Literature Survey Focused On Virus Protection Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Virus protection is very much important topic should be discussed further and further because the protection from viruses is that much important for system's well being. Even though as a common word virus is used, actually there are different kinds of viruses. By having a good knowledge of viruses and anti virus programs, for some extend users can prevent from having viruses attacks. Specially, how to maintain a virus guard program and the latest applications of viruses removing are the main points should be paid our attention very much for virus protection. Targatng on that objective, in my servey i tried with my best to give a good understanding of virus protection from the first letter of virus.



\indent \indent One of the main problems related to the computer field is computer virus therefore as computer users all should be very much aware of computer viruses, how they attack, how to identify a virus, how to eliminate and control virus and the importance of using an anti virus program. On the other hand day by day virus creators change the aspects and the purposes of their viruses so it's very important to be aware of the virus attacks and their properties. Actually a computer virus is a software program which is derived from piece of code. The main specification of computer virus is that it can't be active without the user knows. But at present some of the virus builders use various kinds of methods to cheat computer users and to distribute their viruses.

As the functionality of viruses they can be categorized into different types of categories and each type of virus is having thousands of viruses as well as that from virus to virus their effects differ. Some of them are deleting or corrupting files, stealing private data, cheating computer users and getting illegal advantages and damaging hardware components.

With the first creation of computer virus, thousands of computer expert persons motivated to create more and more viruses. As a result of that, the cost has to be born was too much. But because of following kinds of several reasons the invention of virus can not be said as a totally bad thing [2] [6] [4].


\item Trend to think of computer field differently, so lots of inventions are happening

\item Motivate to think of future faults would come out because of computer viruses

\item New technologies were invented

\item New operating systems with new features were invented


Though any computer virus is a small software program written in piece of code, the best way to understand the behavior of virus is considering of physical disease. Because most of the viruses are much similar to physical virus, Some viruses make harms only to specific kinds of systems, some ones generate further categories derived from their ancestors, some can not be reclaimed, some of them make harms on hardware components same as physical diseases.


\section{Types of viruses}

\indent \indent Consider the behaviors and the features of viruses all of them can be categories into many different kinds, some of them are as follows.

\subsection{Trojan horse}

\indent \indent Trojan horse is one of the famous kinds of computer viruses which become active as hidden with in infected computers. It is as hidden within some software which can be trusted. When the user runs that trustable software the hidden software also starts installing and the computer becomes infected. Among the famous kinds of effects would be done by Trojan horse threats are deleting files, destroying the computer system information and change folder properties. The biggest harm can be made by creating backdoors within infected computer. It is a secrete door which is open for remote uses to enter to the computer without its uses knowing and allows doing any kind of administrator level function [3] [7].


\indent \indent Worms are special kind of a virus spreading from one computer to the others through the network. It can generate thousands of its duplicates and spread over networks because of that, especially the network and system resources are wasted [3] [7].

\subsubsection{Boot virus}

\indent \indent This kind of viruses affect on the boot sector of hard drives and damage to the hard disk by changing it includes information [7].

\subsubsection{Polymorphic virus}

\indent \indent This kind of viruses from moment to moment changes their aspects to be avoided by detecting by anti virus programs. These kinds of viruses which get activated suddenly do their purpose and get hidden [7].

Besides above mention kinds of virus there are further several kinds of viruses attacking to system such as logic bombs, time bomb, trap doors, Spy ware, Root kit, zombie and etc while further more kinds of ones are inventing.


\section{How to be aware of virus affects}

\indent \indent To be safe from computer viruses, computer users must be much informed of their functionalities and affects then only can get necessary actions against viruses. From time to time different kinds of virus have been created so their behavior also gets different. Anyway considering about following kind of symptoms we can suspect any virus attack.


\item Your computer gets very much slower than normal


With the installation of some viruses it uses system resources, as a result of that the computer gets slow in working.


\item The computer restarts with out the user's order


After infecting some computer, for it to be active as the virus, wants to configure the virus and fulfill the purpose, so probably computer restarting would happen.


\item Your hard disk is full of uncreated files or data


So most of the viruses create their duplicates, being full your hard disk with uncreated files would be because of a virus attack.


\item Hard disk is inaccessible



\item May display unusual error messages


Because of the security features of operating systems some viruses can not be function without user's supports, in situations like that viruses try to make operating system to display some dialog boxes or messages and when user respond to that exploits it to infect the computer.


\item Files extension gets change



\item Anti virus program is disable


To be function, virus firstly should make attacks against the anti virus program. So disabling anti virus program may be because of some virus attack [8] [9].


\section{Virus Protection}

\indent \indent In practical, the more important thing is to get rid from having virus attacks than removing them. So to be out of computer virus, mainly there are two procedures can be followed as computer users.


\item Prevention from using, virus contracting ways

\item Using software program


Anyway as a summary the total system protection methods can be categorized into followings.

\subsection{Passive protection }

\indent \indent In this kind of protection mechanism the computer user is motivated passively to use some proper measures to be safe from viruses. Actually this protection is very much important for new computer users, because they are not that much aware of computer viruses and their behaviors.

\subsection{Active protection}

\indent \indent Active protection is involving directly to protect computer systems from viruses. Mainly most of the anti viruses developing companies try to develop technologies which can remove viruses and also after installing it without users' knowledge the anti virus delete viruses.

\newline \newline In the process of virus protection both passive and active protection is same as important [5].

\subsection{Protection types}

\subsubsection{Prevention from using, virus contracting ways}

\indent \indent As mentioned above virus is a piece of code which can spread from one computer to others. Early through floppy disk, CDs, DVDs, flash drives kind of data transferring medias only viruses spread and very slowly. But with distribution of internet and networks viruses spreading speed has been increased very much. As a result of that virus creators are all over the world could have been able to spread what ever his virus through the internet very quickly and with no geographical limitation.

But it is very hard to prevent from using those kinds of data transferring medias only to perform our works. So computer users have to be very careful using networks and internet. Specially should prevent from accessing to untrustable web sites, if got an e-mail from unknown person have to be very careful to open it because most of the virus authors use email as a way to spread their viruses all over the world as attachment or links.

\subsubsection{Using software program}

\indent \indent Most probably using and the most successful method to be protected from viruses, is using software which are generally called as anti virus software. Actually, anti virus programs' functionality is much fantastic. Obviously they check the each and every file to detect viruses. It is done in two ways.

\subsection{Virus detection types}

Virus detection can be categorized in following two types [10].

\subsubsection{Known viruses detection}

\indent \indent Within this process the anti virus program keeps some record or a database of known viruses and in scanning process for viruses it checks for some matching piece of code with data in the database. If any matching was found the anti virus program gets it as a virus. After detecting it most probably the file is deleted or quarantined. While deleting the suspicious file in deleting process in quarantining process the virus is kept in some safe place which can not be active and only as a record. The most important thing in this kind of process is to be the anti virus database is updated because then only the installed anti virus program can be rich of newly found viruses.

Anti virus program developers almost always very much keen on newly created viruses and just after finding any new threat automatically or from program users, detect and update their main database and then when any user connects to the internet he is sent the updated data and the anti virus system automatically installs it. Now the program can detect that newly created virus.

Though this kind of process is much fine in threat detection it can not be said as totally successful because if some latest kind of a threat was received by some user which virus programmers are yet have not found, this mechanism can not detect it as a virus. As a result of that programmers tried to find a new solution which detects any pieces of code, may be a virus.

\subsubsection{Suspicious viruses detection}

\indent \indent Pointing out about the faults, in known virus detection methodology this new kind of methodology which is called as suspicious viruses' detection was included to anti viruses. The specification of this kind of viruses is the ability to find newly created viruses though they are not detected by anti virus programmers. On the other hand they can predict of virus which may create in future. Specially to detect Trojan horse kind of hidden viruses this method is very much useful.

Though this is a good mechanism, it detects viruses based on suspicion and the anti viruses do not get it as a virus but allows the user to decide through an alert. Because users have got accustomed to ignore what ever warning, the real harvest of this process can not be reaped as expecting. So this is called as false positive error. If the users accept that kind of alert, the anti virus program can not take care about any effect from that threat.

\newline \newline \newline Apart from anti virus software using for total protection from viruses there are some different kinds of tools which are used to remove each virus separately as an example Trojan removal tool , W32.Serflog removal tool, W2k.Stream removal tool and etc are the small removal programs for each virus threat.

Though, most of the present anti viruses programs have above both kinds of methodologies to detect viruses no one can say that his system is fully protected. Because of that as computer users, have to be very much keen on of any unnecessary behavior of his computer system. If not the final output may be lose of the totally system or valuable data.

On the other hand no virus guard has yet been improved to detect encrypted viruses which get activated suddenly but generally exist as hidden viruses because encrypted code of viruses is unable to be matched with data in virus guard database.

Therefore as a computer user, should be aware of using further security measures to be safe from attacks. Among most of them firewalls, IDS (intruder detection systems) and use superior application softwares are very important and famous in blocking attacks.


Basically a firewall plays three major roles.


\item It detects the outgoing traffic to limit remote access by intruders


If any attacker tries to get access into the system remotely through threats the firewall prevent it working as a one way getaway.


\item Blocks suspect incoming data from network may have hacker attacks


If some virus attacker is trying to attack through the network by sending virus kind of data, like in worms the firewall blocks those data.


\item Hide private data from hacker to be safe of the system


Most of the attackers create viruses to get users' private data from the system and to use those data illegally. But firewall provides some measures to prevent private data review.

\subsection{types of firewalls}

\subsubsection{Packet filtering firewalls}

\indent \indent Data transferring through the network wildly is done as packet wise. So if can detect any threat in packet level it is the best way to be safe the system from attacks. Therefore in packet filtering firewall, it checks each packet to be whether trusted or not and if not trusted as its overview (not with content) the packet is rejected and do not allow to enter to the computer or system [1].

\subsubsection{Proxy firewalls}

\indent \indent Using proxy firewalls only through it the user can request for data and if user request for some data the proxy validates data to be legal or not and only the legal requests are allowed. So most of the viruses spread all over the system through network especially through internet this system is very important to prevent users' accessing to suspicious websites [1].

\subsubsection{Circuit level gateway}

\indent \indent Through this kind of firewalls no connection is allowed to be created without the user knowledge if user accepted only, the connection request from the other party is allowed. So no intruder can make some connection using trojan horse and worms kind of viruses [1].

\subsubsection{Stateful packet filtering firewall}

\indent \indent With the startup of new connection with some peer or a server through internet it keep some data such as client-server session and check whether any data packet is really receiving from that IP. If that kind of trusted ones are allowed for data transferring [1].

\section{Intruder detection systems}

\indent \indent Intruder detection systems are some special kind of system which detects intruders based on their function such as,


\item Unusual behavior of systems

\item Violating user policies in the system

\item Accessing to more advanced security areas of system


Then the security system detects those kinds of functions as intruder attacks and provides sufficient security measures [1].

\section{Use superior application softwares}

\indent \indent At present most of the virus creators attempt to infect computers avoiding users' anti virus activities. As an example in trojan horse attacks while installing the some legitimate kind of a program the virus program also installs having users acceptance illegally. On the other hand some virus creators most probably use web browsers to steal users' private data, by publishing them removed browsers' security measures. When some person installed that what ever secrete data user enters through the browser is automatically emails to the attacker.

Therefore it is very much important to use superior application softwares with in the computer system. Especially in third world countries most of the users use edited versions of softwares, removed their registration requirements which are called as cracks, the danger is that most of those edited copies can be virus containing programs.

\section{Cryptography and virus}

\indent \indent Cryptography is a much advanced kind of a technology is used to keep what ever secrete data away from unnecessary people's access. Especially in data transferring from person to another person must be completely secrete so this technology was expected to be applied by both virus authors and anti virus developers.

Though there are different kinds of cryptography methods, in practical related to virus mainly using method is symmetric single key cryptography. Whatever message which is called as plaintext or secrete message, to send is needed it is converted into another form which is called the cipher text. Using a secrete key and now that message can be understood by no person. Then it is sent to the required person and only the person knows the key can decrypt and regenerate the plaintext. Now only what was within cipher text as hidden can be understood by human. So this is much advanced kind of a security method as long as the key is secrete which can be used by both virus creators and removers to generate and delete viruses.

\newline \newline \indent Because any anti virus program can detect any virus as a virus only through analyzing it including piece of code. If any virus project to prevent the anti virus programs to be unable to access to that piece of code no virus can be detected as a virus. On the other hand if data included to the system is unable to be accessed by what ever virus, there is no effect from virus.

As discussed above there are some viruses which change their aspects moment to moment and system to system but the key is same but is encrypted with virus code. As this kind of situations as long as the virus file is as encrypted it can not be activated so obviously it decrypts the virus code using the key at that moment the protection program can detect and delete the virus so using cryptography system is successful for this kind of virus as long as they are as encrypted only.

Some cryptography viruses store their keys in a separate place instead of including into the same file with the virus but because of weak encryption and the algorithm most of anti virus programs are capable of detecting where the key file is stored. Therefore using this kind of technique also viruses can not be away from detection.

On the other hand some intruder such as trojan horse attackers as mention early, use back doors to enter to the system in administrator level to do some illegal connection with infected system but if some protection program detects the communication channel the objective of the intruder does not get succeeded. As a solution for that they try to apply cryptography to be the connection is inaccessible. Because then the required key for decryption should be only with the intruder this kinds of attacks are some what hard to be prevented by programs. But if users use a proper kind of firewall system as mentioned before, the system can be safe from that. Thinking about the use of cryptography to virus prevention process by keeping data as encrypted is not that much practical because when they are encrypted they are not accessible by users also therefore obviously those data has to be decrypted by user at that moment the virus also can access and make any alternation to the data. But to be the computer system is protected some operating system developers keep the system files as encrypted. So even though, there are some advantages and the facilities in using cryptography systems to be it practically applicable in virus preventative more advanced features of cryptography should be applied [1].


\section{Conclusions and Future Directions}

\indent \indent Even though there are some advantages because of virus as discussed before, the disadvantages are too large enough to be estimated. Therefore with the improvement of computer filed specially in international level, should get proper actions against viruses. If not as the development of viruses writing technology near future some severe kind of viruses even can be created. Because every virus writer starts his job in a very low level but with practical researches,x he can develop the knowledge and can be a threat even countries security.

Computer system developers also should have a big responsibility of their products not to be infected by virus attacks even though at present some of operating system developers have turn their attention on that, is not in some appreciable condition. So some proper technology based solution must be applied against virus attacks. If not forever would have to suffer with virus threats and in near future would face to some big problem because by now total systems in the space are mainly based on computers.



\begin{thebibliography}{widest entry}

\bibitem{1} Charles P.Pfleeger and Shari LawrenceR, "Security in Computing, Fourth Edition", Prentice Hall, October 13, 2006

\bibitem{2} Jimming Lin and Chang, " The Impact of Computer Virus on Society", December 04,1989

\bibitem{3} Stanley A. Kurzban, "Defending against Viruses and Worms"

\bibitem{4} Daniel GUINIER," Computer "'virus'" identification

by neural networks"


\bibitem{6} ANTIVIRUS RESEARCH - Scientific Papers \emph{}

\bibitem {7}


\bibitem {8}

\bibitem {9}

\bibitem {10} Nirblog