This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
There has been significant attention in computer viruses through the last numerous years. One feature of this interest has been to examine if computer viruses be there as a form of artificial existence, in addition what that might indicate. To report this, we need to first recognize somewhat of the history and configuration of computer viruses. Therefore, we will start with a summarized, high-level explanation of computer viruses - their past, configuration, and how they narrate to some possessions.
Computers are intended to execute commands one by one. Those commands usually do somewhat useful - compute values, conserve databases, then communicate with users and through other methods. Occasionally, though, the instructions completed can be destructive and malicious in nature. If the foundation of the commands was an individual who planned that the abnormal actions occur, then we study this malicious coding; authorities have occasionally referred to this code as malware and vandal ware. These names relate to the common effect of such software.
There are many different forms of this software that are categorized by the way they perform, how they are activated, and how they spread. In recent years, occurrences of malware have been described almost uniformly by the media as computer viruses. In some environments, people have been quick to report almost every problem as the result of a virus. Viruses are extensive, but they are not accountable for many of the difficulties attributed to them.
The term computer virus is resultant from and is in some common sense analogous to a biological virus. The word virus itself is Latin for poisonous. Biological viral contagions are spread by the virus injecting its substances into a far larger organism's cell. The cell is infected and converted into a biological factory producing replicates of the virus.
Likewise, a computer virus is a subdivision of machine code (typically 200-4000 bytes) that will duplicate itself (or an altered version of itself) into one or more bigger "host" programs when it is activated. When these infected programs are run, the viral code is executed and the virus spreads further. Sometimes, what constitutes "programs" is more than simply applications: boot code, device drivers, and command interpreters also can be infected.
TheÂ spread ofÂ computer virusesÂ infectÂ not onlyÂ data,Â data filesÂ that areÂ notÂ only implemented.Â However, someÂ data,Â such asÂ filesÂ withÂ spreadsheetÂ inputÂ orÂ text filesÂ for editing;Â itÂ canÂ beÂ understoodÂ asÂ theÂ application programs.Â ForÂ example,Â text filesÂ may containÂ special characters;Â editing commandsÂ are executedÂ whenÂ theÂ fileÂ isÂ read by theÂ editor.Â InÂ suchÂ circumstances,Â theÂ data filesÂ areÂ "executed,"Â andÂ theÂ spreadÂ of the virus.Â Files mayÂ dataÂ also containÂ "hidden"Â codeÂ thatÂ is executedÂ whenÂ the fileÂ is used byÂ theÂ application,Â andÂ canÂ also beÂ infected.Â However,Â in aÂ technical sense,Â but the dataÂ itÂ cannot beÂ infectedÂ byÂ computer virus.
TheÂ firstÂ virusÂ to useÂ theÂ term forÂ theÂ desiredÂ computer codeÂ was theÂ science-fiction authorÂ DavidÂ Gerrold.Â HeÂ wroteÂ aÂ seriesÂ ofÂ short storiesÂ isÂ aÂ fictionalÂ GodÂ Machine (supercomputer)Â inÂ 1970 thatÂ laterÂ merged intoÂ the novelÂ inÂ 1972:Â WhenÂ IÂ Harlin.Â The descriptionÂ of the virusÂ inÂ thisÂ bookÂ is notÂ currentlyÂ accepted,Â theÂ popular definitionÂ of computer virusÂ - aÂ programÂ thatÂ modifiesÂ otherÂ programsÂ inÂ ClaudeÂ a copy.
TheÂ actualÂ computer virusesÂ canÂ be writtenÂ by individualsÂ beforeÂ Cohen,Â althoughÂ this name isÂ notÂ alreadyÂ inÂ 1980,Â the AppleÂ II.Â Â TheÂ firstÂ virusÂ is notÂ distributedÂ outsideÂ of a fewÂ smallÂ populations,Â with the notable exceptionÂ of theÂ "ElkÂ Cloner"Â virusÂ appeared inÂ 1981,Â severalÂ bulletin board systems.
AlthoughÂ CohenÂ (andÂ others,Â includingÂ LenÂ AdlemanÂ )Â attemptedÂ formal definitions ofÂ computer virus,Â noneÂ ofÂ themÂ gainedÂ wideÂ acceptanceÂ or use.Â This is theÂ resultÂ of the difficultyÂ in definingÂ precisely theÂ characteristicsÂ ofÂ whatÂ aÂ virusÂ andÂ didÂ not. Cohen'sÂ formal definitionÂ includesÂ allÂ programsÂ capable ofÂ self-reproduction.Â Thus,Â the definitionÂ of programs,Â such asÂ translatorsÂ andpublishersÂ canÂ beÂ classifiedÂ asÂ "virus".ThisÂ led toÂ confusion,Â whenÂ CohenÂ (andÂ others)Â haveÂ saidÂ "goodÂ virus"Â -Â thaÂ tsomethingÂ mostÂ otherÂ playersÂ inÂ theÂ fieldÂ believeÂ it isÂ an oxymoron.Â [4,Â 29]
Stubbs and Hoffman quote a definition by John Inglis that captures the generally accepted view of computer viruses:
"He defines a virus as a piece of code with two characteristics:
1.Â AbleÂ toÂ reproduce atÂ leastÂ partiallyÂ automated.
2.Â TheÂ transferÂ method,Â which depends onÂ itsÂ abilityÂ toÂ bindÂ toÂ otherÂ computerÂ entities (programs,Â disk sectors,Â data files,Â etc.) thatÂ moveÂ betweenÂ theseÂ systems.Â "[32,Â p.145]
afterÂ hisÂ firstÂ appearanceÂ as aÂ novelty,Â realÂ computer virusesÂ have becomeÂ a significant problem.Â InÂ particular,Â theyÂ haveÂ thrivedÂ in the environment ofÂ lower security, the personal computer.Â Personal computersÂ wereÂ originallyÂ designedÂ forÂ a singleÂ dedicated userÂ -Â few, ifÂ any,Â reflectionÂ on theÂ difficultiesÂ that mayÂ ariseÂ with others toÂ provideÂ direct accessÂ to theÂ machine.Â The systemÂ doesÂ not contain optionalÂ securityÂ keyÂ installationsÂ as well,Â andÂ hadÂ aÂ minimalÂ amountÂ ofÂ software to ensureÂ data security.Â Today,Â however, personal computersÂ areÂ alsoÂ usedÂ forÂ tasksÂ far different from thatÂ originally planned,Â includingÂ theÂ managementÂ ofÂ corporatedatabasesÂ andÂ computer systemsÂ participating networks.Â Unfortunately,Â theÂ hardwareandÂ operatingÂ systemÂ isÂ stillÂ basedÂ onÂ theÂ assumption ofÂ accessÂ toÂ trusted usersÂ only, whichÂ allowsÂ virusesÂ to spreadÂ andÂ grow inÂ theseÂ machines.Â TheÂ population ofÂ PC users,Â theÂ problemÂ worsens,Â many peopleÂ likeÂ simple,Â andÂ isÂ notÂ aware of the problemsÂ ofÂ lax securityÂ andÂ uncontrolled divisionÂ of the media.
OverÂ time,Â the problem of virusesÂ hasÂ increasedÂ on aÂ largeÂ scale.Â TheÂ first sevenÂ years ofÂ theÂ Brain virusÂ infectionÂ in JanuaryÂ 1986,Â it isÂ generallyÂ acceptedÂ thatÂ theÂ first primary MS-DOSÂ viruses, theÂ number ofÂ known virusesÂ grewÂ byÂ thousandsÂ ofÂ different viruses,Â most of whichÂ are MS-â€‹DOS.
The problemÂ isÂ notÂ limitedÂ toÂ theÂ IBMÂ PC,Â however,Â andÂ nowÂ affectsÂ allÂ popularÂ PCs.VirusesÂ canÂ beÂ writtenÂ inÂ aÂ mainframe operating systemÂ thatÂ supportsÂ sharingÂ ofÂ data andÂ run theÂ software,Â butÂ so farÂ allÂ theÂ published experimentalÂ inÂ nature,Â serious academic researchersÂ wrote inÂ aÂ controlled environmentÂ (egÂ ).Â It'sÂ probablyÂ aÂ record, partlyÂ dueÂ toÂ greater restrictionsÂ builtÂ intoÂ theÂ softwareÂ and hardware,Â andÂ the method generallyÂ used.Â ItÂ alsoÂ reflectsÂ aÂ more technical natureÂ of theÂ populationÂ ofÂ usersÂ of theseÂ machines.
2.1 Related Software:-
WormsÂ isÂ another formÂ ofÂ software,Â which isÂ often referred toÂ asÂ a computer virus. Unlike viruses,Â programs that canÂ worms areÂ runÂ machine acrossÂ independently and travel machine forÂ network connections,Â theÂ poemsÂ themselvesÂ canÂ beÂ runningÂ on different machines.Â WormsÂ doÂ not changeÂ other programs,Â although theyÂ mayÂ carryÂ other code thatÂ does not like aÂ realÂ virus.Â ThisÂ replicationÂ of the behaviorÂ thatÂ ledÂ someÂ toÂ believe that a kindÂ ofÂ viruses, worms,Â particularlyÂ thoseÂ usingÂ the formal definitionÂ of Cohen (whoÂ is alsoÂ rankedÂ as oneÂ of theÂ standard networkÂ programsÂ to transferÂ files such as viruses).Â TheÂ factÂ thatÂ wormsÂ doÂ not alterÂ existing programs, a clear distinction betweenÂ virusesÂ andÂ worms, though.
InÂ 1982, JohnÂ andÂ JonÂ shockÂ HüppeÂ Xerox PARCÂ (PaloÂ AltoÂ ResearchÂ Center) describedÂ theÂ firstÂ computerÂ worm.Â Â They workÂ withÂ an experimental device,Â the networked environmentÂ usingÂ one of theÂ firstÂ local networks.Â WhileÂ looking for somethingÂ that usesÂ aÂ network environment,Â one ofÂ themÂ rememberedÂ readingÂ TheShockwaveÂ RiderÂ JohnÂ Brunner,Â heÂ wroteÂ in 1975.Â ThisÂ science fictionÂ novel, the programsÂ describedÂ in theÂ networks ofÂ transport,Â carryingÂ informationÂ with them.Â TheseprogramsÂ areÂ calledÂ tapewormsÂ in theÂ novel.Â HüppeÂ shockÂ andÂ their ownÂ programscalledÂ worms,Â because heÂ sawÂ a parallelÂ inÂ theÂ tapewormÂ Brunner.Â ToÂ XeroxÂ areÂ reallyusefulÂ -Â theyÂ travelÂ workstationÂ workstation,Â reclaiming theÂ file,Â closingÂ toÂ idle workstations,Â mailÂ carrier,Â and thereforeÂ otherÂ usefulÂ tasks.
TheÂ Internet wormÂ of NovemberÂ 1988 isÂ oftenÂ cited asÂ aÂ canonical exampleÂ of aÂ worm program.Â [26,Â 27,Â 22]Â machinesÂ wormÂ cloggedÂ networksÂ andÂ distributedÂ control, replicatedÂ thousands ofÂ machinesÂ aroundÂ the Internet.Â SomeÂ authorsÂ (e.g.Â )Â said Internet wormÂ as aÂ virus,Â but theseÂ argumentsÂ are not convincingÂ (seeÂ theÂ discussion ).Â MostÂ people workÂ forÂ self-replicatingÂ codeÂ now acceptsÂ aÂ wormÂ is a typeÂ of softwareÂ isÂ differentÂ fromÂ computerÂ viruses.
FewÂ wormsÂ wereÂ the timeÂ sinceÂ then, especiallyÂ inÂ the versesÂ thatÂ haveÂ caused injury,Â it isÂ notÂ easy to write.Â WormsÂ needÂ aÂ network environment,Â andÂ theÂ author,Â whoÂ knows not onlyÂ theÂ network servicesÂ and facilities,Â butÂ theÂ operational resourcesÂ neededÂ to support themÂ onceÂ theyÂ haveÂ achievedÂ theirÂ objectives.
3 Virus Structure and Operation:-
TrueÂ virusesÂ areÂ twoÂ main components:Â oneÂ dealing withÂ theÂ spreadÂ of the virus,Â and the "cargo"Â orÂ "manipulation "ofÂ work.Â TheÂ task ofÂ loadingÂ may notÂ beÂ presentÂ (no effect),Â orÂ waitÂ for aÂ set ofÂ predetermined conditions, beforeÂ the root.Â To makeÂ a computer virusÂ at work, youÂ mustÂ addÂ somethingÂ otherÂ executableÂ code.Â TheÂ virus codeÂ isÂ usuallyÂ beforeÂ theÂ implementationÂ of the codeÂ ofÂ theÂ infected hostÂ (ifÂ theÂ host codeÂ isÂ neverÂ doneÂ again).Â One formÂ ofÂ classificationÂ ofÂ virusesÂ basedÂ onÂ threeÂ modes of transmissionÂ canÂ alsoÂ addÂ your ownÂ codeÂ toÂ the host:Â theÂ shellÂ asÂ an add-on,Â and the codeÂ intrusive.
The fourthÂ form,Â known asÂ companionÂ viruses,Â it is not reallyÂ a virusÂ atÂ all,Â but aÂ sort of TrojanÂ horseÂ thatÂ uses the mechanism ofÂ execution pathÂ instead ofÂ aÂ normalÂ program. UnlikeÂ all otherÂ formsÂ ofÂ the virusÂ doesÂ not alterÂ theÂ existing codeÂ in anyÂ way:Â new executable files in aÂ companion virusÂ that nameÂ toÂ an existing program,Â and selected toÂ beÂ implementedÂ beforeÂ the realÂ program.Â BecauseÂ virusesÂ areÂ notÂ trueÂ companionvirus,Â ifÂ oneÂ usesÂ aÂ broad definitionÂ of aÂ virus,Â itÂ cannotÂ beÂ describedÂ here.
TheÂ shell isÂ one of theÂ virusesÂ to formÂ aÂ "shell"Â (as inÂ "egg "insteadÂ ofÂ "Unix shell") around theÂ original code.Â Indeed,Â theÂ virusÂ isÂ a program,Â andÂ programÂ hostÂ of originÂ will beÂ withinÂ theÂ subroutineÂ code.Â ExtremeÂ exampleÂ isÂ a caseÂ inÂ whichÂ theÂ virusÂ movesÂ the original codeÂ to a newÂ location,Â andÂ soÂ theÂ identity.Â WhenÂ the virusÂ isÂ doneÂ executing, theÂ hostÂ readsÂ theÂ programÂ code,Â andÂ startsÂ itsÂ implementation.
MostÂ viruses are add-onÂ viruses.Â TheseÂ featuresÂ areÂ accompaniedÂ by theÂ codeÂ codeÂ the host andÂ /Â or relocateÂ theÂ receiving codeÂ and insertÂ itsÂ ownÂ codeÂ atÂ the beginning.Â The add-onÂ virus, it changesÂ theÂ startup informationÂ inÂ theÂ virus codeÂ is executedÂ beforeÂ the code forÂ theÂ mainÂ program.Â TheÂ hostÂ codeÂ isÂ leftÂ almost entirelyÂ intact;Â theÂ onlyÂ visible signÂ thatÂ the virusÂ is presentÂ isÂ toÂ growÂ the file, ifÂ thisÂ isÂ indeedÂ observed.
IntrusiveÂ virusesÂ workÂ by replacingÂ someÂ or all ofÂ theÂ original hostÂ code.Â TheexchangeÂ mayÂ beÂ selective,Â ratherÂ thanÂ aÂ subroutineÂ of the virus,Â orÂ aÂ newÂ routine and theÂ interrupt vector.Â TheÂ replacement isÂ extensive,Â asÂ when aÂ large partÂ of theÂ host programÂ isÂ entirely replacedÂ by theÂ code.Â InÂ theÂ latterÂ case,Â theÂ original programÂ does not workÂ correctly.Â FewÂ virusesÂ areÂ invadingÂ viruses.
The secondÂ form isÂ dividedÂ intoÂ virusÂ classificationÂ andÂ mode,Â file infectorsÂ or (boot) programÂ infectors.Â ThisÂ is notÂ particularlyÂ clear, however,Â thatÂ the numberÂ of viruses haveÂ changedÂ theÂ codeÂ systemÂ thatÂ will not startÂ code,Â notÂ programs.Â SomeÂ viruses targetÂ files systemÂ directories, forÂ example.Â OtherÂ viruses, applications, andÂ theÂ boot sector.Â ThisÂ secondÂ form ofÂ classificationÂ is veryÂ specificÂ andÂ meaningful onlyÂ for machinesÂ thatÂ areÂ infectedÂ (recordable)Â startup code.
A thirdÂ formÂ of classification isÂ related to theÂ virusesÂ are activatedÂ andÂ selectÂ theÂ new objectivesÂ have changed.Â TheÂ simplest virusesÂ areÂ thoseÂ thatÂ areÂ executedÂ whenÂ the "host" programÂ running, selectÂ theÂ program changeÂ the destination,Â thenÂ transfer controlÂ toÂ the host.Â TheseÂ virusesÂ areÂ virusesÂ orÂ direct transition,Â theÂ so-calledÂ because theyÂ work onlyÂ for aÂ shortÂ period,Â andÂ directlyÂ to diskÂ toÂ findÂ programsÂ toÂ infect.
Most of theÂ "success"Â ofÂ PC virusesÂ take advantageÂ ofÂ differentÂ techniquesÂ hasÂ been to remainÂ residentÂ in memory,Â if theÂ codeÂ isÂ executed, andÂ theÂ host programÂ is terminated.Â ThisÂ meansÂ thatÂ ifÂ anÂ infected programÂ isÂ executed, theÂ virusÂ canÂ spreadÂ to allÂ orÂ partÂ ofÂ programsÂ inÂ the system.Â ThisÂ proliferationÂ occursÂ throughout theÂ session (untilÂ the systemÂ isÂ rebootedÂ toÂ eliminateÂ theÂ virusÂ fromÂ memory), rather than duringÂ a timeÂ when theÂ infected programÂ isÂ toÂ executeÂ code.Â TheseÂ virusesÂ areÂ residentÂ virusesorÂ indirect,Â inÂ this so-calledÂ because theyÂ remainÂ residentÂ in memory, and,Â indirectly,Â to findÂ filesÂ toÂ infect,Â sinceÂ theyÂ relied onÂ byÂ the user.Â TheseÂ virusesÂ areÂ alsoÂ known as TSRÂ (StopÂ andÂ StayÂ Resident)Â virus.
IfÂ the virusÂ is presentÂ in theÂ memoryÂ afterÂ you quitÂ an application, how toÂ stayÂ active?Â In otherÂ words,Â howÂ the virus continues toÂ infectÂ otherÂ programs?Â The answerÂ to the personal computers runningÂ softwareÂ suchÂ asÂ MS-DOS,Â theÂ virusÂ willÂ changeÂ thestandardÂ usedÂ byÂ theÂ DOS interruptsÂ andÂ BIOS (BasicÂ InputÂ /Â OutputÂ System).Â The changeÂ is thatÂ theÂ environmentÂ is suchÂ thatÂ theÂ virus codeÂ isÂ invokedÂ by other applicationsÂ duringÂ service requests.
TheÂ PCÂ mayÂ interruptsÂ (hardwareÂ andÂ software),Â managementÂ ofÂ asynchronous eventsÂ and functionsÂ of theÂ line system.Â All servicesÂ providedÂ byÂ the BIOSÂ andÂ DOS machine parametersÂ citedÂ byÂ storingÂ user records, you willÂ causeÂ software interrupt. If there isÂ anÂ interruption,Â theÂ operating system callsÂ theÂ routineÂ whoseÂ addressÂ is knownÂ toÂ findÂ aÂ specific tableÂ orÂ theÂ interrupt vectorÂ table.Â Normally, thisÂ tableÂ contains management indicatorsÂ routinesÂ in theÂ ROMÂ orÂ memory-residentÂ DOS.Â The virusÂ can modifyÂ theÂ tableÂ toÂ breakÂ theÂ codeÂ ofÂ the virusÂ causesÂ (memory resident)Â toÂ implement.
TheÂ trapÂ theÂ keyboardÂ interrupts, aÂ virusÂ canÂ arrangeÂ to interceptÂ theÂ CTRL-ALT-DELrebootÂ app,Â changeÂ theÂ userÂ keystrokes,Â orÂ beÂ relied onÂ forÂ eachÂ key press.Â TheÂ trap interruptÂ theÂ BIOS, theÂ BIOSÂ virusÂ canÂ interceptÂ all activities,Â includingÂ readingÂ aÂ boot sector,Â orÂ disguisingÂ the diskÂ toÂ infectÂ user's requestÂ as partÂ of the disc. By trapping the DOS service
Interrupt, a virus can intercept all DOS service requests including program execution,Â DOSÂ disk accessÂ andÂ memoryÂ allocation requests.Â AÂ typical virusÂ canÂ trapÂ the interrupt serviceÂ DOS, whichÂ isÂ theÂ codeÂ toÂ executeÂ before callingÂ theÂ realÂ DOS driver to process the request.
OnceÂ infected,Â theÂ virusÂ programÂ orÂ startÂ looking toÂ expandÂ to otherÂ programs,Â and finally, the otherÂ systems.Â SimpleÂ virusÂ thatÂ doÂ this,Â but mostÂ of theÂ virus isÂ notÂ aÂ simple virus.Â CommonÂ VirusÂ waitsÂ aÂ specificÂ trigger condition,Â andÂ then performs aÂ certain activity.Â The activityÂ canÂ beÂ asÂ simple asÂ printing aÂ message toÂ theÂ user, orÂ as complex asÂ searching forÂ particular dataÂ elementsÂ inÂ aÂ specificÂ file,Â andÂ changing values.Â Often, destructive virusesÂ removeÂ anyÂ filesÂ orÂ reformatÂ theÂ entire disk.Â ManyÂ virusesÂ are defectiveÂ andÂ will notÂ damage it.
TheÂ conditionsÂ triggeringÂ virusÂ arbitrarilyÂ complex.Â IfÂ you canÂ writeÂ a programÂ that definesÂ a set of conditionsÂ under the sameÂ conditions canÂ beÂ used toÂ triggerÂ a virus. ThisÂ includesÂ waiting forÂ aÂ specific dateÂ or time,Â toÂ determineÂ the presenceÂ orÂ absence ofÂ certainÂ filesÂ (orÂ content),Â examines theÂ user'sÂ keystrokesÂ to aÂ sequenceÂ of entry,Â the memoryÂ ofÂ displayÂ of aÂ particular sample, controlÂ orÂ modifiesÂ file attributesÂ andinformationÂ onÂ eligibility.Â VirusesÂ canÂ alsoÂ beÂ initiatedÂ onÂ theÂ basisÂ ofÂ aÂ random event. AÂ common elementÂ toÂ triggerÂ a counterÂ isÂ usedÂ to determine the numberÂ of additional programs, theÂ virusÂ wasÂ infectiousÂ - theÂ virusÂ has not becomeÂ as long as itÂ spreadÂ toÂ a certain minimum numberÂ of times.Â Of course, anyÂ combinationÂ ofÂ trigger conditions.
ComputerÂ virusesÂ canÂ infectÂ anyÂ writable storage,Â includingÂ hard drives,Â floppy disks, magnetic tapes,Â opticalÂ media,Â orÂ memory.Â Spread ofÂ infection,Â whenÂ the computer bootsÂ fromÂ an infected floppy disk,Â orÂ ifÂ anÂ infected programÂ is executed.Â This can occurÂ eitherÂ as aÂ direct resultÂ of theÂ userÂ referring toÂ anÂ infected program,Â orÂ indirectly throughÂ aÂ system thatÂ runsÂ theÂ codeÂ underÂ the bootÂ ofÂ the system,Â or administrative dutiesÂ inÂ theÂ backÂ plan.Â ItÂ isÂ importantÂ to recognizeÂ that theÂ chainÂ of infectionÂ is often complicatedÂ andÂ convoluted.Â TheÂ presence ofÂ networks,Â computer virusesÂ canÂ spread virusesÂ containingÂ machine executableÂ codeÂ sharedÂ between machines.
OnceÂ activated,Â theÂ virusÂ can replicateÂ inÂ one programÂ atÂ once, youÂ canÂ infectÂ aÂ few random programs,Â orÂ possiblyÂ infectÂ everyÂ programÂ on yourÂ system.Â Sometimes, the virusÂ multipliesÂ the basis ofÂ aÂ random event,Â orÂ present valueÂ of theÂ clock.Â Different methods areÂ notÂ presentedÂ inÂ detailÂ because theÂ resultÂ isÂ theÂ same:Â there areÂ more casesÂ of the virusÂ inÂ theÂ system.
4- Evolution of Viruses;-
SinceÂ theÂ firstÂ virusesÂ were written,Â weÂ sawÂ whatÂ couldÂ beÂ classifiedÂ asÂ theÂ five "generations "ofÂ viruses.Â EachÂ newÂ classÂ ofÂ the new featuresÂ incorporatedÂ into viruses,Â whichÂ are muchÂ harderÂ toÂ detectÂ andÂ removeÂ viruses.Â Here,Â as inÂ otherÂ matters relating to the classificationÂ and namingÂ ofÂ viruses,Â researchersÂ inÂ differentÂ termsÂ anddefinitions.Â TheÂ following listÂ describesÂ a classÂ fromÂ many sources.Â ForÂ example, severalÂ early virusesÂ (e.g., theÂ "brain"Â andÂ "Pentagon"Â virus) were stealth characteristics and shielded.Â Rather, thisÂ listÂ is representedÂ byÂ theÂ increasingÂ sophisticationÂ and complexityÂ of computer viruses inÂ theÂ MS-DOS.
4.1 First generation: Simple
TheÂ first generationÂ of virusÂ in theÂ simple virus.Â TheseÂ virusesÂ haveÂ not done anything,Â it isÂ veryÂ important to reiterateÂ exception.Â MuchÂ of this newÂ virusÂ was discoveredÂ stillÂ fall intoÂ this category.Â DamageÂ isÂ usuallyÂ causedÂ by virusesÂ such asÂ simple errorsÂ or software incompatibility, whichÂ canÂ beÂ expected,Â theÂ virus writer.Â TheÂ firstÂ generationÂ of virusesÂ doÂ nothingÂ to hide,Â thatÂ hisÂ presenceÂ inÂ the system,Â itÂ canÂ usuallyÂ beÂ foundÂ with aÂ simpleÂ notingÂ an increaseÂ inÂ file size,Â orÂ aÂ distinctive patternÂ in the presenceÂ ofÂ an infected file.
4.2 Second generation: Self-recognition
TheÂ onlyÂ problemÂ isÂ thatÂ repeated infectionsÂ ofÂ viruses,Â theÂ host,Â whoÂ hasÂ spentÂ the early recognitionÂ andÂ memory.Â InÂ the caseÂ ofÂ boot sectorÂ viruses,Â this isÂ (accordingÂ to the strategy),Â aÂ longÂ chainÂ ofÂ cause-relatedÂ sectors.Â In theÂ case ofÂ infectious-virus program,Â repeated infectionsÂ canÂ lead toÂ aÂ continued expansionÂ ofÂ the programÂ host eachÂ timeÂ youÂ re-infected.Â There areÂ indeedÂ some ofÂ theÂ olderÂ virusesÂ thatÂ showÂ this behavior.Â ToÂ avoidÂ thisÂ unnecessary increaseÂ inÂ infected files, theÂ virusÂ of the second generation ofÂ implantsÂ inÂ generalÂ aÂ unique signature, whichÂ indicatesÂ thatÂ theÂ file systemÂ or infected.Â Verifies theÂ signatureÂ ofÂ the virusÂ before infection,Â and aÂ place whereÂ theÂ infectionÂ isÂ madeÂ â€‹â€‹if the signatureÂ isÂ present, theÂ virusÂ doesÂ notÂ re-infectÂ the host.
TheÂ virus signatureÂ isÂ characterizedÂ byÂ aÂ knownÂ offsetÂ bytesÂ on diskÂ orÂ inÂ memory,Â a featureÂ ofÂ the directory entryÂ (e.g.,Â theÂ conversionÂ timeÂ orÂ the lengthÂ of theÂ file),Â orÂ a particular system call,Â thatÂ the virusÂ active inÂ memory.Â SignatureÂ virusÂ presents a mixed blessing.Â TheÂ virus isÂ no longer performsÂ unnecessaryÂ infections, whichÂ are indicative ofÂ theÂ presence,Â but theÂ signatureÂ is notÂ aÂ methodÂ ofÂ detection.Â Scavenge virusÂ programsÂ to scanÂ filesÂ onÂ theÂ disk toÂ aÂ knownÂ virus signatures,Â orÂ "hardening "theÂ systemÂ statingÂ thatÂ theÂ virus signatureÂ schemes, which tryÂ toÂ preventÂ infectionÂ by theÂ virus.
4.3 Third Generation: Stealth
MostÂ of theÂ virus inÂ theÂ contaminatedÂ systemÂ canÂ beÂ identifiedÂ by analysisÂ of secondary storageÂ andÂ researchÂ of a sampleÂ ofÂ dataÂ specific toÂ each virus.Â ToÂ countertheseÂ scans,Â someÂ virusesÂ employÂ residentÂ stealth techniques.Â TheseÂ virusesÂ subverttheÂ selectedÂ systemÂ downtimeÂ whenÂ activated.Â RequestsÂ for these operationsÂ are captured inÂ theÂ virusÂ code.Â If theÂ transactionÂ would exposeÂ the virus,Â theÂ operation is redirectedÂ to bogusÂ information.
ForÂ example,Â aÂ common virusÂ techniqueÂ toÂ interceptÂ I / O requestsÂ thatÂ readsÂ theÂ disk sectors.Â TheÂ virus codeÂ verifiesÂ theseÂ claims.Â IfÂ theÂ read operationÂ isÂ detected,Â it returnsÂ aÂ blockÂ withÂ aÂ copyÂ of the virus,Â theÂ activeÂ code,Â instead ofÂ returningÂ aÂ copyÂ of data to beÂ presentÂ inÂ an infected system.Â In thisÂ way,Â theÂ antivirusÂ cannot findÂ theÂ disc whereÂ theÂ virus remainsÂ active.Â Similar techniquesÂ canÂ beÂ appliedÂ to avoidÂ the detection ofÂ otherÂ operations.
4.4 Fourth Generation: Armored
AsÂ researchersÂ haveÂ developedÂ anti-virusÂ tools toÂ analyzeÂ newÂ virusesÂ andÂ protect artifacts,Â virus writersÂ turnedÂ toÂ the techniquesÂ to hideÂ theÂ virus code.Â ThisÂ "armor"Â toincludeÂ aÂ sourceÂ ofÂ confusionÂ andÂ unnecessaryÂ andÂ make it moreÂ difficult toÂ analyze theÂ virus code.Â TheÂ defenseÂ is inÂ the formÂ ofÂ attacks againstÂ anti-virus software,Â ifÂ itÂ is present inÂ theÂ affected system.Â TheseÂ virusesÂ haveÂ emergedÂ since 1990.Â VirusesÂ with these formsÂ ofÂ protectionÂ areÂ generallyÂ muchÂ larger thanÂ theÂ simple virus,Â and therefore easierÂ to spot.Â InÂ addition, theÂ complexityÂ required toÂ causeÂ significant delays inÂ the efforts of expertsÂ qualifiedÂ anti-virusÂ seemsÂ to beÂ farÂ fromÂ anythingÂ thatÂ hasÂ notÂ yet appeared.
4.5 Fifth Generation: Polymorphic
The newÂ typeÂ ofÂ virusÂ appears onÂ the scene,Â aÂ polymorphic virusÂ orÂ self-mutant.Â TheseareÂ virusesÂ thatÂ infectÂ theÂ objectivesÂ changedÂ orÂ encrypted versionÂ ofÂ them. ChangesÂ inÂ theÂ code sequencesÂ inÂ the fileÂ (butÂ functionallyÂ equivalentÂ toÂ the original), the producerÂ orÂ otherÂ random encryption key,Â theÂ changed file,Â the virus is notÂ easily identifiableÂ throughÂ the useÂ ofÂ anÂ appropriate byte.Â DetectÂ theÂ presenceÂ of these virusesÂ requiresÂ a more complex algorithmÂ that appliesÂ to thisÂ effect,Â reversesÂ the maskingÂ toÂ determineÂ ifÂ the virusÂ is present.
SeveralÂ ofÂ theseÂ virusesÂ haveÂ becomeÂ quiteÂ common.Â SomeÂ viruses,Â virus writersÂ also published the "toolbox "thatÂ canÂ beÂ incorporatedÂ intoÂ aÂ complete virusÂ isÂ polymorphiccapabilities.Â TheseÂ documentsÂ wereÂ distributedÂ toÂ variousÂ bulletin boardsÂ aroundÂ the world,Â andÂ moreÂ integratedÂ into the virus.
5 Defenses and Outlook
SeveralÂ methods ofÂ protectionÂ against viruses.Â Unfortunately, noÂ protection isÂ perfect. Has beenÂ shownÂ that theÂ sharingÂ ofÂ memoryÂ inÂ writing,Â or communicationÂ withÂ any other entity,Â introducedÂ the possibility of transmissionÂ of the virus.Â Unable toÂ writeÂ aÂ program thatÂ willÂ detectÂ virusesÂ withoutÂ error.
AÂ little help,Â theÂ observationÂ isÂ trivialÂ toÂ write aÂ programÂ thatÂ identifiesÂ allÂ programs infectedÂ withÂ an accuracy ofÂ 100%.Â Unfortunately,Â thisÂ programÂ is to identifyÂ allÂ (or almost)Â theÂ infected program,Â whetherÂ orÂ not!Â ThisÂ is notÂ particularlyÂ usefulÂ for theÂ user, andÂ the challenge of writingÂ a detection mechanismÂ that findsÂ theÂ most viruses,Â without too many falseÂ positiveÂ reports.Â ProtectionÂ against virusesÂ usually takesÂ one ofÂ three forms:
ActivityÂ monitorsÂ are programsÂ thatÂ resideÂ onÂ theÂ system.Â Supervised activities,Â and whether anyÂ warningsÂ orÂ take special measuresÂ inÂ caseÂ ofÂ suspicious activity.Â Thus, attemptsÂ toÂ modifyÂ theÂ interruptÂ tableÂ in memoryÂ orÂ toÂ rewriteÂ theÂ boot sectorÂ iscapturedÂ inÂ suchÂ monitors.Â ThisÂ typeÂ ofÂ protectionÂ canÂ beÂ circumventedÂ (ifÂ implementedin the program),Â theÂ virus, whichÂ earlier inÂ theÂ bootÂ sequence,Â asÂ theÂ monitor code.
TheyÂ areÂ moreÂ susceptibleÂ toÂ virusÂ amendmentÂ ifÂ usedÂ inÂ machinery,Â hardwarememory protectionÂ -Â asÂ is theÂ case forÂ allÂ common personalÂ computers.Â Another formÂ ofdisplayÂ isÂ oneÂ thatÂ emulates,Â orÂ otherwise,Â suspectedÂ tracesÂ ofÂ applicationÂ execution.TheÂ monitorÂ evaluatesÂ the measuresÂ takenÂ in theÂ code,Â andÂ determineÂ whether an activityÂ is similarÂ toÂ what aÂ virusÂ is added.Â The rightÂ to issueÂ warningsÂ when suspicious activityÂ was observed.
ScannersÂ haveÂ beenÂ the mostÂ popular andÂ mostÂ commonÂ protectionÂ against viruses. TheÂ scannerÂ works byÂ readingÂ dataÂ fromÂ disk,Â andÂ applicationÂ filteringÂ operationsagainstÂ the listÂ ofÂ knownÂ virus patterns.Â IfÂ aÂ matchÂ isÂ foundÂ in theÂ sample, forÂ example, theÂ virusÂ is announced.
TheÂ scannersÂ areÂ fastÂ andÂ easyÂ toÂ use, butÂ suffer fromÂ manyÂ drawbacks.Â Foremost amongÂ theÂ disadvantagesÂ that theÂ list ofÂ samplesÂ shouldÂ beÂ maintained.Â TheÂ MS-DOS world,Â newÂ virusesÂ appearÂ inÂ more thanÂ a few dozenÂ eachÂ week.Â Examples updatingÂ inÂ thisÂ rapidly changing environmentÂ is difficult.
TheÂ secondÂ drawbackÂ scanners, falseÂ positiveÂ reports.Â AsÂ moreÂ samplesÂ to the list, itÂ becomesÂ increasingly likelyÂ that none ofÂ themÂ correspondÂ toÂ aÂ codeÂ otherwiselegitimate.Â AnotherÂ drawbackÂ isÂ thatÂ polymorphic virusesÂ cannotÂ beÂ detectedÂ by scanners.
ToÂ benefit from theÂ scanners,Â however,Â is speed?Â Scanning canÂ beÂ treatedÂ quickly enough.Â ControlÂ canÂ beÂ performedÂ portablyÂ onÂ allÂ platforms,Â andÂ ,Â andÂ samplefilesÂ easilyÂ distributeÂ andÂ update.Â Furthermore, newÂ virusesÂ are discoveredÂ eachweek,Â someÂ neverÂ spread.Â Thus,Â somewhatÂ outdatedÂ design filesÂ areÂ adequateÂ foremost environments.Â ScannersÂ equipped withÂ aÂ controlÂ algorithmicÂ or heuristicÂ can find theÂ mostÂ polymorphicÂ viruses.Â This is theÂ reasonÂ thatÂ theseÂ scannersÂ areÂ the most widelyÂ usedÂ anti-virus software.
TheÂ integrityÂ inspectorsÂ check codesÂ creative programsÂ (such asÂ checking,Â cyclic redundancy codeÂ (CRC),Â aÂ secure hash,Â message digestÂ orÂ cryptographic checksum) ofÂ filesÂ managed.Â Â Sometimes,Â theyÂ recalculateÂ theÂ checkcodesÂ andÂ comparesÂ thestored versions.Â If theÂ comparisonÂ fails,Â theÂ changeÂ isÂ knownÂ to haveÂ occurred inÂ the file,Â andÂ itÂ is markedÂ forÂ further investigation.Â IntegrityÂ monitorsÂ operateÂ continuously, andÂ regularly checkÂ the integrityÂ ofÂ files.Â ShellfishÂ check codeÂ checkÂ the integrityÂ before eachÂ execution.Â Â Integrity checkÂ isÂ almostÂ certain wayÂ toÂ discoverÂ theÂ filesÂ changes, includingÂ dataÂ files.Â BecauseÂ virusesÂ needÂ to modify theÂ filesÂ themselves in theÂ integrity checkÂ will findÂ theseÂ changes,Â andÂ thatÂ it does not matterÂ if theÂ virusÂ isÂ knownÂ orÂ notÂ -checkÂ the integrityÂ ofÂ theÂ experiment, theÂ ChangeÂ doesÂ not matterÂ whatÂ causes it. Integrity checking,Â thereÂ are otherÂ changesÂ causedÂ byÂ faulty software,Â equipment problems andÂ operator error.
Integrity checking,Â thereÂ areÂ drawbacks.Â InÂ someÂ systems,Â theÂ executable filesÂ are modifiedÂ whenÂ theÂ user runsÂ theÂ file,Â or whenÂ newÂ preferencesÂ toÂ beÂ recorded.RepeatedÂ reportsÂ ofÂ falseÂ positivesÂ canÂ lead theÂ userÂ toÂ ignoreÂ in futureÂ reports,Â or disableÂ the utility.Â ItÂ isÂ alsoÂ trueÂ thatÂ change canÂ beÂ noticedÂ thatÂ theÂ edited fileÂ is alreadyÂ running,Â and aÂ virus.Â MoreÂ importantly,Â the initial calculationÂ mustÂ beÂ brought toÂ the attentionÂ ofÂ check code-stableÂ versionÂ of eachÂ file.Â Otherwise, theÂ screenÂ will neverÂ reportÂ theÂ presenceÂ of the virus,Â which the userÂ isÂ likelyÂ to assume thatÂ the system isÂ notÂ infected.Â ManyÂ manufacturersÂ haveÂ alreadyÂ begunÂ toÂ buildÂ theirÂ owncontrol overÂ their products.Â ThisÂ typeÂ of verificationÂ byÂ theÂ integrityÂ ofÂ the programÂ at differentÂ times,Â asÂ heÂ performs.Â WhenÂ theÂ home inspectionÂ revealsÂ unexpected changesÂ in memoryÂ orÂ on disk, theÂ program willÂ end,Â orÂ warnÂ the user.Â ThisÂ can indicateÂ theÂ presenceÂ of a newÂ virusÂ quicklyÂ soÂ thatÂ further actionÂ mayÂ beÂ taken.
IfÂ noÂ computer virusesÂ wereÂ writtenÂ now, thereÂ are stillÂ manyÂ yearsÂ in theÂ problem of computerÂ viruses.Â The thousandsÂ ofÂ reportedÂ computer viruses, hundredsÂ ofwell-established,Â differentÂ typesÂ ofÂ computersÂ worldwide.Â TheÂ population ofÂ theÂ plant andÂ archived mediaÂ soÂ thatÂ theseÂ virusesÂ continueÂ to beÂ publishedÂ inÂ aÂ sizable population ofÂ contaminated equipment.