Is there a really virus problem

Kategorie: Angličtina (celkem: 879 referátů a seminárek)

Informace o referátu:

  • Přidal/a: anonymous
  • Datum přidání: 21. ledna 2007
  • Zobrazeno: 4671×

Příbuzná témata



Is there a really virus problem

Is there really a virus problem?
In 1995, Ernst & Young released a security survey that showed that 67% of companies had virus attacks during the year. This was a rise from 54% in 1994. The cost of each virus attack has been estimated, by a British magazine, at over $13,000 (Ł8,000, according to exchange rates on August 4, 1997). With the number of reported cases rising and the cost so high, it is essential to understand the virus problem better and to put the solutions to work in the marketplace. In January 1997, the NCSA (National Computer Security Association) reported approximately 200 macro viruses had been discovered. In just six months, the number has increased by almost 300%. It is now estimated that over 90% of all companies have at least one macro virus resident somewhere in their computing systems (source: Applied Technologies Group). What is a virus?
A virus is simply a self-replicating program. It is important to distinguish between viruses and "Trojan Horses". A virus is just a program that copies itself; it does not have to be destructive in anyway. A "Trojan Horse" is a deliberately destructive program, but does not replicate. There are other programs, such as jokes and droppers, that are not viruses, but many anti-virus programs give the option to the user, if he/she wants to search for these programs. Another important distinction is the one between "bugs" and viruses. Programs occasionally have "bugs" in them. They are only programming errors (though the programmer won’t like admitting to it.)
What is so terrible about viruses?
Viruses will usually do nothing more than irritate the user of the infected computer. At the least, they will take up much-needed hard disk space. But, as some can be destructive to the infected host, it is always a good idea to have anti-virus protection. People have various reasons for wanting to remove the viruses from their computer. First, 5% of viruses are destructive. Second, since almost 100% of those viruses found "in-the-wild", or in public circulation, are memory-resident, there will be conflicts with other programs the user will want to run. Third, the anxiety the user may have that the particular virus that he/she has is a different mutation of the documented virus. What is a typical virus?
There are no typical viruses. Viruses can be categorized into a few different groups: file viruses, boot viruses, multi-partite viruses, stealth viruses, polymorphic viruses, and macro viruses.

· File viruses: These viruses attach themselves mostly to executable viruses. Some will replace the normal program’s instructions with its own. This means that when the user opens the file, he/she will see the virus’ display. Other viruses will change the original extension of the file from .COM to .EXE, thereby making the computer load the virus before the actual program.· Boot viruses: The boot viruses hook into the boot sectors of a floppy diskette or into the MBR (Master Boot Record) of the hard drive. When the user boots the computer, the virus infects the computer and the code enters the memory. The virus will remain in memory and will infect any floppies that are used. Much as a time bomb is set for explosion at a defined time, usually boot viruses are launched on a specific date or at a specific hour. · Multi-partite viruses: A virus of this sort is a cross of a file virus and a boot virus. They combine the worst of both types of viruses.· Macro Viruses: These viruses are the new rising star of viruses. They infect ordinary software files and are not that complicated to write. This means that their numbers will continue to rise as more powerful programs use macros. Although most have no real damaging payload, they are annoying as they can affect the performance of the program. They can be found mainly in Word, but have also targeted Excel and Ami Pro. Do viruses have different features to them?
Viruses do have different features to them. The following features can be found in any of the aforementioned categories.· Stealth viruses: A stealth virus will hide from any program that will look for it. It achieves this by hooking interrupts, thereby making everything look normal to the user. Stealth viruses can report false dates and file sizes to the user. · Polymorphic viruses: Each time these viruses infect they change their form. They use encryption to conceal themselves from the anti-virus program. This makes it harder to detect the virus. How do they spread?
Viruses can be in a wrapped software product that is loaded onto the computer from a floppy diskette. They can come from purchased hardware. Viruses can be in a downloaded file from the Internet or in an attachment to an e-mail. The most probable way of receiving a virus is on a borrowed diskette from a friend or colleague. How do I know that my system is infected?
Much like their physical counterparts, many computer viruses will cause symptoms to appear in the host.

Examples of these symptoms are: reduced performance, increase in file length, less memory available, and strange screen displays. What can be done for protection?
The easiest way to keep a system virus-free is to check anything before it is used. A normal operating system offers different services to the user. The anti-virus programs run these services through a memory resident monitor. When the user asks for a file to be opened, the monitor opens it to check for viruses. If the file is "clean", the monitor allows the user to open the file. If the requested file is infected, then the monitor notifies the user. The user will then be able to decide what option to take with the infected file. All of this is carried out so fast that the user does not even realize it. Despite the monitor’s activity, the user should scan the computer frequently (once a week). The scanning can be done by using one or more of the following methods:· Signature Scanning - The product will compare a file and its contents against a database of signatures. This requires frequent updates to give the user adequate protection of his/her PC.· Heuristic Analysis - The anti-virus product will try to detect virus-like activity inside the user’s computer. The major downside to this type of analysis is the occurrence of false alarms.· Check Sum Analysis - The virus must make changes to the infected program> If the anti-virus program detects this it could notify the user. The problem with this method is that just loading a clean program onto the computer can cause changes and the novice user can not distinguish between the changes caused by a virus and those that are normal.· Polymorphic Analysis - As the polymorphic viruses change each time they infect, a special type of analyzer is needed. The anti-virus product will check the file for any virus-like behavior in a secluded location in the disk.· Macro Analysis - This analyzer intercepts the macros in a file and checks for viruses before opening them in the file. How can the virus be removed?
After the anti-virus product has found an infected file, it should be able to remove the file, thereby "curing" it. This process is extremely important. If the virus is infecting the user’s computer and the user now knows that it is in the hard disk, there will be no rest until the virus is removed. The problem is to remove the virus and leave the file intact. If the cure is not done correctly, the anti-virus product will leave the file in a non-working state (possibly the original purpose of the virus). This is the difference between a "good" cure and a "bad" cure.

How does the software remain updated?
To be successful the anti-virus product must be updated frequently. Iris Software offers three easy and accessible ways to update the virus signature file:1. CompuServe - Those who subscribe to CompuServe can download frequent updates from a site located inside the vast resources of CompuServe. Subscribers do not have to give any information and are billed along with their monthly fees from CompuServe. 2. 1-900 Number (USA ONLY) - Iris offers, at the touch of a button, the facility to let your computer dial in via modem to access the download. Once again, the customer does not have to give any information and will be billed by their long-distance carrier.3. Web Site - Iris Software maintains an internet site for easy downloading of the updated virus signature file. Customers give their credit card numbers (over a secure server) and the file is downloaded into the appropriate directory. Conclusion
We have now reached a point in time where there are over 1,000 macro viruses and over 12,000 known viruses in all. No one can say for sure what the future holds for virus detection. The trend seems to be leading towards heuristic features inside the anti-virus product. The researchers are trying to find a way to remove the danger of false alarms. At the time of writing, Iris has succeeded in detecting over 80% of viruses with no false alarms. The other major change that can be foreseen is the importance of the curing grade. Until now, companies have concentrated on their scanning percentage. Those involved in comparison reviews only ran the scanners in competition while leaving out the second half of the anti-virus product. It is time-consuming to check the curing of a given product. Obviously, users don’t want to be told that their computer is infected, but their anti-virus product has no cure. The real-world demands that there be a cure for each curable virus. Curing is not as easy as it sounds. The infected file must be left intact (aside from the virus being removed). If the anti-virus product leaves the file in an unusable state, then it has done the job for the virus. Iris AntiVirus is an example of a scanner that will leave all files intact and usable. As viruses continue to sprout up in greater numbers, we must all remain attentive to the anti-virus efforts. A few years ago, no one could have predicted the advent of macro viruses. Now, no one can say for certain where the next slew of viruses will come from. Remember, keep yourself informed and your product updated. .

Nový příspěvek



Ochrana proti spamu. Kolik je 2x4?