This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Traditional computer viruses emerged in the mid-1980s. They were simple script, passed between unsuspecting personal computer users and did little or no damage. But in the late 1980s they became first widely seen and this came about because of several factors.
The first factor was the spread of personal computers (PCs). Prior to the 1980s, home computers were nearly non-existent. Real computers were rare, and were locked away for use by "experts." During the '80s, real computers started to spread to businesses and homes because of the popularity of the IBM PC (released in 1982) and the Apple Macintosh (released in 1984). By the late 1980s, PCs were in businesses, homes and college campuses. Driven by the spread of PCs there were still less than 150 viruses in the world until when software- sharing emerged. Which leads us to the next factor?
The use of Computer Bulletin boards. People could dial up a bulletin board with a modem and download programs of all types. Games were extremely popular, and so were simple word processors, spreadsheets and other productivity software. Bulletin boards led to the precursor of the virus known as the Trojan horse designed to infect popularly traded software. A Trojan horse masquerades as a program with a cool-sounding name and description, enticing you to download it. When you run the program, however, it does something uncool, like erasing your hard drive. You think you're getting a neat game, but instead, you get a wiped-out system. Trojan horses only hit a small number of people because they're quickly discovered, and word of the danger spreads among users. Where viruses are mostly being used, worms and Trojans which tend to be more malicious, cause damage to systems. For the purpose of this project, we're going to assume all three to be the same, as they should be treated with the same amount of respect.
The third factor that led to the creation of viruses was the floppy disk. In the 1980s, programs were small, and you could fit the entire operating system, a few programs and some documents onto a floppy disk or two. Many computers did not have hard disks, so when you turned on your machine it would load the operating system and everything else from the floppy disk. Virus authors took advantage of this to create the first self-replicating programs.
Early viruses were pieces of code embedded in a larger, legitimate program, such as a game or word processor. When the user downloads and runs the legitimate program, the virus loads itself into memory -- and looks around to see if it can find any other programs on the disk. If it can find one, it modifies the program to add the virus's code into that program. Then the virus launches the "real program." The user really has no way to know that the virus ever ran. Unfortunately, the virus has now reproduced itself, so two programs are infected. The next time the user launches either of those programs, they infect other programs, and the cycle continues.
If one of the infected programs is given to another person on a floppy disk, or if it is uploaded so that other people can download it, then other programs get infected. This is how the virus spreads -- similar to the infection phase of a biological virus.
But viruses wouldn't be so violently despised if all they did was replicate themselves.
Most viruses also have a destructive attack phase, where they do real damage. Some sort of trigger will activate the attack phase, and the virus will then do something -- anything from displaying a silly message on the screen to erasing all of your data. The trigger might be a specific date, a number of times the virus has been replicated or something similar.
A virus may also send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.
In the mid-1990s, Macro viruses became common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel and spread throughout Microsoft Office by infecting documents and spreadsheets. Since Word and Excel were also available for Macintosh Operating systems, most could also spread to Macintosh computers. Some old versions of Microsoft Word allow macros to replicate themselves with additional blank lines.
In 2002, Viruses that spread using cross-site scripting, were first reported and were academically demonstrated in 2005. There have been multiple instances of the cross-site scripting viruses in the wild, exploiting websites such as MySpace and Yahoo.
Today it is estimated that there may be more than 45,000 viruses. But one thing to remember is that for every virus files you hear about, there are 10,000 you haven't. With the rapid growth of the internet, viruses have become more common place than ever before.
The first academic work on the theory of computer viruses (although the term "computer virus" was not used at that time) was done in 1949 by John von Neumann who held lectures at the University of Illinois about the "Theory and Organization of Complicated Automata". The work of von Neumann was later published as the "Theory of self-reproducing automata". In his essay von Neumann described how a computer program could be designed to reproduce itself.
In 1972 Veith Risak, directly building on von Neumann's work on self-replication published his article "Selbstreproduzierende Automaten mit minimaler Informationsübertragung" (Self-reproducing automata with minimal information exchange). The article describes a fully functional virus written in assembler language for a SIEMENS 4004/35 computer system.
In 1980 Jürgen Kraus wrote his diplom thesis "Selbstreproduktion bei Programmen" (Self-reproduction of programs) at the University of Dortmun. In his work Kraus postulated that computer programs can behave in a way similar to biological viruses.
In 1984 Fred Cohen from the University of Southern California wrote his paper "Computer Viruses - Theory and Experiments". It was the first paper to explicitly call a self-reproducing program a "virus", a term introduced by Cohen's mentor Leonard Adleman
To demonstrate the feasibility of viral attack and the degree to which it is a threat, several experiments were performed. In each case, experiments were performed with the knowledge and consent of systems administrators. In the process of performing experiments, implementation flaws were carefully avoided. It was critical that these experiments were not based on implementation lapses, but only on fundamental flaws in security policies. We will consider the one put forward by Len Adleman (using Unix OS) and Bell-Lapadulla Based system
On November 3, 1983, the first virus was conceived of as an experiment to be presented at a weekly seminar on computer security. The concept was first introduced in this seminar by Len Adleman. After 8 hours of expert work on a heavily loaded VAX 11/750 system running UNIX, the first virus was completed and ready for demonstration. Within a week, permission was obtained to perform experiments, and 5 experiments were performed. On November 10, the virus was demonstrated to the security seminar.
The initial infection was implanted in 'vd', a program that displays UNIX file structures graphically, and introduced to users via the system bulletin board. Since 'vd' was a new program on the system, no performance characteristics or other details of its operation were known. The virus was implanted at the beginning of the program so that it was performed before any other processing.
In order to keep the attack under control several precautions were taken. All infections were performed manually by the attacker, and no damage was done, only reporting. Traces were included to assure that the virus would not spread without detection, access controls were used for the infection process, and the code required for the attack was kept in segments, each encrypted and protected to prevent illicit use.
In each of five attacks, all system rights were granted to the attacker in under an hour. The shortest time was under 5 minutes, and the average under 30 minutes. Even those who knew the attack was taking place were infected. In each case, files were 'disinfected' after experimentation to assure that no user's privacy would be violated. It was expected that the attack would be successful, but the very short takeover times were quite surprising. In addition, the virus was fast enough (under 1/2 second) that the delay to infected programs went unnoticed.
Once the results of the experiments were announced, administrators decided that no further computer security experiments would be permitted on their system. This ban included the planned addition of traces which could track potential viruses and password augmentation experiments which could potentially have improved security to a great extent.
After successful experiments had been performed on a UNIX system, it was quite apparent that the same techniques would work on many other systems. In particular, experiments were planned for a Tops-20 system, a VMS system, a VM/370 system, and a network containing several of these systems. In the process of negotiating with administrators, feasibility was demonstrated by developing and testing prototypes. Prototype attacks for the Tops-20 system were developed by an experienced Tops-20 user in 6 hours, a novice VM/370 user with the help of an experienced programmer in 30 hours, and a novice VMS user without assistance in 20 hours. These programs demonstrated the ability to find files to be infected, infect them, and cross user boundaries.
After several months of negotiation and administrative changes, it was decided that the experiments would not be permitted. The security officer at the facility was in constant opposition to security experiments, and would not even read any proposals. This is particularly interesting in light of the fact that it was offered to allow systems programmers and security officers to observe and oversee all aspects of all experiments. In addition, systems administrators were unwilling to allow sanitized versions of log tapes to be used to perform offline analysis of the potential threat of viruses, and were unwilling to have additional traces added to their systems by their programmers to help detect viral attacks. Although there is no apparent threat posed by these activities, and they require little time, money, and effort, administrators were unwilling to allow investigations. It appears that their reaction was the same as the fear reaction of the UNIX administrators.
A Bell-LaPadula Based System
In March of 1984, negotiations began over the performance of experiments on a Bell-LaPadula based system implemented on a Univac 1108. In July, a two week period was arranged for experimentation. The purpose of this experiment was merely to demonstrate the feasibility of a virus on a Bell-LaPadula based system by implementing a prototype.
Because of the extremely limited time allowed for development many issues were ignored in the implementation. In particular, performance and generality of the attack were completely ignored. As a result, each infection took about 20 seconds, even though they could easily have been done in under a second. Traces of the virus were left on the system although they could have been eliminated to a large degree with little effort. Rather than infecting many files at once, only one file at a time was infected. This allowed the progress of a virus to be demonstrated very clearly without involving a large number of users or programs. As a security precaution, the system was used in a dedicated mode with only a system disk, one terminal, one printer, and accounts dedicated to the experiment.
After 18 hours of connect time, the 1108 virus performed its first infection. The host provided a fairly complete set of user manuals, use of the system, and the assistance of a competent past user of the system. After 26 hours of use, the virus was demonstrated to a group of about 10 people including administrators, programmers, and security officers. The virus demonstrated the ability to cross user boundaries and move from a given security level to a higher security level. Again it should be emphasized that no system bugs were involved in this activity, but rather that the Bell-LaPadula model allows this sort of activity to legitimately take place.
All in all, the attack was not difficult to perform. The code for the virus consisted of 5 lines of assembly code, about 200 lines of Fortran code, and about 50 lines of command files. It is estimated that a competent systems programmer could write a much better virus for this system in under 2 weeks. In addition, once the nature of a viral attack is understood, developing a specific attack is not difficult. Each of the programmers present was convinced that they could have built a better virus in the same amount of time.
1.3 STATEMENT OF PROBLEM
A look into several institutions, ministries, department and companies both in the private and public sector will show that the use of computers in carrying our daily activities cannot be over-emphasized.
Computer are extremely used in various fields; it is the Automated Teller Machine, the supermarket price scanner, the magic "wand" used in department stores to read clothing price tags , a voice on the phone that tells you to please hang up and dial again, just to mention a few.
Computer can be defined as a device made up of electronic and electromechanical components. On its own, the computer has no intelligence and it's referred to as "hardware". It can only come to life when it is connected to other parts of a system. A computer system is a combination of five elements- Hardware, Software, People, Procedures and Data/Information.
As with every good things of life, Computer has its setbacks. This work has been able to identify one major setback which is the problem of Virus Infection.
Viruses disturb the progress of a computer by obstructing its installed programmes. The types and effects of viruses will be discussed in the chapter two of this work.
Ever since the invention of the first computer in the 1940s, viruses had been in existence. But the awareness of their infection was not widely noticed early as in the case today because, the direct interactions with the early computers were the excessive presence of computer operators and computer system engineers.
In Nigeria today, corporate organizations and business centre that frequently make use of computers often encounter computer viruses. The invention of software products which offer protection and curative measures from virus attack, have been of great help. But be it as it may, as well as the case of biological viruses, no matter how many of these computer viruses that get eradicated, new ones seem constantly to appear. A simple mutation in the programming of an old virus can create new ones that may find its way into an electronic niche.
Then what exactly is this Computer Virus?
Put in a plain language, it is simply a computer program that can replicate itself and spread from one computer to another so as to cause damage.
1.4 PURPOSE OF STUDY
The purpose of this project is to expose the ills of Computer Viruses, specifying their classification together with the phases of their infections. It is also aimed at showing possible ways of preventing computer systems from encountering virus problems as well as curative measures for infected systems and their maintenance. A stretched explanation on the growing awareness of Computer viruses to the public and the social implication to virus functioning effects will be highlighted in this work.
In biological sense, viruses are engineered to infect and kill people. This section will review contributions, suggestions and ideas put forward by famous writers and professional as relevant in the light of Computer Viruses.
Nance (1989) defined a Computer Virus as actually a small undetected program that overtime infects other program and eventually disables the entire system.
According to Prenum (1992) " A computer virus is a piece of software which attaches itself to another program on a system in other to spread itself to other programs and to have some undesirable effects on the programs it becomes attached to.
Azuka( 1996) stated that "Computer Viruses are programs designed to replicate and spread, sometimes without indicating that they exist.
In view of The ITrain Collective Computer handbook (1998), Viruses are realâ€¦..but please don't panicâ€¦.computers get infected and most survive.
In general looking at some of the ideas put forward by these professionals, one can deduce that Computer Viruses are infectious and they spread from one system to another so as to cause great damage.
In our subsequent chapter we will be seeing the effects these viruses have on our systems and curative measures one should take.
1.6 SIGNIFICANCE OF THE STUDY
This work is important because, it will enable us to see the extent that Computer virus can cause and show possible ways one can use to avoid this damage to our computer systems.
In order for users of a system to be able to share information, there must be a path through which information can flow from one user to another. In order to use a Turing machine model for computation, we must consider that if information can be read by a user with Turing capability, then it can be copied, and the copy can then be treated as data on a Turing machine tape.
Given a general purpose system in which users are capable of using information in their possession as they wish and passing such information as they see fit to others, it should be clear that the ability to share information is direct. That is, if there is a path from user A to user B, and there is a path from user B to user C, then there is a path from user A to user C with the intelligent or unintelligent cooperation of user B.
Finally, there is no fundamental distinction between information that can be used as data, and information that can be used as program. This can be clearly seen in the case of an interpreter that takes information edited as data, and interprets it as a program. In effect, information only has meaning in that it is subject to interpretation.
In a system where information can be interpreted as a program by its recipient, that interpretation can result in infection as discussed above. If there is sharing, infection can spread through the interpretation of shared -information. If there is no restriction on the direction of information flow, then the information can reach the direct closure of information flow starting at any source. Sharing, direction of information flow, and generality of interpretation thus allow a virus to spread to the transitive closure of information flow starting at any given source.
Clearly, if there is no sharing, there can be no dissemination of information across information boundaries, and thus no external information can be interpreted, and a virus cannot spread outside a single partition. This is called 'isolationism'. Just as clearly, a system in which no program can be altered and information cannot be used to make decisions cannot be infected since infection requires the modification of interpreted information.
We should note that virtually any system with real usefulness in a scientific or development environment will require generality of interpretation, and that isolationism is unacceptable if we wish to benefit from the work of others. Nevertheless, these are solutions to the problem of viruses which may be applicable in limited situations.
The scope of this study falls within the following: classifications, sources of computer viruses, control of computer viruses and the maintenance of computer systems.
1.9 DEFINITIONS OF TERMS
Computer viruses and the like are relatively new phenomena. The terms used to describe them do not have definitions that are universally agreed upon. These terms may be used differently elsewhere:
BULLETIN BOARDS- (pinboard, pin board or notice board in British English) is a surface intended for the posting of public messages, for example, to advertise things to buy or sell, announce events, or provide information. Bulletin boards are often made of a material such as cork to facilitate addition and removal of messages or it can be placed on the computer so people can leave and erase messages for other people to read and see.
OPERATING SYSTEM (OS)- is a set of programs that manage computer hardware resources and provide common services for application software.
FLOPPY DISK- is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles.
USB FLASH DRIVE- is a data storage device that consists of flash memory with an integrated Universal Serial Bus (USB) interface.
ANTIVIRUS- or anti-virus software is used to prevent, detect, and remove malware, including but not limited to computer viruses, computer worm, Trojan horses, spyware and adware.
SCANNING- sorting for program files
PIRACY-illegal copyright to be the only producer or seller of a book, play, film or record for a specific length of time
RAM- Memory is "random access" meaning any storage location can be accessed directly for reading and writing purposes, which makes it faster than accessing information from the hard drive.
ROM- Memory is "read-only" meaning any storage location can be accessed directly for reading purposes.
COPYRIGHT- legal right to be the only producer or seller of a book, plays, film, or record for a specific length of time.
VSAFE- a memory-resident program, which constantly monitors computers for activity that may indicate a virus infection.
MODEM- (modulator-demodulator) is a device that modulates an analog carrier signal to encode digital information, and also demodulates such a carrier signal to decode the transmitted information.
CROSS-SITE SCRIPTING- is a type of computer security vulnerability typically found in Web application that enables attackers to inject client-side script into Web pages viewed by other users.
BIOLOGICAL VIRUS- any of the numerous kind of very simple organism smaller than bacteria capable of reproducing itself, causing disease, poison and has agents of carrier.
INTERNET SECURITY: the protection of data and systems that are connected to the internet
MEMORY CARD- or Flash Card is an electronic flash memory data storage device used for storing digital information.
COMPUTER NETWORK- often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information.
MACRO VIRUS -is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor.