, to the deletion of all installed programs. But the threat is growing, and the destructiveness of these viruses is expected to parallel the evolution of the devices they attack.
MULTIPARTITE VIRUSES
A virus namely combines 2 or more assorted infection methods is shrieked a multipartite virus. This type of virus can infect either files and boot sector of a disk. Multi-partite viruses share some of the characteristics of boot sector viruses and file viruses: They can infect .com files, .exe files, and the boot sector of the computers hard steer. On a computer booted up with an infected diskette, the typical multi-partite virus ambition first make itself dweller in memory then infect the boot sector of the hard drive. From there, the virus may infect a PC's whole surroundings. Not numerous forms of this virus class really exist. However, they do account for a disproportionately great percent of all infections. Tequila and Anticad are the samples of multipartite viruses.
BOMBS
The two most universal types of bombs are time bombs and logic bombs. A time bomb hides on the victims disk and waits until a specific date before running. A logic bomb may be activated by a date, a change to a file, or a particular action taken by a user or a program. Bombs are remedied as viruses because they can cause damage or disruption to a system.
BOOT SECTOR VIRUSES
Until the mid-1990s, boot sector viruses were the most prevalent virus type, spreading primarily in the 16-bit DOS earth via floppy disk. Boot sector viruses infect the boot sector on a floppy disk and spread to a user's hard disk, and can also infect the main boot record (MBR) on a user's hard drive. Once the MBR or boot sector on the hard drive is infected, the virus attempts to infect the boot sector of every floppy disk that is inserted into the computer and accessed. Examples of boot sector viruses are Michelangelo, Satria and Keydrop.
Boot sector viruses work like this: Let us suppose that the user received a diskette with an infected boot sector. The user copied data from it but forgot to remove it from drive A:. When he started the computer next time the boot process will execute the infected boot sector program from the diskette. The virus will load first and infect the hard disk. Note that this can be prevented by changing the boot sequence in CMOS (Let C: drive boot before A:). By hiding on the first sector of a disk, the virus is loaded into memory before the system files are loaded. This allows it to gain complete control of DOS interrupts and in the process replaces the original contents of the MBR or DOS boot sector with their own contents and move the original boot sector data to another area on the disk. Because the virus has infected a system area of the hard disk it will be loaded into memory each time the computer is started. It will first take control of the lowest level disk system services before executing the original boot sector code which it has stored in another part of the hard disk. The computer seems to behave accurate as it should. Nobody will notice the accessory few fragments of a second additional to the boot sequence.
During normal operation the virus will happily reside in memory. Thanks to the fact that it has control of the disk services it can easily monitor requests for disk access - including diskettes. As presently as it gets a request for access to a diskette it will decide that there is a diskette in the floppy drive. It will then examine its boot sector to watch if it has already been infected. If it finds the diskette clean it will replace the boot sector with its own code. From this moment the diskette will be a "carrier" and become a middling for infections on other PC's.
The virus will also monitor special disk requests for access to the boot sector. The boot sector contains its own code, and a request to read it could be from an anti-virus program checking for virus presence. The virus will not allow the boot sector to be read and will redirect all requests to the area on the hard disk where it has backed up the elemental contents. In this way nothing uncommon is detected. Such methods are called stealth techniques and their main goal is to mask the presence of the virus. Not all boot viruses use stealth but those which do are common.
Boot viruses also infect the non-file (system) areas of hard and floppy disks. These areas offer an efficient way for a virus to spread from one computer to another. Boot viruses have accomplished a higher degree of success than program viruses in infecting their targets and spreading.
Boot virus can infect DOS, Windows 3.x, Windows 95/98, Windows NT, and even Novell Netware systems. This is because they exploit inherent traits of the computer (rather than the operating system) to spread and activate.
Cleaning up a boot sector virus can be performed by booting the machine from an uninfected floppy system disk prefer than from the hard drive, or by finding the original boot sector and replacing it in the correct location on the disk.
CLUSTER VIRUSES
This type of virus makes changes to a disks file system. If any program is run from the infected disk, the program causes the virus to run as well. This technique creates the fantasy that the virus has infected every program on the disk.
E-MAIL VIRUSES
These types of viruses can be transmitted via e-mail messages sent cross personal networks or the internet. Some e-mail viruses are transmitted as an infected attachment- a document file or program that is attached to the message. This type of virus is run when the sufferer opens the file that is attached to the information. Other types of email viruses stay within the body of the message itself. To cache a virus, the message have to be encoded in html format. Once fired many e-mail viruses attempt to scatter by sending messages to everyone in the victims residence writing; each of those contains a duplicate of the virus.
The latest thing in the world of computer viruses is the e-mail virus called Melissa virus which surfaced in March 1999. Melissa spread in Microsoft Word documents sent via e-mail, and it worked like this:
Someone created the virus as a Word document uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and accordingly itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document meditative it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, the Melissa virus was the fastest-spreading virus ever seen and it compelled a number of large companies to shut down their e-mail systems at that time.
The ILOVEYOU virus, which appeared on May 4, 2000, was even simpler. It contained a piece of code as an attachment. People who twice clicked on the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book and then started corrupting files on the victim's machine. This is as simple as a virus can get. It is actually more of a Trojan horse distributed by e-mail than it is a virus.
The Melissa virus took avail of the programming language built into Microsoft Word called VBA, or Visual Basic for Applications. It is a complete programming language and it can be programmed to do things like modify files and send e-mail messages. It also has a serviceable but dangerous auto-execute feature. A programmer can insert a program into a document that runs directly whenever the document is opened. This is how the Melissa virus was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus! It created a mammoth mess.
FILE INFECTING VIRUSES
File infectors operate in memory and ordinarily infect executable files with the emulating extensions: *.COM, *.EXE, *.DRV, *.DLL, *.BIN, *.OVL, *.SYS. They stimulate every period the infected document is executed by copying themselves into other executable files and can remain in memories long afterward the virus has activated.
Thousands of different file infecting viruses exist, but similar to boot sector viruses, the vast majority operates in a DOS 16-bit environment. Some, however, have successfully infected the Microsoft Windows, IBM OS/2, and Apple Computer Macintosh environments.
File viruses can be separated beyond into sub-categories by the way they manipulate their targets:
TSR FILE VIRUSES
A fewer common type of virus is the terminate-and-stay-resident file virus. As the name suggests these infect files usually these are .com and .exe files. there are however some apparatus driver viruses, some viruses that infect overlay files, and although over 99% of executable programs have the extension .com and .exe, some do not .For a TSR virus to spread some one has to run an infected program. The virus goes memory resident typically looking at each program run thereafter and infects it. Examples of TSR file viruses are Dark Avenger and Green Caterpillar.
OVERWRITING VIRUSES
These viruses infect by overwriting chapter of their target with their own code but, by doing so, they damage the file. The file will never serve another purpose other than spreading the virus further. Because of this they are usually detected rapidly and do not spread easily.
PARASITIC VIRUSES
These viruses attach themselves to executables without substantially changing the contents of the host program. They attach by joining their code to the opening, end, or even navel of the file and distract program flow so that the virus is executed first. When the virus has finished its job, control is passed on to the host. Execution of the host is a little delayed but this is usually not noticeable.
MACRO VIRUSES
Many older applications had simple macro systems that allowed the user to record a sequence of operations within the application and partner them with a specific keystroke. Later, the user could perform the same sequence of operations by but kicking the specified key.
Newer applications cater much more complex macro systems. User can write entire macro-programs that run among the word processor or spreadsheet environment and are accompanied directly onto word processing and spreadsheet files. Unfortunately, this competence also makes it likely to build macro viruses.
Macro viruses currently account for almost 80 percentage of all viruses, according to the International Computer Security Association (ICSA), and are the fastest growing viruses in computer history. Unlike other virus types, macro viruses arent specific to an operating system and spread with ease via email attachments, floppy disks, Web downloads, file transfers, and cooperative applications.
Macro viruses are, however, application-specific. A macro virus is designed to infect a specific type of document file, such as Microsoft word or excel files. They infect macro utilities that accompany such applications as Microsoft Word and Excel, which method a Word macro virus cannot infect an Excel document and vice versa. A macro virus is embedded in a document file and can peregrination between data files in the application and can eventually infect hundreds of files if undeterred and in the process do various levels of damage to data from corrupting documents to deleting data.
Macro viruses are written in "every man's programming language" -- Visual Basic -- and are relatively easy to create. They can infect at different points during a file's use, case in point, when it is opened, saved, closed, or deleted
A typical chronology for macro virus infection begins when an infected document or spreadsheet is loaded. The application also loads any attaching macros that are attached to the file. If one or more of the macros meet certain criteria, the application will also immediately perform these macros. Macro viruses depend above this auto-execution skill to acquire control of the applications macro system.
Once the macro virus has been loaded and executed, it waits for the user to edit a new document, and then hits into operation repeatedly. It attaches its virus macro programs onto the new document, and then allows the application to retention the document usually. In this form, the virus spreads to another file and does so in a entirely discrete mainstream. Users have no motif of the infection. If this new file is after opened on another computer, the virus will once again load, be launched by the application, and detect other unsuspecting files to infect.
Finally, as far as a macro virus is concerned, the application serves as the operating system. A single macro virus can spread to any of the platforms on which the application is installed and running. For example, a single macro virus that uses Microsoft Word could conceivably spread to Windows 3.x, Windows 95/98,
bose in ear headphone, Window NT, and the Macintosh.
Macro viruses for Word
In the summer of 1995, Microsoft Word 6 was the first product affected with macro virus. The first one (WM/Concept.A) was really only a proof of concept - one of the installed macros (called Payload) contained only this remark:
That's enough to prove my point
Most macro viruses for Word use a feature called 'automacros'. The basic conviction is that some macros with special names are automatically executed when Word starts, opens a file, or closes a file. The macro virus then inserts macros into NORMAL.DOT - a criterion template which is loaded every time Word starts.
In Word there are some ways to disable automacros but this isn't the final solution. Some macro viruses use other methods to take control over the Word environment.
Another method of self-protection may be to set NORMAL.DOT to read only. But this can also be bypassed and, in appending, it prevents the user from customizing the template.
Macro viruses for Excel
Excel has the same opportunities for virus authors as Word. It has automacros and a directory called XLSTART from which templates are automatically loaded.
But Excel does not have fair normal VBA macros like Word. In Excel there are so called 'formulas' - macros stored in spreadsheet compartments. The first macro virus using this technology was XF/Paix.
Macro viruses for other MS Office products:
Writing a macro virus for other Office products is not tough. There have been already some viruses for Access, and it is expected that there will be macro viruses for Power Point from now on.
But those macro viruses are not as risky as the macro viruses for Word or Excel. Not because of some limitation of these other Office products,
tennis wilson, but because data files from these productions are not so frequently shared.
There is one peril which can be seen in today's Power Point even without natural macro viruses written for this product. Programmers can include in their introduction any number of objects from Excel or Word. And these objects can be infected with macro viruses - if they edit the presentation and open the infected object with its parent application, then the virus can spread further.
But the current situation may change dramatically over the next few years. Microsoft has authorized VBA technology to many firms, so one can expect to see more macro viruses for other products, too.
POLYMORPHIC VIRUSES
This type of virus can change itself each time it is copied, production it difficult to seclude. Most simple viruses attach alike copies of themselves to the files they infect. An anti-virus program can detect the viruss code (or signature) because it is always the same and quickly ferret out the virus. To dodge such cozy detection, polymorphic viruses operate somewhat differently. Unlike the simple virus, when a polymorphic virus infects a program, it scrambles its virus code in the program body. This scrambling means that no two infections look the same, making detection more difficult. These viruses create a new decryption routine each time they infect, so every infected file will have a different sequence of virus code.
STEALTH VIRUSES
Stealth viruses actively seek to conceal themselves from attempts to detect or remove them. They also can conceal alterations they make to other files, hiding the damage from the user and the operating system.
Stealth viruses, or Interrupt Interceptors, as they are sometimes called, take control of key DOS-level instructions by intercepting the interrupt table, which is situated at the beginning of memory. This gives the virus the ability to do two momentous things: 1) gain control of the system by re-directing the interrupt calls, and 2) hide itself to prevent detection. They use techniques such as intercepting disk reads to provide an uninfected copy of the original item in place of the infected copy (read-stealthing viruses), altering disk directory or folder data for infected program files (size-stealthing), or both. For example, the Whale virus is a size-stealthing virus. It infects .EXE program files and alters the folder entries of infected files when other programs attempt to read them. The Whale virus adds 9216 bytes to an infected file. Because changes in file size are an indication that a virus might be present, the virus then subtracts the same number of bytes (9216) from the file size given in the directory/folder entry to cheat the user into believing that the files size has not changed.
An antivirus program which is not equipped with anti-stealth technology will be deceived.
COMPANION VIRUSES
A companion virus is the exception to the rule that a virus must attach itself to a file. The companion virus instead creates a new file and relies on a behavior of DOS to execute it instead of the program file that is normally executed. These viruses target EXE programs. They create another file of the same name but with a COM extension containing the virus code. These viruses take advantage of a attribute of MS-DOS which allows files to share the same first name in the same directory (e.g. ABC.EXE and ABC.COM) but executes COM files in favorite to EXE files.
For example, the accompany virus might create a file named CHKDSK.COM and place it in the same directory as CHKDSK.EXE. Whenever DOS must choose between executing two files of the same name where one has an .EXE extension and the other a .COM extension, it executes the .COM file. This is not an efficacious way of spreading but has one huge advantage - it does not edit files in any way and so can run integrity tests or resident protection. Another method which can be used by associate viruses is based on defined way. A virus simply puts an infected file into the way listed ahead the directory within the original program.
PROGRAM VIRUSES
Like normal programs, program viruses must be written for a characteristic operating system. The vast bulk of viruses are written for DOS but some have been written for Windows 3.x, Windows 95/98, and even UNIX. All versions of Windows are compatible with DOS and can host DOS viruses with varying degrees of success. Program viruses infect program files, which usually have extensions such as .COM, .EXE, .SYS, .DLL, .OVL, or .SCR. Program files are charming targets for virus writers because they are widely used and have relatively simple formats to which viruses can attach.
Malicious Programs and Scripts
Viruses that infect surrogate programs (such as those that download software from the Internet; for instance, JAVA and ActiveX).
WORM
A worm is a computer program that has the ability to copy itself from machine to machine. Worms normally migrate around and infect other machines through computer networks. An entire LAN or corporate e-mail system can become totally clogged with copies of a worm, rendering it needless. Worms are commonly spread over the internet via e-mail message attachments and through internet relay conversation channels.
For example, the Code Red worm replicated itself over 250,000 times in approximately 9 hours on July 19, 2001.
A worm usually exploits some sort of security aperture in a piece of software or the operating system. For example, the Slammer worm (which caused havoc in January 2003) exploited a cavity in Microsoft's SQL server.
Worms use up computer time and network bandwidth when they are replicating, and they often have some sort of evil ambitious. A worm called Code Red made huge headlines in 2001. Experts predicted that this worm could clog the Internet so mainly that things would completely grind to a suspend.
The Code Red worm slowed down Internet traffic when it began to replicate itself, but not nearly as badly as prophesied. Each copy of the worm scanned the Internet for Windows NT or Windows 2000 servers that do not have the Microsoft security patch installed. Each time it found an unsecured server,
mbt sale, the worm copied itself to that server. The current copy then scanned for other servers to infect. Depending on the number of unsecured servers, a worm could conceivably create hundreds of thousands of copies.
The Code Red worm was charted to do 3 things:
•Replicate itself for the first 20 days of each month
Replace Web pages on infected servers with a sheet that declares "Hacked by Chinese"
Launch a premeditated attack aboard the White House Web server in an offer to overwhelm it
The most common version of Code Red is a variation, typically referred to as a mutated tug, of the original Ida Code Red that replicated itself on July 19, 2001.
TROJAN HORSES
Trojans, variant form of malware, are generally coincided upon as doing something other than the user expected, with that someone defined as malicious. Most often, Trojans are related with remote access programs that execute unlawful actions such as password-stealing or which allow compromised machines to be used for targeted denial of service attacks. One of the more elementary forms of a gainsay of service (DoS) attack involves overrunning a target system with so much data, traffic, or bids that it can no longer perform its gist functions. When multiple machines are gathered together to launch such an attack, it is known as a dispensed negation of service attack, or DDoS.
Because Trojan horses do not make duplicates of themselves on the victims disk (or copy themselves to other disks), they are not technically viruses. But because they can do harm, many experts consider them to be a type of virus. Trojan horses are often used as by hackers to create a back door to an infected system. Trojans, such as BackOrrifice are very dangerous. If anyone runs this program and his computer is connected to the internet, then the hacker can take control of that computer - convey files to or from the computer, occupy screen contents, run any program or slay any running process, etc.
Once a Trojan is installed onto the system this program has the same privileges as the user of the computer and can exploit the system to do something the user did not intend such as:
?Delete files
?Transmit to the intruder any files that the user can read
?Change any files that the user can modify
?Install other programs with the user’s privileges
?Execute privilege-elevation attacksthe Trojan can attempt to exploit a weakness to raise the level of access further the user running the Trojan. If successful, the Trojan can operate with increased privileges.
?Install viruses
?Install other Trojans
The Following Tips Will Help The User To Minimize Virus Risk:
?If the users are truly anxious about traditional (as disapproved to e-mail) viruses, they should be running a more secure operating system like UNIX. One should never listen about viruses on these operating systems because the security features reserve viruses (and unwanted people observers) away from the hard disk.
?If the users are using one unsecured operating system, then purchasing virus protection software namely a fine defend. Some renowned anti virus procedures include:
•McAfee Virus Scan
•Norton Anti Virus
•Virex
•PC—cillin
•Avast!
•AVG Anti Virus System
?Automatic protection of anti-virus software should be rotated on at all times.
?The users should perform a manual scan (or timetable a scan to happen automatically) of their hard disks newspaper. These scans supplement auto protection and validation that the computer is virus-free.
?Scan all floppy disks before first use.
?Disable floppy disk booting -- most computers now allow the user to do this, and that will eradicate the risk of a boot sector virus coming in from a floppy disk accidentally left in the drive.
?The users should Enable Automatic Update alternative of their anti-virus software in order to update their virus definition files.
?Creation and conservation of a salvage disk ought be done along the user in order to assist recovery from decisive shoe viruses.
?Periodic backups of the hard disk should be done.
?Users should buy valid copies of all software they use and make write-protected backups.
? Email messages and email additions from nameless folk should not be opened. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc., are data files and they can do no mar (noting the macro virus problem in Word and Excel documents said above). A file with an enhancement like EXE, COM or VBS is an executable, and an executable can do anybody arrange of damage it absences. Further it should be verified that the "inventor" of the email has sent the attachments. Newer viruses can send email messages that appear to be from a person user know.
?The latent users should determine that Macro Virus Protection is enabled in all Microsoft applications, and they should never run macros in a document unless they know specifically the functionality of the macros.
?Appropriate Passwords should be assigned to the shared network drives.
Things that are not viruses!
Joke programs
Joke programs are not viruses and do not inflict any damage. Their intention is to scare their victims into musing that a virus has infected and damaged their system. For example, a joke program may exhibit a message warning the user not to touch any keys or another the computers hard disk will be formatted.
Droppers
A dropper is a program that is not a virus, nor is it infected with a virus but when run it installs a virus into memory on to the disk, or onto a file. Droppers have been written sometimes as a handy carrier for a virus and sometimes as an act of sabotage.
Hoaxes
There must be quite few people on email who haven't received a chain letter with the subject line warning of a virus doing the circulars. These are often hoaxes and meant to frighten people and have fun at their outlay. The warnings encourage the recipient of the e-mail to pass the alarm to the netizens and thus create an unnecessary furor, except clogging mailboxes, as it usurps an air of credibility.
Methodology of virus detection applied by antivirus softwares:
Three chief methods exist for detecting viruses: honesty retarding (also known for checksumming), behavior monitoring and pattern matching (scanning).
Integrity checking
Antivirus programs that use integrity checking start by establishing an initial record of the status (size, time, appointment, etc.) of every application file on the hard drive. Using this data, checksumming programs then monitor the files to see if changes have been made. If the status changes, the integrity checker warns the user of a possible virus.
However,
monster beats lady gaga, this method has several disadvantages, the biggest being that false alarms are altogether too common. The records used by checksumming programs are often rendered obsolete by legitimate programs, which, in their normal way of operations, make changes to files that appear to the Integrity checker to be viral activity. Another weakness of integrity checking is that it can only attentive the user after a virus has infected the system.
Behavior monitoring
Behavior Monitoring programs are usually cancel and stay resident (TSR) and often monitor requests that are passed to the interrupt table. These programs are on the lookout for activities that a virus might agree in--requests to write to a boot sector, opening an executable program for manuscript, or placing itself resident in memory. The behavior these programs monitor is derived from a user-configurable set of rules.
Pattern matching
Using a process called "pattern matching," the anti-virus software draws upon an vast database of virus patterns to identify known virus signatures, or telltale snippets of virus code. Key areas of each scanned file are compared against the list of thousands of virus signatures that the anti-virus software has on record.
Whenever a match occurs, the anti-virus software takes the action the user has configured: Clean, Delete, Quarantine, Pass (Deny Access for Real-time Scan), or Rename.
Self Defense Mechanisms Evolved By Viruses
Virus authors of course wish that their child successfully lives. For this cause there are many viruses outfitted with some self-defense mechanisms against anti virus systems.
Passive Defense :
Viruses use a kind of methods to hide themselves from antivirus programs. Passive ward uses programming methods which make inquiry of the virus more difficult, e.g. polymorphic viruses which were amplified to counter scanners seeing for constant strings of virus code.
Today antivirus systems are capable of analyzing polymorphic code and questing for virus identifiers in the decrypted body. The virus authors reacted by making the encryption too complex for antivirus software to explain, thus mistaking it for a clean program.
Active Self-defense :
Viruses actively protect themselves by defending their own code or by attempting to damage antivirus software. A simple method is to locate antivirus software databases and amend or delete them.
More sophisticated resident viruses use stealth techniques. When they detect a request to use an infected file, they can temporarily "clean" it or report its original (uninfected) parameters. They can monitor which programs are being executed and react if it is antivirus software. The list of such responses is endless. Usually, the execution of the antivirus program is refused, but it could be erased (often accompanied by a bogus mistake message) or the virus suspends its activities while it runs. There are occasionally extremely 'clever' viruses which modify the code of a specific AV program to partially disable it.
There are very rare viruses which consider an attempt to run an anti-virus program as haughty and immediately reply with some revenge action - case in point hard disk formatting.
Trap
A cage is the most malicious manner of self-defense and works as with. Although the users microprocessor is infected yet everything appears to work correctly. Once the user discovers the virus and removes it things obtain intricate - programs not longer escape properly alternatively the hard disk may chance inaccessible even while booting from a wash system diskette.
The best known trap virus is One_Half. It continuously encrypts the data on a hard disk (two alleys on every boot). If it is removed from the partition sector before data files are decoded then some files will become inaccessible. At this stage the position is solemn but recovery of the data is still possible. However, if the user runs a disk utility (Scandisk etc.) to repair the damage then the data will almost surely be lost forever.
These utilities are designed to repair relatively inferior damage to file system and do not acknowledge the encrypted data.
REFERENCE:
1. Mary Landesman “What is a virus?”
http://antivirus.about.com/cs/tutorials/a/whatisavirus.htm
2. NetGuide “What are computer viruses? “–
http://www.netguide.co.nz/knowhow/tutorials/print.php?iid=38
3. Marshall Brain “How Computer Viruses Work”
http://www.Howstuffworks How Computer Viruses Work.htm
4. AVG Anti Virus Free Edition Help
Developed by Grisoft Inc
5. Norton Anti-virus Help
Developed by Symantec Corporation
6. Trend Micro PC-cillin Help
Developed by Trend Micro Inc
7. Peter Norton “Computer Viruses”
Introduction to Computers, Tata McGraw Hill Co:
8. Dr.Solomon ”About Viruses” &”Virus Prevention”
Dr.Solomon’s Virus Encyclopedia, Dr.Solomon’s Software Ltd.
9. C.A.Schmidt ”Virus”
The Complete Computer Upgrade And Repair Text Book,Dreamtech
10. S.Jaiswal “Virus Detection And Elimination”
Information Technology Today, Galgotia Publication Pvt. Ltd.
http://cixi43.com/read.php?tid=3784
http://www.dxs110.com/home/space.php...=blog&id=36974
http://blogs-rccaraction.com/profile...view&id=749105
One of the best places to visit in Croatia is the Plitvice National Park. This natural sight is considered to be one of the most beautiful in Europe. There are 16 interlinked lakes with a large forest complex around it. This is also a World Heritage Sight. See the distinctive colors of the lakes that constantly change based on the quantity of minerals or organisms in the water as well as the angle of the sunlight.The city of Dubrovnik is also an beautiful attraction in Croatia. It will be a great
MBT experience for you to climb the magnificent city walls while having a view at the Mediterranean.These are just a few of Europe's attractions and there are many more places that you should visit. Each country has a lot of things to offer, from historical places to magnificent architectures, you will surely have a great experience.
Computer Virus_10649
Linear Mode
