Transcript Computer Virus

Computer Virus
• Software programs written by someone that
needs to get a life
• Can range from being a nuisance to causing
major destruction and recovery time
• Software packages can be infected
Bordoloi
Viruses Hide in:
• Another computer program that executes so
that the virus program can be placed into
main memory.
• Typically, viruses come from programs on
floppy disks or networks.
• Very complex viruses can write themselves
in between hard disk sectors making them
very difficult to detect.
Bordoloi
Virus Types
• Trojan Horse - contained inside of another “host”
program. Often date activated. White collar
sabotage.
• Worms - may not be an executable program itself
but duplicates in main memory and hard disk
space. Slows down the operating system.
• Stealth virus - pretends to be another program that
should be on the computer
Bordoloi
Virus Components:
• Replication code - how it does what it does
• Marker - set of codes that virus looks at to
determine if the file has been infected
• Kernel - code that controls task
manipulation and replication
• Overwriting vs non-overwriting: replaces
an existing program file vs appending to it
Bordoloi
Elimination and Protection
• Scanner software - “shield” software scans all data
coming into a computer system looking for known or
suspected viruses. Known viruses are detected by some
recognizable “character string” in the virus computer code.
Suspected viruses are detected whenever the virus program
tries to do something weird, like attach to an existing
program or reuse disk space reserved for the operating
system.
• Cleaner software - can try to restore infected files back to
a useable state. Requires booting from a clean, write
protected floppy disk May take a lot of time.
• Detection software - detects the presence of a virus on an
infected disk
• Typical packages: McAfee, Dr. Solomon, etc
Bordoloi