РефератыИностранный языкCoComputer Viruses Essay Research Paper Polymorphic

Computer Viruses Essay Research Paper Polymorphic

Computer Viruses Essay, Research Paper


Polymorphic & Cloning Computer Viruses


The


generation of today is growing up in a fast-growing, high-tech world which


allows us to do the impossibilities of yesterday. With the help of modern


telecommunications and the rapid growth of the personal computer in the average


household we are able to talk to and share information with people from all


sides of the globe. However, this vast amount of information transport has


opened the doors for the computer "virus" of the future to flourish.


As time passes on, so-called "viruses" are becoming more and more


adaptive and dangerous. No longer are viruses merely a rarity among computer


users and no longer are they mere nuisances. Since many people depend on the


data in their computer every day to make a living, the risk of catastrophe has


increased tenfold. The people who create computer viruses are now becoming much


more adept at making them harder to detect and eliminate. These so-called "polymorphic"


viruses are able to clone themselves and change themselves as they need to avoid


detection. This form of "smart viruses" allows the virus to have a


form of artificial intelligence. To understand the way a computer virus works


and spreads, first one must understand some basics about computers, specifically


pertaining to the way it stores data. Because of the severity of the damage that


these viruses may cause, it is important to understand how anti-virus programs


go about detecting them and how the virus itself adapts to meet the ever


changing conditions of a computer. In much the same way as animals, computer


viruses live in complex environments. In this case, the computer acts as a form


of ecosystem in which the virus functions. In order for someone to adequately


understand how and why the virus adapts itself, it must first be shown how the


environment is constantly changing and how the virus can interact and deal with


these changes. There are many forms of computers in the world; however, for


simplicity?s sake, this paper will focus on the most common form of personal


computers, the 80×86, better known as an IBM compatible machine. The computer


itself is run by a special piece of electronics known as a microprocessor. This


acts as the brains of the computer ecosystem and could be said to be at the top


of the food chain. A computer?s primary function is to hold and manipulate


data and that is where a virus comes into play. Data itself is stored in the


computer via memory. There are two general categories for all memory: random


access memory (RAM) and physical memory (hard and floppy diskettes). In either


of those types of memory can a virus reside. RAM is by nature temporary; every


time the computer is reset the RAM is erased. Physical memory, however, is


fairly permanent. A piece of information, data, file, program, or virus placed


here will still be around in the event that the computer is turned off. Within


this complex environment, exists computer viruses. There is no exact and


concrete definition for a computer virus, but over time some commonly accepted


facts have been related to them. All viruses are programs or pieces of programs


that reside in some form of memory. They all were created by a person with the


explicit intent of being a virus. For example, a bug (or error) in a program,


while perhaps dangerous, is not considered a computer virus due to the fact that


it was created on accident by the programmers of the software. Therefore,


viruses are not created by accident. They can, however, be contracted and passed


along by accident. In fact it may be weeks until a person even is aware that


their computer has a virus. All viruses try to spread themselves in some way.


Some viruses simply copy clones of themselves all over the hard drive. These are


referred to as cloning viruses. They can be very destructive and spread fast and


easily throughout the computer system. To illustrate the way a standard cloning


virus would adapt to its surroundings a theoretical example will be used. One


day a teacher decides to use his/her classroom Macintosh?s Netscape to


download some material on photosynthesis. Included in that material is a movie


file which illustrates the process. However, the teacher is not aware that the


movie file is infected with a computer virus. The virus is a section of binary


code attached to the end of the movie file that will execute its programmed


operations whenever the file is accessed. Then, the teacher plays the movie. As


the movie is being played the virus makes a clone of itself in every file inside


the system folder of that computer. The teacher shuts down the computer


normally, but the next day when it is booted up all of the colors are changed to


black and white. The explanation is that the virus has been programmed to copy


itself into all of the files that the computer accesses in a day. Thus, when the


computer reboots, the Macintosh operating system looks into the system folder at


a file to see how many colors to use. The virus notices it access this file and


immediately copies it self into it and changes the number of colors to two. Thus


the virus has detected a change in the files that are opened in the computer and


adapted itself by placing a clone of itself into the color configuration files.


Another prime way that viruses are spread throughout computers extremely rapidly


is via LANs (Local Area Networks) such as the one setup at Lincoln that connects


all of the classroom Macs

together. A LAN is a group of computers linked


together with very fast and high capacity cables. Below is an illustrated


example of a network of computers: Since all of the computers on a network are


connected together already, the transportation of a virus is made even easier.


When the "color" virus from the above example detects that the


computer is using the network to copy files across the school, it automatically


clones a copy of itself into every file that is transported across the network.


When it reaches the new computer it waits until it has been shut off then turned


back on again to copy itself into the color configuration files and change the


display to black and white. If this computer should then log on to the network,


the virus will transport again. In this manner network capable viruses can very


quickly adapt and cripple an entire corporation or office building. Do to the


severity of some viruses, people have devised methods of detecting and


eradicating them. The anti-viral programs will scan the entire hard drive


looking for evidence that viruses may have infected it. These programs must be


told very specifically what to look for on the hard drive. There are two main


methods of detecting viruses on a computer. The first is to compare all of the


viruses on the hard disk to known types of viruses. While this method is very


precise, it can be rendered totally useless when dealing with a new and


previously unknown virus. The other method deals with the way in which a common


cloning virus adapts. All that a cloning virus really does is look at what


operations the computer is executing and react and adapt to them by making more


copies of itself. This is the serious flaw with cloning viruses: all the copies


of itself look the same. Basically all data in a computer is stored in a byte


structure format. These bytes, which are analogous to symbols, occur in specific


orders and lengths. Each of the cloned viruses has the same order and length of


the byte structure. All that the anti-virus program has to do is scan the hard


drive for byte structures that are duplicated several times and delete them.


This method is an excellent way of dealing with the adaptive and reproducing


format of cloning viruses. The disadvantage is that it can produce a number of


false alarms such as when a user has two copies of the same file. Thereby, a


simple cloning viruses? main flaw is exposed. However, the (sick minded)


people who create these viruses have founded a way to get around this by


creating a new and even more adaptive virus called the polymorphic virus.


Polymorphic viruses were created with the explicit intent of being able to adapt


and reproduce in ways other than simple cloning. These viruses contain a form of


artificial intelligence. While this makes them by no means as smart or adaptive


as a human being, it does allow them to avoid conventional means of detection. A


conventional anti-virus program searching for cloned viruses will not think


files with different byte-structures as are viruses. A good analogy for a


polymorphic virus would be a chameleon. The chameleon is able to change its


outward appearance but not the fact that it is a chameleon. A polymorphic


virus?s main goal is just like that of any other virus: to reproduce itself


and complete some programmed task (like deleting files or changing the colors of


the monitor); this fact is never changed. However, it is the way in which they


reproduce that makes them different. A polymorphic virus does more to adapt than


just make copies of itself into other files. In fact, it does not really even


clone its physical byte structure. Instead it creates other programs with


different byte structures that are attempting to perform the same task. In a


sense, polymorphic viruses are smart enough to evolve itself by writing new


programs on the fly. Because of the fact that they all have different byte


structures, they pass undetected through conventional byte comparison anti-viral


techniques. Not only are polymorphic viruses smart enough to react to their


environment by adaptation, but they are able to do it in a systematic way that


will prevent their future detection and allow them to take on a new life of


their own. Computer viruses are extremely dangerous programs that will adapt


themselves to the ever changing environment of memory by making copies of


themselves. Cloning viruses create exact copies of themselves and attach to


other files on the hard drive in an attempt to survive detection. Polymorphic


viruses are able to change their actual appearance in memory and copy themselves


in much the same way that a chameleon can change colors to avoid a predator. It


is not only the destructive nature of computer viruses that make them so


dangerous in today?s society of telecommunications, but also their ability to


adapt themselves to their surroundings and react in ways that allow them to


proceed undetected to wreck more havoc on personal computer users across the


globe.


Rizzello, Michael. Computer Viruses. Internet. http://business.yorku.ca


/mgts4710/rizello/viruses.htm Solomon, Dr. Alan. A Guide to Viruses. Internet.


http://dbweb.agora.stm.it/ webforum/virus/viruinfo.htm Tippett, Peter S. Alive!


Internet. http://www.bocklabs.wisc.edu/~janda/alive10.html. 1995. "Virus


(computer)," Microsoft (R) Encarta. Copyright (c) 1993 Microsoft


Corporation. Copyright (c) 1993 Funk & Wagnall’s Corporation Yetiser, Tarkan.


Polymorphic Viruses. VDS Advanced Research Group. Baltimore, 1993.

Сохранить в соц. сетях:
Обсуждение:
comments powered by Disqus

Название реферата: Computer Viruses Essay Research Paper Polymorphic

Слов:1995
Символов:13104
Размер:25.59 Кб.