РефератыИностранный языкCoComputer Viruses Past Present And Future Essay

Computer Viruses Past Present And Future Essay

Computer Viruses: Past, Present And Future Essay, Research Paper


Computer Viruses: Past, Present And Future


In our health-conscious society, viruses of any type are an enemy. Computer


viruses are especially pernicious. They can and do strike any unprotected


computer system, with results that range from merely annoying to the disastrous,


time-consuming and expensive loss of software and data. And with corporations


increasingly using computers for enterprise-wide, business-critical computing,


the costs of virus-induced down-time are growing along with the threat from


viruses themselves. Concern is justified – but unbridled paranoia is not. Just


as proper diet, exercise and preventative health care can add years to your life,


prudent and cost-effective anti-virus strategies can minimize your exposure to


computer viruses.


? A history of computer viruses


? Who writes viruses – and how they can reach you


? The early warning symptoms of virus infection


? The real numbers behind the growth of viruses and their costs


? How viruses work – and how virus protection can stop them


What, Exactly, Is A Computer Virus?


A computer virus is a program designed to replicate and spread, generally with


the victim being oblivious to its existence. Computer viruses spread by


attaching themselves to other programs (e.g., word processors or spreadsheets


application files) or to the boot sector of a disk. When an infected file is


activated – or executed – or when the computer is started from an infected disk,


the virus itself is also executed. Often, it lurks in computer memory, waiting


to infect the next program that is activated, or the next disk that is accessed.


What makes viruses dangerous is their ability to perform an event. While some


events are harmless (e.g. displaying a message on a certain date) and others


annoying (e.g., slowing performance or altering the screen display), some


viruses can be catastrophic by damaging files, destroying data and crashing


systems.


How Do Infections Spread?


Viruses come from a variety of sources. Because a virus is software code, it can


be transmitted along with any legitimate software that enters your environment:


? In a 1991 study of major U.S. and Canadian computer users by the market


research firm Dataquest for the National Computer Security Association, most


users blamed an infected diskette (87 percent). Forty-three percent of the


diskettes responsible for introducing a virus into a corporate computing


environment were brought from home.


? Nearly three-quarters (71 percent) of infections occurred in a networked


environment, making rapid spread a serious risk. With networking, enterprise


computing and inter-organizational communications on the increase, infection


during telecommunicating and networking is growing.


? Seven percent said they had acquired their virus while downloading software


from an electronic bulletin board service.


? Other sources of infected diskettes included demo disks, diagnostic disks used


by service technicians and shrink-wrapped software disks – contributing six


percent of reported infections.


What Damage Can Viruses Do To My System?


As mentioned earlier, some viruses are merely annoying, others are disastrous.


At the very least, viruses expand file size and slow real-time interaction,


hindering performance of your machine. Many virus writers seek only to infect


systems, not to damage them – so their viruses do not inflict intentional harm.


However, because viruses are often flawed, even benign viruses can inadvertently


interact with other software or hardware and slow or stop the system. Other


viruses are more dangerous. They can continually modify or destroy data,


intercept input/output devices, overwrite files and reformat hard disks.


What Are The Symptoms Of Virus Infection?


Viruses remain free to proliferate only as long as they exist undetected.


Accordingly, the most common viruses give off no symptoms of their infection.


Anti-virus tools are necessary to identify these infections. However, many


viruses are flawed and do provide some tip-offs to their infection. Here are


some indications to watch for:


? Changes in the length of programs


? Changes in the file date or time stamp


? Longer program load times


? Slower system operation


? Reduced memory or disk space


? Bad sectors on your floppy


? Unusual error messages


? Unusual screen activity


? Failed program execution


? Failed system bootups when booting or accidentally booting from the A: drive.


? Unexpected writes to a drive.


The Virus Threat: Common – And Growing


How real is the threat from computer viruses? Every large corporation and


organization has experienced a virus infection – most experience them monthly.


According to data from IBM’s High Integrity Computing Laboratory, corporations


with 1,000 PCs or more now experience a virus attack every two to three months -


and that frequency will likely double in a year.


The market research firm Dataquest concludes that virus infection is growing


exponentially. It found nearly two thirds (63%) of survey respondents had


experienced a virus incident (affecting 25 or fewer machines) at least once,


with nine percent reporting a disaster affecting more than 25 PCs. The 1994


Computer Crime Survey by Creative Strategies Research International and BBS


Systems of San Francisco found 76 percent of U.S. respondents had experienced


infection in 1993 alone.


If you have only recently become conscious of the computer virus epidemic, you


are not alone. Virus infections became a noticeable problem to computer users


only around 1990 – but it has grown rapidly since then. According to a study by


Certus International of 2,500 large U.S. sites with 400 or more PCs, the rate of


infection grew by 600 percent from 1994 to 1995.


More Viruses Mean More Infections


Virus infections are a growing problem, in part, because there are more strains


of viruses than ever before. In 1986, there were just four PC viruses. New


viruses were a rarity, with a virus strain created once every three months. By


1989, a new virus appeared every week. By 1990, the rate rose to once every two


days. Now, more than three viruses are created every day – for an average 110


new viruses created in a typical month. From those modest four viruses in 1986,


today’s computer users face thousands of virus strains.


Number Of Unique Viruses


Here is the frightening part: Most infections today are caused by viruses that


are at least six years old. That is, the infections are caused by viruses


created no later than 1990, when there were approximately 300 known viruses.


Today, there are thousands of viruses. If that pattern of incubation holds, the


explosion of new viruses over the past few years could result in another


explosion in total infections over the next few years.


The History Of Viruses: How It All Began


Today, the existence of viruses and the need to protect against them are


inevitable realities. But it wasn’t always so. As recently as the middle 1980s,


computer viruses didn’t exist. The first viruses were created in university labs


- to demonstrate the”potential” threat that such software code could provide. By


1987, viruses began showing up at several universities around the world. Three


of the most common of today’s viruses – Stoned, Cascade and Friday the 13th -


first appeared that year.


Serious outbreaks of some of these viruses began to appear over the next two


years. The Datacrime and Friday the 13th viruses became major media events,


presaging the concern that would later surround the Michelangelo virus. Perhaps


surprisingly, tiny Bulgaria became known as the world’s Virus Factory in 1990


because of the high number of viruses created there. The NCSA found that


Bulgaria, home of the notorious Dark Avenger, originated 76 viruses that year,


making it the world’s single largest virus contributor. Analysts attribute


Bulgaria’s prolific virus output to an abundance of trained but unemployed


programmers; with nothing to do, these people tried their hands at virus


production, with unfortunately successful results.


This growing activity convinced the computer industry that viruses were serious


threats requiring defensive action. IBM created its High Integrity Computing


Laboratory to lead Big Blue’s anti-virus research effort. Symantec began


offering Symantec Anti-Virus, one of the first commercially available virus


defenses. These responses came none too soon. By 1991, the first polymorphic


viruses – that can, like the AIDS virus in humans, change their shape to elude


detection – began to spread and attack in significant numbers. That year too,


the total number of viruses began to swell, topping 1,000 for the first time.


Virus creation proliferated, and continues to accelerate, because of the growing


population of intelligent, computer-literate young people who appreciate the


challenge – but not the ethics – of writing and releasing new viruses. Cultural


factors also play a role. The U.S. – with its large and growing population of


computer-literate young people – is the second largest source of infection.


Elsewhere, Germany and Taiwan are the other major contributors of new viruses.


Another reason for the rapid rise of new viruses is that virus creation is


getting easier. The same technology that makes it easier to create legitimate


software – Windows-based development tools, for example – is, unfortunately,


being applied to virus creation. The so-called Mutation Engine appeared in 1992,


facilitating the development of polymorphic viruses. In 1992, the Virus Creation


Laboratory, featuring on-line help and pull-down menus, brought virus creation


within the reach of even non-sophisticated computer users.


More PCs And Networks Mean More Infections, Too


The growing number of PCs, PC-based networks and businesses relying on PCs are


another set of reasons for rising infections: there are more potential victims.


For example, in the decade since the invention and popularization of the PC, the


installed base of active PCs grew to 54 million by 1990. But that number has


already more than doubled (to 112 million PCs in 1993) and climbed to 154


million in 1994.


Not only are PCs becoming more common – they are taking over a rising share of


corporate computing duties. A range of networking technologies – including


Novell NetWare, Microsoft Windows NT and LAN Manager, LAN Server, OS/2 and


Banyan VINES – are allowing companies to downsize from mainframe-based computer


systems to PC-based LANs and, now, client-server systems. These systems are more


cost-effective and they are being deployed more broadly within organizations for


a growing range of mission-critical applications, from finance and sales data to


inventory control, purchasing and manufacturing process control.


The current, rapid adoption of client-server computing by business gives viruses


fertile new ground for infection. These server-based solutions are precisely the


type of computers that are susceptible – if unprotected – to most computer


viruses. And because data exchange is the very reason for using client-server


solutions, a virus on one PC in the enterprise is far more likely to communicate


with – and infect – more PCs and servers than would have been true a few years


ago.


Moreover, client-server computing is putting PCs in the hands of many first-time


or relatively inexperienced computer users, who are less likely to understand


the virus problem. The increased use of portable PCs, remote link-ups to servers


and inter-organization-and inter-network e-mail all add to the risk of


infections, too. Once a virus infects a single networked computer, the average


time required to infect another workstation is from 10 to 20 minutes – meaning a


virus can paralyze an entire enterprise in a few hours.


What Is Ahead?


The industry’s latest buzz-phrase is “data superhighway” and, although most


people haven’t thought about those superhighways in the context of virus


infections, they should. Any technology that increases communication among


computers also increases the likelihood of infection. And the data superhighway


promises to expand on today’s Internet links with high-bandwidth transmission of


dense digital video, voice and data traffic at increasingly cost-effective rates.


Corporations, universities, government agencies, non-profit organizations and


consumers will be exchanging far more data than ever before. That makes virus


protection more important, as well.


In addition to more opportunities for infection, there’ll be more and more-


damaging strains of virus to do the infecting. Regardless of the exact number of


viruses that appear in the next few years, the Mutation Engine, Virus Creation


Laboratory and other virus construction kits are sure to boost the virus


population. Viruses that combine the worst features of several virus types -


such as polymorphic boot sector viruses – are appearing and will become more


common. Already, Windows-specific viruses have appeared. Virus writers, and


their creations, are getting smarter. In response to the explosion in virus


types and opportunities for transmission, virus protection will have to expand,


too.


Computer anti-virus program manufacturers had a speed bump in which many used to


profit: 32-bit applications. DOS and Windows 3.1 used a 16-bit architecture,


and other 32-bit platforms such as Windows NT, UNIX, and a variety of other


server operating systems had anti-virus programs already made. McAfee and


Symantec, two giants in the anti-virus industry, prepared for the release of a


new 32-bit home operating system. In August, Microsoft released Windows 95 for


resale and it stormed across the nation. A large number of virus problems


surfaced in the short months after the release. This was due to the neglect of


a readily-available 32-bit anti-virus for the home user, and the fact that old


16-bit anti-virus programs could not detect 32-bit viruses. McAfee introduced


Virus Scan 95 and Symantec released Norton Antivirus 95 shortly after the


Windows 95 release. As the future progresses and the data architecture


increases, anti-virus programs will have to be upgraded to handle the new


program structure.


The Costs Of Virus Infection


Computer viruses have cost companies worldwide nearly two billion dollars since


1990, with those costs accelerating, according to an analysis of survey data


from IBM’s High Integrity Computing Laboratory and Dataquest. Global viral costs


are clmbed another 1.9 billion dollars in 1994 alone, but has been at a more


steady rate as anti-virus programs have been improved significantly.


The costs are so high because of the direct labor expense of cleanup for all


infected hard disks and floppies in a typical incident. The indirect expense of


lost productivity – an enormous sum – is higher, still. In a typical inf

ection


at a large corporate site, technical support personnel will have to inspect all


1,000 PCs. Since each PC user has an average 35 diskettes, about 35,000


diskettes will have to be scanned, too.


Recovery Time For A Virus Disaster (25 PCs)


On average, it took North American respondents to the 1991 Dataquest study four


days to recover from a virus episode – and some MIS managers needed fully 30


days to recover. Even more ominously, their efforts were not wholly effective; a


single infected floppy disk taken home during cleanup and later returned to the


office can trigger a relapse. Some 25 percent of those experiencing a virus


attack later suffered such a re-infection by the same virus within 30 days.


That cleanup is costing each of these corporations an average $177,000 in 1993 -


and that sum will grow to more than $254,000 in 1994. If you’re in an enterprise


with 1,000 or more PCs, you can use these figures to estimate your own virus-


fighting costs. Take the cost-per-PC ($177 in 1993, $254 in 1994) and multiply


it by the number of PCs in your organization.


At a briefing before the U.S. Congress in 1993, NYNEX, one of North America’s


largest telecommunications companies, described its experience with virus


infections


? Since late 1989, the company had nearly 50 reported virus incidents – and


believes it experienced another 50 unreported incidents.


? The single user, single PC virus incident is the exception. More typical


incidents involved 17 PCs and 50 disks at a time. In the case of a 3Com


network, the visible signs of infection did not materialize until after


17 PCs were infected. The LAN was down for a week while the cleanup was


conducted.


? Even the costs of dealing with a so-called benign virus are high. A


relatively innocuous Jerusalem-B virus had infected 10 executable files on


a single system. Because the computer was connected to a token ring network,


all computers in that domain had to be scanned for the virus. Four LAN


administrators spent two days plus overtime, one technician spent nine


hours, a security specialist spent five hours, and most of the 200 PC on


the LAN had to endure 15-minute interruptions throughout a two-day


period.


In the October 1993 issue of Virus Bulletin, Micki Krause, Program Manager for


Information Security at Rockwell International, outlined the cost of a recent


virus outbreak at her corporation:


? In late April 1993, the Hi virus was discovered at a large division of


Rockwell located in the U.S. The division is heavily networked with nine file


servers and 630 client PCs. The site is also connected to 64 other sites around


the world (more than half of which are outside the U.S.). The virus had entered


the division on program disks from a legitimate European business partner. One


day after the disks arrived, the Hi virus was found by technicians on file


servers, PCs and floppy disks. Despite eradication efforts, the virus continued


to infect the network throughout the entire month of May. ? 160 hours were spent


by internal PC and LAN support personnel to identify and contain the infections.


At $45.00 per hour, their efforts cost Rockwell $7,200. ? Rockwell also hired an


external consultant to assist Rockwell employees in the cleanup. 200 hours were


spent by the consultant, resulting in a cost of $8,000. ? One file server was


disconnected from the LAN to prevent the virus from further propagating across


the network. The server, used by approximately 100 employees, was down for an


entire day. Rockwell estimated the cost of the downtime at $9,000 (100 users @


$45/hr for 8 hours, with users accessing the server, on average, 25% of the


normal workday). ? While some anti-virus software was in use, Rockwell purchased


additional software for use on both the servers and the client PCs for an


additional $19,800. ? Total Cost of the virus incident at Rockwell was $44,000.


Technical Overview


Computer Viruses And How They Work


Viruses are small software programs. At the very least, to be a virus, these


programs must replicate themselves. They do this by exploiting computer code,


already on the host system. The virus can infect, or become resident in almost


any software component, including an application, operating system, system boot


code or device driver. Viruses gain control over their host in various ways.


Here is a closer look at the major virus types, how they function, and how you


can fight them.


File Viruses


Most of the thousands of viruses known to exist are file viruses, including the


Friday the 13th virus. They infect files by attaching themselves to a file,


generally an executable file – the .EXE and .COM files that control applications


and programs. The virus can insert its own code in any part of the file,


provided it changes the hosts code, somewhere along the way, misdirecting proper


program execution so that it executes the virus code first, rather than to the


legitimate program. When the file is executed, the virus is executed first.


Most file viruses store themselves in memory. There, they can easily monitor


access calls to infect other programs as they’re executed. A simple file virus


will overwrite and destroy a host file, immediately alerting the user to a


problem because the software will not run. Because these viruses are immediately


felt, they have less opportunity to spread. More pernicious file viruses cause


more subtle or delayed damage – and spread considerably before being detected.


As users move to increasingly networked and client-server environments, file


viruses are becoming more common. The challenge for users is to detect and clean


this virus from memory, without having to reboot from a clean diskette. That


task is complicated because file viruses can quickly infect a range of software


components throughout a user’s system. Also, the scan technique used to detect


viruses can cause further infections; scans open files and file viruses can


infect a file during that operation. File viruses such as the Hundred Years


virus can infect data files too.


Boot Sector/partition table viruses


While there are only about 200 different boot sector viruses, they make up 75


percent of all virus infections. Boot sector viruses include Stoned, the most


common virus of all time, and Michelangelo, perhaps the most notorious. These


viruses are so prevalent because they are harder to detect, as they do not


change a files size or slow performance, and are fairly invisible until their


trigger event occurs – such as the reformatting of a hard disk. They also spread


rapidly. The boot sector virus infects floppy disks and hard disks by inserting


itself into the boot sector of the disk, which contains code that’s executed


during the system boot process. Booting from an infected floppy allows the virus


to jump to the computer’s hard disk. The virus executes first and gains control


of the system boot even before MS-DOS is loaded. Because the virus executes


before the operating system is loaded, it is not MS-DOS-specific and can infect


any PC operating system platform – MS-DOS, Windows, OS/2, PC-NFS, or Windows NT.


The virus goes into RAM, and infects every disk that is accessed until the


computer is rebooted and the virus is removed from memory. Because these viruses


are memory resident, they can be detected by running CHKDSK to view the amount


of RAM and observe if the expected total has declined by a few kilobytes.


Partition table viruses attack the hard disk partition table by moving it to a


different sector and replacing the original partition table with its own


infectious code. These viruses spread from the partition table to the boot


sector of floppy disks as floppies are accessed.


Multi-Partite Viruses


These viruses combine the ugliest features of both file and boot


sector/partition table viruses. They can infect any of these host software


components. And while traditional boot sector viruses spread only from infected


floppy boot disks, multi-partite viruses can spread with the ease of a file


virus – but still insert an infection into a boot sector or partition table.


This makes them particularly difficult to eradicate. Tequila is an example of a


multi-partite virus.


Trojan Horses


Like its classical namesake, the Trojan Horse virus typically masquerades as


something desirable – e.g., a legitimate software program. The Trojan Horse


generally does not replicate (although researchers have discovered replicating


Trojan Horses). It waits until its trigger event and then displays a message or


destroys files or disks. Because it generally does not replicate, some


researchers do not classify Trojan Horses as viruses – but that is of little


comfort to the victims of these malicious stains of software.


File Overwriters


These viruses infect files by linking themselves to a program, keeping the


original code intact and adding themselves to as many files as possible.


Innocuous versions of file overwriters may not be intended to do anything more


than replicate but, even then, they take up space and slow performance. And


since file overwriters, like most other viruses, are often flawed, they can


damage or destroy files inadvertently. The worst file overwriters remain hidden


only until their trigger events. Then, they can deliberately destroy files and


disks.


Polymorphic viruses


More and more of today’s viruses are polymorphic in nature. The recently


released Mutation Engine – which makes it easy for virus creators to transform


simple viruses into polymorphic ones – ensures that polymorphic viruses will


only proliferate over the next few years. Like the human AIDS virus that mutates


frequently to escape detection by the body’s defenses, the polymorphic computer


virus likewise mutates to escape detection by anti-virus software that compares


it to an inventory of known viruses. Code within the virus includes an


encryption routine to help the virus hide from detection, plus a decryption


routine to restore the virus to its original state when it executes. Polymorphic


viruses can infect any type of host software; although polymorphic file viruses


are most common, polymorphic boot sector viruses have already been discovered.


Some polymorphic viruses have a relatively limited number of variants or


disguises, making them easier to identify. The Whale virus, for example, has 32


forms. Anti-virus tools can detect these viruses by comparing them to an


inventory of virus descriptions that allows for wildcard variations – much as PC


users can search for half-remembered files in a directory by typing the first


few letters plus an asterisk symbol. Polymorphic viruses derived from tools such


as the Mutation Engine are tougher to identify, because they can take any of


four billion forms.


Stealth Viruses


Stealth aircraft have special engineering that enables them to elude detection


by normal radar. Stealth viruses have special engineering that enables them to


elude detection by traditional anti-virus tools. The stealth virus adds itself


to a file or boot sector but, when you examine the host software, it appears


normal and unchanged. The stealth virus performs this trickery by lurking in


memory when it’s executed. There, it monitors and intercepts your system’s MS-


DOS calls. When the system seeks to open an infected file, the stealth virus


races ahead, uninfects the file and allows MS-DOS to open it – all appears


normal. When MS-DOS closes the file, the virus reverses these actions,


reinfecting the file.


Boot sector stealth viruses insinuate themselves in the system’s boot sector and


relocate the legitimate boot sector code to another part of the disk. When the


system is booted, they retrieve the legitimate code and pass it along to


accomplish the boot. When you examine the boot sector, it appears normal – but


you are not seeing the boot sector in its normal location. Stealth viruses take


up space, slow system performance, and can inadvertently or deliberately destroy


data and files. Some anti-virus scanners, using traditional anti-virus


techniques, can actually spread the virus. That is because they open and close


files to scan them – and those acts give the virus additional chances to


propagate. These same scanners will also fail to detect stealth viruses, because


the act of opening the file for the scan causes the virus to temporarily


disinfect the file, making it appear normal.


Anti-Virus Tools And Techniques


Anti-virus software tools can use any of a growing arsenal of weapons to detect


and fight viruses, including active signature-based scanning, resident


monitoring, checksum comparisons and generic expert systems. Each of these tools


has its specific strengths and weaknesses. An anti-virus strategy that uses only


one or two of the following techniques can leave you vulnerable to viruses


designed to elude specific defenses. An anti-virus strategy that uses all of


these techniques provides a comprehensive shield and the best possible defense


against infection.


Signature-Based Scanners


Scanners – which, when activated, examine every file on a specified drive – can


use any of a variety of anti-virus techniques. The most common is signature-


based analysis. Signatures are the fingerprints of computer viruses – distinct


strands of code that are unique to a single virus, much as DNA strands would be


unique to a biological virus. Viruses, therefore, can be identified by their


signatures. Virus researchers and anti-virus product developers catalog known


viruses and their signatures, and signature-based scanners use these catalogs to


search for viruses on a user’s system. The best scanners have an exhaustive


inventory of all viruses now known to exist. The signature-based scanner


examines all possible locations for infection – boot sectors, system memory,


partition tables and files – looking for strings of code that match the virus


signatures stored in its memory. When the scanner identifies a signature match,


it can identify the virus by name and indicate where on the hard disk or floppy


disk the infection is located. Because the signature-based scanner offers a


precise identification of known viruses, it can offer the best method for


effective and complete removal. The scanner can also detect the virus before it


has had a chance to run, reducing the chance that the infection will spread


before detection. Against these benefits, the signature-based scanner has


limitations. At best, it can only detect viruses for which it is programmed with


a signature. It cannot detect so-called unknown viruses – those that have not


been previously discovered, analyzed and recorded in the files of anti-virus


software. Polymorphic viruses elude detection by altering the code string that


the scanner is searching for; to identify these viruses, you need another


technique.


There is more than this… but it won’t fit. PLease, let me email you the copy


so I can have the password.

Сохранить в соц. сетях:
Обсуждение:
comments powered by Disqus

Название реферата: Computer Viruses Past Present And Future Essay

Слов:5171
Символов:35634
Размер:69.60 Кб.