What is a computer virus
Kategorie: Angličtina (celkem: 879 referátů a seminárek)
Informace o referátu:
- Přidal/a: anonymous
- Datum přidání: 21. ledna 2007
- Zobrazeno: 1987×
Příbuzná témata
What is a computer virus
One may think of several explanations of what is a computer virus. The simplest of them is a commonplace one fit for a housewife in what has never seen a computer in her life, but knows that It exists, and that It is prone to virus infection. Such an explanation can be given rather easily, unlike the other one, meant for an expert programmer. So far I don't think I can give an exact definition of a computer virus and set a clear margin between programs basing on a principle "virus - non-virus".Explanation for a Housewife
This explanation will be given on the example of a desk clerk working exclusively with papers. The idea of an explanation like this belongs to D.N.Lozinsky.
Let's imagine a desk clerk coming to work every day to his office. Everyday he finds a stack of papers with a list of tasks which he must fulfill during his working day. He takes the top paper from the stack, reads the instructions of the superior, follows them carefully, then throws "used" papers into waste basket. Suppose a bad guy sneaks into the office and inserts a paper into the stack with his own task which goes like this:
· "Copy this paper two times and put the copies into neighbors' stacks". What will the desk clerk do? He will copy this paper twice, destroy the original one and continue to the next paper in the stack, i.e. will go on working as usual. What will his neighbors do, being as careful workers as he is, when they find a new task? They will do the same thing as the first one did: copy the paper twice and give it to other desk clerks. Altogether we have four copies of the paper already, and the paper will continue to be copied and transferred to other people.
This is approximately this scenario according to which the computer virus works, with programs instead of papers stacks and computers instead of desk clerks. A computer, like a desk clerk, carefully fulfills all the commands contained in a program (task lists), starting from the first one. If the first one like "copy my body into two other programs", the computer will do so, and the virus command will now be in two other programs. When the computer starts running other "infected" programs, the virus will continue to spread all over the computer in a similar manner.
In the above example about a desk clerk and his office our paper virus does not check whether another stack of papers is infected or not.
In this case by the end of the working day all the office will be overrun by piles of such copies, the clerks will have nothing else to do but copy the same text and give it to the neighbors - the first clerk makes two copies of the paper, the next victims of the virus make four copies, then 8, 16, 32, 64 and so on, that is the number of copies each time will increase twice.
If a desk clerk needs 30 seconds to copy one paper and 30 seconds more to pass the copies on, then in an hour there will be more than 1.000.000.000.000.000.000 copies of the virus in the office! Soon, of course, the office will be out of paper, and spreading of the virus will be stopped because of this obvious reason.
Funny as it may seem (although the participants of this incident were not at all laughing), exactly the same thing happened in 1988 in America, when several global information networks became overflow with copies of a network virus (Morris's worm), which transferred itself from one computer to another. Therefore "direct" viruses behave like this:
· "Copy this list two times and put the copies into the stacks of tasks of neighbors, if they don't already have one". The problem is solved - there is no "overpopulation", but each stack contains a copy of the virus, besides that desk clerks also manage to do their usual jobs.
"How about the destruction of data?" - an educated housewife make ask. This is very simple - it is sufficient to and to the list approximately this:
1. "Copy this list two times and put the copies into the stacks of tasks of neighbors, if they don't already have one. 2. Check with the calendar, and if the date is Friday the 13th, throw all the documents away into the waste basket."
That's about all a well-known in past the "Jerusalem" virus did (a.k.a. "Time").
By the way judging by the example with our desk clerks one may very well see why it in most cases it is impossible to say, where did the virus come from to our computer. All the clerks have the same COPIES (except for handwriting), but the original written by the hand of the bad guy is in the waste basket for a long time already!
This is the simple explanation of how a virus works. I would like to add two axioms to it, which are not obvious for everyone, strange as it may seem:
Firstly viruses do not appear by themselves - they are being created by very evil and bad hackers programers who then send them to information exchange networks or toss them to the computers of their acquaintances. Virus can not sneak to your computer by itself - either it was hiding on diskettes or even on a CD, or you have accidentally downloaded it from a computer informational network, or maybe you had virus in your computer from the very beginning, or, worst of all, some hacker lives in your home.
Secondly, computer viruses infect only a computer and nothing else, so don't be afraid - they are not being passed through keyboard or mouse.
Attempt to Give a "Normal" Definition
The first attempts to explore self multiplying artificial entities were made in the middle of this century. Von Neumann, Wiener and other authors gave definition and mathematically analyzed finite slot machines, including self multiplying ones. The term "computer virus" became known later - it is now official, that it was first used by F.Cohen (USA), a Lehigh university scholar, in 1984, on the seventh conference on computer security, which was held in the United States.
It has been a long time since then, viruses present a far bigger problem now, but there is still no exact definition of a computer virus, despite many attempts to give one.
The main difficulty while trying to give the exact definition of a virus is that virtually all the unique features of a virus (incorporating with other objects, stealth behavior, potential danger and so on) may be found in other non-virus programs, or there exist some viruses which are free from those features (except for their spreading capabilities).
For example, if we take stealth capability as a distinctive feature of a virus, then it's easy to give example of virus not denying its spreading. Such a virus before infecting any file outputs a message saying that there is a virus in a computer ready to hit another file, then outputs its filename and prompts for user permission to incorporate itself into this file.
If we take the ability to destroy programs and data on disks as a distinctive feature of a virus, then as a counter-example for this feature it's possible to give the dozens of absolutely harmless viruses, which do nothing but spread themselves.
However the main feature computer viruses - their capability of incorporation into different objects of operating system - can be found in many conventional programs, which are not viruses. For example, the most widespread operating system MS-DOS has all the necessary means to arbitrarily install itself to non-DOS disks. To do so it is sufficient to create an AUTOEXEC.BAT file containing the following lines:
SYS A:
COPY *.* A:
SYS B:
COPY *.* B:
SYS C:
COPY *.* C:
...
on a DOS boot floppy.
If you modify DOS as described above, it will become a virus in its own right from the point of view of any existing definition of a computer virus.
Thus the first reason not allowing us to give an exact definition of a virus is the impossibility to name features which virus and only virus can have.
The second difficulty arising when trying to work out the definition of a computer virus is the fact that this definition has to be OS-specific. For example theoretically there can be operating systems in which viruses simply cannot exist. This may be the system where it is prohibited to modify executable code, i.e. those objects that are already being executed or can be executed by operating system under certain conditions.
Therefore it is possible to give only the necessary condition for considering some sequence of executable code a virus.
THE NECESSARY CONDITION OF BEING CONSIDERED A COMPUTER VIRUS is the capability to produce copies of itself (not exact bytewise replicas) and to incorporate them into computer networks and/or files, system areas of computers, and other executable objects. In addition to that copies also maintain the capability to spread further.
It has to be mentioned that this condition is not sufficient (i.e. final), because for example the MS-DOS operating system has the necessary condition of a virus, but is obviously not a virus.
This is why there is no exact definition of a virus up to this moment, and it can hardly be given in the near future.
Therefore there is no exactly defined law according to which "good" files may be told from "viruses". And more than that, for each particular file sometimes it is rather difficult to tell, whether it is a virus or not.
Here are two examples: KOH virus and ALREADY.COM program.
Example 1. There is a virus(?) utility(?) called KOH. This program encrypts/decrypts disks on a user request only. This is a bootable diskette with KOH bootstrap loader, somewhere in the other sectors there is executable code of KOH. After diskette boot up KOH asks user something like, "May I install myself to your HDD?" (if it already has been installed onto the HDD it asks the same about diskette). If the answer is yes, KOH transfers itself from one disk to another.
As a result KOH transfers (copies) itself from diskettes to hard drives and vice versa, but only if user permits to do so.
Then KOH outputs some text about its hot keys by pressing which it encrypts/decrypts disks - prompts for password, reads sectors, encrypts them and makes them unavailable if you enter incorrect password. By the way it also has a key for uninstallation, which is used by KOH to remove itself from disks (having decrypted all the encrypted data first, of course).
So KOH is a utility program for information protection from nonapproved access. However it has one additional feature: this program can copy itself from one disk to another (with user's permission). Is this a virus? Yes or no? Most likely not...
This might be okay, nobody would call this utility program KOH a virus, if it wasn't for one thing. The KOH's bootstrap loader looks 100 percent like that rather "popular" "Havoc" virus ("StealthBoot").. end of story. It's a virus! It even has an official name - "StealthBoot.KOH".
Had KOH been written by somebody in Symantec or Sierra or even by Microsoft and not by somebody unknown, nobody would even think of calling it a virus.
Example 2. There is a program called ALREADY.COM, which copies itself to different subdirectories on a drive depending on system date. Is this a virus? Yes of course - a typical worm virus, spreading itself over the drives (including the network ones). Yes?.. Yes!
"Close but no cigar!" As it turned out, this is not the virus, this is a part of some software. However if you detached this part from the rest of the software, it behaves like a typical virus.
So we have to live examples:
1. Non-virus - virus.
2. Virus - non-virus.
And attended reader who is no stranger to arguments may object:
- Hold it.
Computer viruses are called "viruses" because, like their biological counterparts, they had the ability to self-propagation. KOH also has this ability, therefore it's a virus (or a compound which includes a virus component)"
In this case DOS is also a virus (or a compound which includes a virus component), because it has the SYS and COPY commands. And if the boot disk has the AUTOEXEC.BAT file similar to the one shown above, there is even no need for a user to initiate the propagation process. In addition to that, if we consider the capability to self-propagate to be a necessary and sufficient feature of a virus, that every software which includes an installation program is a virus. Therefore this argument fails.
- .. what if we define a virus as not just "self propagating code", but "self propagating code not doing anything useful and even doing harm, without user participation or even noticing"...
The KOH virus is a program encrypting disks using a password supplied by user. Everything it does is being commented on the display and all the actions are confirmed by the user. In addition to that it also has the "uninstall" option to it that decrypts all the disks and deletes the program body. Nevertheless it's a virus!
Judging by subjective criteria in case of ALREADY.COM (useful/useless, it's part of a compound/is a stand-alone etc.) maybe it is incorrect to call it a virus/worm. But what's the use being subjective?
But what can objective criteria of being a virus be? Might that be self propagation, obscurity, destructive capabilities? But for each objective criterion one might find 2 counter examples - a) some particular virus not meeting this criterion, and b) some particular non-virus program meeting this criterion:
Self propagation:
a. intended viruses, which can not propagate because of numerous errors, or propagate under very limited conditions.
b. MS-DOS and variations of SYS+COPY.
Obscurity:
a. "KOH", "VirDemo", "Macro.Word.Polite" viruses and some others inform user about their presence and propagation.
b. how many drivers counting by tens do Microsoft Windows95 load? They're all obscure by the way.
Destructive capabilities:
a. harmless viruses like "Yankee", who feel fine under DOS, Windows 3.x, Windows95, NT and don't mess up anything.
b. the older versions of Norton Disk Doctor applied to drives with long filenames. In this case Disk Doctor turns out to be Disk Destroyer.
And so the question whether it is possible to give "normal" definition of computer virus is still open.
Only in the few cases one can tell exactly: for example the COMMAND.COM file is definitely not a virus, whereas the notoriously famous program containing the text "Dis is one half" is 100 percent virus ("OneHalf"). Everything in between may be a virus and maybe not.
Don't lose your temper, Shura, you are still to do
time for your last case.