Thursday, August 27, 2015

Computer Virus

A computer virus is written by an 'unknown programmer', carried and spread by innumerable innocent users of Personal Computers without their knowledge.

In this internet age the PCs all over the world are invariably connected/compatible to each other. i.e. Data and programs created in one corner of the world in a PC can be read, rewritten or copied without any difficulty on another PC in a different part of the world. This 'fact' is enough for the 'Computer virus,' being another program, to spread from one PC to another and from one network to another, in quick succession in geometric proportion. Hence it is difficult to locate the origin of a computer virus since the sources are many and complex.

Thus 'Computer Virus' is an 'unwanted guest' in an otherwise normal 'computer environment'. Some 'computer viruses' are 'playful' in nature and some are 'destructive' in nature.

The main characteristics of a 'COMPUTER VIRUS are:

a. Replicate

b. Spread.

Generally computer systems are prone to 'malicious damage' when not properly protected. Some times some programmers with 'perverse' ingenuity want to show to this world that they are capable of doing 'something' extraordinary. Such programmers called 'hackers' write and spread the 'computer virus' to show their expertise.

Some people write 'playful' 'computer viruses' to prove to the world that they are 'capable of doing something different' than a normal programmer.

CLASSIFICATION OF VIRUSES

Depending on their behaviour of attack the computer viruses are classified into certain broad categories.

They are:

a. Boot sector and partition table viruses.

b. File viruses.

c. Network viruses

BOOT SECTOR AND PARTITION TABLE VIRUSES

A computer starts its functions, when powered on, through a certain system routine called 'Booting' or in other words through 'Boot programs'. These 'boot programs' are part of the 'Operating system' of the computer. These 'boot programs' are stored in a place called 'boot sector' either on the 'floppy disk' or in the 'hard disk'. In the Hard disk there is a 'Master boot sector' called 'partition table' which is used for starting up the computer. The computer starts either through Hard disk or floppy disk. Without these boot programs a computer system will not start up.

Some viruses attack and alter these boot programs or replace the original boot program with their codes. These types are called 'Boot Sector viruses'. Such viruses affecting hard disk boot area are called 'partition table' viruses. These viruses can cause immense damage to the system since they start up with the computer at the time of 'booting' and remain in 'Memory' (RAM) through out the operations and spread to other systems through floppies.

FILE VIRUS

A program in a computer is identified by a specific primary name and an extension name. Eg. Scan.Exe, Command.Com, etc. In this example 'Scan' and 'Command' are primary names and 'exe' & 'com' are called the extensions to the file names. The programs which are executed in computers have extensions such as 'Exe', 'Com', and others. The file viruses look for such extensions and affect these ‘executable files’. Hence some times these viruses are called 'EXE viruses' or 'Com viruses'. Programs affected by these viruses execute according to the 'virus code' and lose their original characteristics. One cannot imagine the outcome as to how these virus affected programs will behave.

The latest addition to these file viruses are MACRO viruses. These viruses affect document files created in Windows Operating system environment. They travel from one document to another and ultimately damage the contents of the original file as well as affected files. The viruses are harmful to GUI (Graphic User Interface) environments.

NETWORK VIRUS

The first two types of viruses mostly affect ‘stand alone ‘ computers or PCs which are not connected to each other. But the computer world is fast progressing towards inter connection of computers through ‘Networks’ and ‘Communication protocols’ and ‘Networking software’. The ‘network virus’ spreads through these software and ‘communication hardware resources’ ( such as modems and telephone lines) from one computer to another connected computer. These types of computer viruses are also called ‘worms’. With the proliferation of “INTERNET” access across the Globe the spread of Computer Virus through various networked computers are imminent if PCs are not properly protected.

HOW DOES A COMPUTER VIRUS GET INTO COMPUTER SYSTEMS?

In stand alone computers the 'computer virus' spreads through 'free exchange' of floppies. If one such floppy is affected by a virus then the virus spreads to others, as the virus programs are written that way. 'Copying' files and data from the affected floppy to another will cause virus spreading.

Another method of spreading is through copying of virus code from a 'guest floppy' to the hard disk and from the hard disk to other floppies used in the system.

These relate to 'stand alone' systems.

In 'networked PCs' the virus enters the system through the communication lines without the knowledge of the user. In this case even without the usage of floppies the virus gets into the computer system.


WHAT ARE THE HARMS CAUSED BY THE COMPUTER VIRUS

The general types of damages/harms that may be caused to the computer systems by the 'computer virus' are :

a) Computer virus corrupts and overwrites the boot sector with its own special code due to which the 'run time operations ' of the computer are affected. The affected system may not boot or boot with wrong sequences.

In the floppies/hard disk it affects the FAT (File Allocation Table) containing the links of various files. Damaged file linkage leads to damaged data files.

b) It Formats or overwrites all or part of the disk /diskette. Formatting means cleaning the hard disk/floppy diskette through magnetic means. Complete and global erasure of all information/data takes place at the time of formatting.

c) It corrupts programs and the overlay files (the sub files called by the original program) which will result in non-execution of the program or the program behaving differently.

d) The computer virus installs itself in the Main Memory of the computer as a TSR (Terminate and Stay Resident ) program and some times uses Self-Encryption techniques to replicate itself many times.

e) This replication will result in huge occupation of hard disk space, preventing space for the user's data and programs apart from destroying the existing data files.

f) In some cases the viruses use 'absolute' write methods, by which they randomly write on to the hard disk areas, damaging some parts of many files.

g) Some of the viruses are 'logic bombs' and 'time bombs'. Some of them using stealth techniques are called 'Trojan horses'. They enter the systems by attaching themselves to innocent looking programs and once inside the system activate. They attack the hard disk data at an appointed time given in the virus code.

h) Some of the viruses look forward to certain conditions to be met. Meeting such a condition they act and destroy the data. Eg: April 1st COM virus, Friday the 13th virus, 5th January Joshi virus, Melissa the April 26th etc are examples of these. These viruses stay dormant till the appointed time and then flare up.

i) Apart from the above, some viruses are known to possess immense destructive qualities such as burning a monitor/video screen, rotating the hard disk at a great speed to cause the heads to crash etc.,

In short Computer Viruses harm /damage the Hardware, Software, Data and communication links and virtually bring the processing environment to a grinding halt.

WORM &TROJAN HORSE

The chief difference between a worm and a virus is that worm spreads to others systems. A worm can spread itself upon activation. By simply double-clicking a file, the worm can be activated, and deliver its payload (if any), then spread by taking advantage of system settings, macros, and applications that reside on systems in network.

In short, a virus is generally designed to spread throughout an entire system, a worm is designed to propagate itself to all systems on a network

A Trojan horse, or Trojan is nothing more than an application that purports to do one thing, but in-fact does another.

Trojans are named after the mythic Trojan horse in Homer’s Iliad. In the legend, the Greeks created a wooden horse, then gave it to the citizens ofTroy as a peace offering. Greeks were holding siege of Troy for more than 10 years. However, before the horse was presented, Greek soldiers hid inside it. The horse was brought inside the city gates, and when the city was asleep, the Greek soldiers emerged and were able to conquer Troy.

Similarly, a Trojan looks like a benign or useful program, but contains a payload. For example a Trojan can:

o Launch an application that defeats standard authentication procedures

o Delete Files

o Format the hard drive

VIRUS THROUGH E-MAIL

Virus is not spread just by reading a plain-text E-mail message. It actually spreads through encoded messages containing embedded executable code (i.e., JavaScript in an HTML message) or messages that include an executable file attachment (i.e., an encoded program file or a Word document containing macros). In order to activate a virus or Trojan horse program, our computer has to execute some type of code. This could be a program attached to an E-mail, a Word document we downloaded from the Internet, or something received on a floppy disk. We have to ascertain whether it is a normal, routine messages form known users or not.

We can avoid email virus through the following measures:

a) Macro Virus Protection

Microsoft applications have a feature called Macro Virus Protectionbuilt into them to prevent this sort of thing. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. So when a document tries to auto-execute viral code, a dialog pops up warning the user. Unfortunately, many people don't know what macros or macro viruses are, and when they see the dialog they ignore it, so the virus runs anyway. Many other people turn off the protection mechanism. So the Melissa virus spread despite the safeguards in place to prevent it.

We should make sure that Macro Virus Protection is enabled in all Microsoft applications, and we should NEVER run macros in a document unless we know what they do. There is seldom a good reason to add macros to a document, so avoiding all macros is a great policy.


b) We should never double-click on an attachment that contains an executable that arrives as an e-mail attachment. Attachments that come in as Word files (.DOC), spreadsheets (.XLS), images (.GIF and .JPG), etc., are data files and they can do no damage (noting the macro virus problem in Word and Excel documents mentioned above). A file with an extension like EXE, COM or VBS is an executable, and an executable can do any sort of damage it wants. Once we run it, we have given it permission to do anything on the machine. The only defense is to never run executables that arrive via e-mail.

HOW TO PREVENT COMPUTER VIRUS?

a. The axiom 'Prevention is better than cure ' is not only applicable to human systems but also to computer systems. Computer virus can be prevented in more than one way.

b. Usage of unauthorised floppies should be strictly avoided. The popular media for computer virus is 'computer games'.

c. Install anti-virus software from a well-known, reputable company, UPDATE it regularly, and USE it regularly. Scan for viruses on a regular basis. Install an 'on access' scanner and configure it to start automatically each time the system is booted. This will protect the system by checking for viruses each time the computer accesses an executable file. Invoke Virus scan on new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.

d. Anti-virus programs aren't very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or 'dubious' sources

e. If the E-mail software in the PC has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, It is strongly recommend to disable this feature.

f. Use only legal copies of the software since software is 'intellectual property' protected from copy rights.

g. Segregate the BOOT floppy, DOS floppies, floppies containing EXE , COM and other executable program files from the floppies containing data files. Please attach the 'write protect' to these floppies . The data floppies have to be kept separately . Archived data need be write protected.

h. Sufficient backup copies of data files and program files have to be taken to use them in case the originals are lost or corrupted by viruses.

i. If we know that a system is affected by a computer virus then further usage of floppies on the system is to be avoided.

j. There are certain 'watchdog' type of programs available which 'echo' and alert the users whenever they encounter a virus . Use them for better computing environment.

k. The File server and the nodes have to be properly protected through correct versions of Anti Virus programs. Latest updates to be obtained from the vendor or from the respective websites and virus protection to be given to the networks.

l. Periodically update the virus signatures. We can get free anti virus updates from the websites of popular anti virus software companies.

m. Only authorized virus scanning program should be used.

VIRUS PROTECTION IN NETWORK ENVIRONMENT

If you are a user of PCs with email connection as well LAN connection, take the following precautions –

Ø BE ALERT while opening attachments!

Ø DISCONNECT LAN connection, when you browse Internet. Like wise when downloading a picture/content from Internet, it should be saved into a folder and scanned before put to further use.

Ø Do not open attachments unless they are expected to come from KNOWN USERS.

Ø Always SAVE Mail attachments in a location and scan them for viruses before opening.

Ø IDENTIFY spurious mails on its appearance.

Ø Ensure that the anti virus software sentry or real time monitor is ENABLED.

Ø Worms such as brazil/klez does not require attachment and just by opening the message, it spreads across the network and target the open share folders.

Ø Always keep the shared folders/printers WITH PASSWORD .

Ø Maintain Password SECRECY among Users when working under shared folders/ printers.

Ø Never share the ENTIRE C: drive resulting in opening the entire operating system files.

Ø Always scan the EXTERNAL FLOPPIES/CDS before putting them in to use.

Ø Regularly BACK-UP valuable data.

IDENTIFYING COMPUTER VIRUS AND ELIMINATING THEM

The computer virus can be identified by its occupation of the Main memory (reduced size of the memory) and by what is called its 'signature'(unique pattern of coding relevant to the virus). There are utilities available to scan the memory size.

There are certain 'computer virus vaccines' available which find out the virus and eliminate them. Some times it will not be possible to retrieve the system area and damaged files. In such situations the computer's hard disk is formatted or initialised to clean the system.

As and when computer viruses are spotted, researchers analyse them and find out suitable vaccines for them. But before they are detected and cured they cause as much damage as possible. The stronger the 'virus' the more it circulates. When one type of virus gets eliminated a new type crops up. Valuable man-days will be lost if viruses are allowed to continue in our systems. Hence users must take sufficient precautions to keep their computer environment 'free of computer viruses'.

No comments:

Post a Comment