Computer Virus And Internet Security Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

A computer virus is a computer program that can copy itself. And infect a computer. The term virus is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer

As stated above, the term computer virus is sometimes used as a catch-all phrase to include all types of malware, adware, and spyware programs that do not have the reproductive ability. Malware includes computer viruses, worms, trojans, most rootkits, spyware, dishonest adware, crime ware, and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan is a program that appears harmless but hides malicious functions. Worms and Trojans, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.

Discuss the damage that a computer virus can cause to a computer system.

Computer Virus is a kind of malicious software written intentionally to enter a computer without the user's permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed harmless and left on a system. Most common types of viruses are mentioned below:

Resident Viruses

This type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

Direct Action Viruses

The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

Overwrite Viruses

Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Boot Virus

This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

Macro Virus

Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

Directory Virus

Directory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

Polymorphic Virus

Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors

This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

Companion Viruses

Companion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they accompany the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

FAT Virus

The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.

This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.


A worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

Trojans or Trojan Horses

Another unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

Logic Bombs

They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive

Discuss the security measures that are commonly implemented to safeguard against computer viruses.


The risk of virus infection can be minimised by a combination of common sense, vigilance, virus defence software and the use of virus alert services. The most effective solutions use a combination of these. The following sections describe some general steps to take to prevent a virus infection.

Common sense and vigilance

Keep your premises physically secure. This makes good sense in all circumstances, especially as some intruders have been known to introduce viruses deliberately by using infected floppy discs.

Do not open suspicious e-mails or attachments. Treat as suspicious any e-mails from:

- anonymous senders

- strangers addressing you in a familiar manner

- non-standard addresses.

One simple way to check is to telephone the alleged sender (if possible) to confirm their ID and credentials.

Be especially wary of any messages that match the types listed above and contain attachments with the .EXE, .SCR or .VBS file extension names.

Remember that viruses can also lurk in more familiar files, such as Microsoft Word and Excel attachments. These can contain macro viruses.

Beware of hoax virus alerts. Think twice before forwarding virus-warning messages, especially if they have come from an informal source. These hoax messages can spread just as fast and as far as viruses and cause as many problems.

Never forward any comedy or joke programmes to anyone via e-mail. If you must share a joke, send the Internet link and not the programme file itself.

If you are unsure, you can save suspicious attachments to your local directory then use virus defence software to examine them in more detail.

Virus defence software

Basic actions (again, based on common sense) should include the following:

Keep your Internet browser up-to-date by 'patching' it regularly. Most browser updates include new security elements to meet newly identified virus

threats. These updates can be obtained from Microsoft (for Internet Explorer) or Netscape.

Purchase virus defence software. You should identify your individual requirements depending on your technical infrastructure, geographic spread and dependency on technology. suppliers offer many kinds of anti-virus programmes, some of which are downloadable from their web sites. Use this software to scan e-mail attachments for viruses before you open them and also run an anti-virus programme that scans files as they are opened. This type of scanning should take place constantly, automatically checking every file, programme, or document each time it is opened or used.

Any technical solutions need to be managed. The following steps provide a simple framework.

Define a virus defence strategy, addressing:

- gateway virus checking

- server virus checks

- workstation virus checks

- update mechanism for patches and fixes

- isolation policy

- recovery procedures.

Alert services

Virus alert services are provided by a number of bodies, including:

European Institute for Computer Anti-Virus Research

Symantec Security Response

Sophos Virus Information

F-Secure Security Information Centre

Computer Security Resource Centre Virus Information

Virus Bulletin: Independent Anti-Virus Advice


Details on subscription to these services can be obtained directly from the service itself. If alerts are used, they should be combined with a practical procedure for updating the systems at risk, including your servers, desktops and laptops.

N.B. Inclusion of companies listed on these pages does not reflect any form of endorsement by BERR. Links are detailed because sites may provide virus alerting services that you may find useful. This is by no means a definitive list and you are advised to research any company and products carefully prior to purchasing goods or services

Describe a computer worm in the context of internet security

What is the worm in computer?

Computer worms are malicious software applications designed to spread via computer networks. Computer worms are one form of malware along with viruses andtrojans. A person typically installs worms by inadvertently opening an email attachment or message that contains executable scripts.

Once installed on a computer, worms spontaneously generate additional email messages contaning copies of the worm. They may also open TCP ports to create networks security holes for other applications, and they may attempt to flood the LAN with spurious Denial of Service (DoS) data transmissions.

What are computer worms?

A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer

Discuss the damage that a computer worm can cause.

A worm may infect a computer without any action on the users part, or it may trick a user into performing an action which would allow it to infect the computer; though a worm that requires a user to propagate borders on being a Trojan horse, which is another form of malware.

Worms may propagate over a computer network, portable storage, or any other means in which any data could enter a system by exploiting unpatched vulnerabilities in the computer's software.

Discuss the term computer hacking

Computer hacking is more difficult to define. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal. There is an aura of mystery that surrounds hacking,and a prestige that accompanies being part of a relatively elite group of individuals who possess technological savvy and are willing to take the risks required to become a true hacker

a hacker can be defined as:

A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.

A person capable of appreciating hack value.

A person who is good at programming quickly.

An expert at a particular program, or one who frequently does work using it or on it.

An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

[deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'. The correct term for this sense is cracker.

Discuss the ethical issues concerning computer hacking and the fact that computer hackers are looked down upon from an ethical point of view.

Ethics Of Hacking

Cracking is the correct concept for deconstructing/sabotaging in the cyberspace/Internet, e.g. by circumventing the security of a website and posting your own (critical) stuff on their site or spreading viruses in the Internet. Hacking, on the other hand, is about using and reconstructing the computer or other machines/systems in a new and (by the owners and inventors) unintended way. Hacking is about reclaiming the system, manipulating it and using it, not destroying it.   Both terms define people who can break into computer systems and rewrite programs, but hackers do not use their knowledge offensively or illegally.   Crackers use their skills for illegal use: distributing pirated materials, stealing money and identities, etc.

The ethical question about unlocking seems to have been answered - by governments, at least - as to say that it is the corporations' hands that need slapping, and not the consumers. If I had to define what a hacker was, I'd say it's someone who possesses a rare technical discipline to alter the function of another work, and the ethical discipline to do it without lying, cheating, or stealing. So the real ethical challenge to a hacker is identifying the difference between corporate greed and theft of services. Hackers are the great equalizer of a capitalist society, and when conducted ethically, hacking can be of great benefit to both the consumer and the manufacturer. They have the power to balance out corporate greed and further improve on otherwise great products.   If the ethical situations concerning computer hacking could be resolved, these hackers ideas could be potentially useful and could help to further advance our technological standing in society.

and usability of this approach and analyze how the ACM codes of conduct relate to hacking

Describe a firewall in the context of internet security

firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.

Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.

Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

Discuss the Application Layer Firewall and the Network Layer Firewall in your report.

An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. The application firewall is typically built to monitor one or more specific applications or services (such as a web or database service), unlike a stateful network firewall which can provide some access controls for nearly any kind of network traffic. There are two primary categories of application firewalls, network-based application firewalls and host-based application firewalls

network-based application layer firewall is a computer networking firewall operating at the application layer of a protocol stack and are also known as a proxy-based or reverse-proxy firewall. Application firewalls specific to a particular kind of network traffic may be titled with the service name, such as a web application firewall. They may be implemented through software running on a host or a stand-alone piece of network hardware. Often, it is a host using various forms of proxy servers to proxy traffic before passing it on to the client or server. Because it acts on the application layer, it may inspect the contents of the traffic, blocking specified content, such as certain websites, viruses, attempts to exploit known logical flaws in client software