Beruflich Dokumente
Kultur Dokumente
1. Introduction
2. Computer viruses
2
-Activation of computer viruses
-Antivirus protection
3. Class of viruses
4. Worm and Trojan Virus
5. Antivirus programs
-type of antivirus programs
6. Antivirus methods
7. Network viruses
-Bad Attachments
-Computer network protection
8. Six golden rules to keep PC safe from viruses
9. Literature
INTRODUCTION
Dr. Cohen is a globally recognized expert in information protection
and cybersecurity. He is an ISC2 Fellow, has won international
awards, given keynote speeches at major conferences in this field,
3
acted on advisory boards for many companies, is a recognized
industry analyst in security strategies, and his work in this area is
reflected in many of his other businesses, and other aspects of his
work. Dr. Cohen is best known in the information protection
community for his seminal work on "computer virus" potential
capabilities and defenses. He wrote much of the original work in this
field in the 1980s. computer 'virus' as a program that can 'infect' other
programs by modifying them to include a possibly evolved copy of
itself. With the infection property, a virus can spread throughout a
computer system or network using the authorizations of every user
using it to infect their programs. Every program that gets infected may
also act as a virus and thus the infection grows.
- But there's a problem with Cohen's short definition. The problem
with Cohen's shortened definition is that it does not include many
features that gives its mathematical model. However, using Cohen's
formal model, he classifies some things in viruses that no one would
have thought it such as a virus, for example DISKCOPY program.
4
The term "virus" is also commonly, but erroneously, used to refer to
other types of malware. "Malware" encompasses computer viruses
along with many other forms of malicious software, such as computer
"worms", ransomware, trojan horses, keyloggers, rootkits, spyware,
adware, malicious Browser Helper Object (BHOs) and other malicious
software.
- These programs are actually very serious matter, they reproduce
faster than they can be found and stopped. Most harmless virus can be
a real life threat. Most harmless virus can be a real life threat. For
example, in the case of a hospital and a computer system that
maintains and monitors the vital functions of the patient, the virus that
would '' just '' stopped the computer and would not do anything but
proved harmless message on the screen and waited until someone
presses a key, in fact could cause fatal place for the patient. Even those
who are developing viruses can not stop their spreading and even if
they themselves want it.
- Computer viruses are actually a special case of something known as
'' sick logic '' (malicious logic) or malware.
Computer viruses
Antivirus protection
CLASS OF VIRUSES
File infector
A file infector virus attaches itself to executable programs, such as
word processors, spreadsheet applications, and computer games.
When the virus has infected a program, it propagates to infect other
programs on the system, as well as other systems that use a shared
infected program. Jerusalem and Cascade are two of the best known
file infector viruses. File infectors viruses are made to infect files of on
the computer. File infectors spread once the user runs the infected file.
The virus copies itself to locations on the computer where it can be
executed; usually in RAM. The file infector will continue to infect
files while granting the virus access to the infect files.
Macro viruses
Macro viruses are 'mini - programs'' written in an internal
programming language (script - language or macro - language) of an
application program such as Word, Excel, etc. These viruses are
typically written to reproduce inside of the document created with this
application. Macro viruses can be executed on any platform on which
there is such a program (and corresponding internal language). They
are not limited to individual computers or only a particular operating
system.
Internet viruses
10
- NETWORK WORM).
11
inside the horse emerged, opened the city's gates to let their fellow
soldiers in and then overran the city.
Unlike computer viruses and worms, Trojans generally do not
attempt to inject themselves into other files or otherwise propagate
themselves. Attackers have long used Trojan horses as a way to trick
end users into installing malware. Typically, the malicious
programming is hidden within an innocent-looking email attachment
or free program, such as a game. When the user downloads the Trojan
horse, the malware that is hidden inside is also downloaded. Once
inside the computing device, the malicious code can execute whatever
task the attacker designed it to carry out.
A Trojan horse containing malware may also be referred to as
simply a Trojan or a Trojan horse virus. Unlike a true virus, however,
malware in a Trojan horse does not replicate itself, nor can it
propagate without the end user's assistance. Because the user is often
unaware that he has installed a Trojan horse, the computing device's
security depends upon its antimalware software recognizing the
malicious code, isolating it and removing it.
Unexpected changes to computer settings and unusual activity
even when the computer should be idle are strong indications that a
Trojan or other malware is residing on a computer. To avoid being
infected by Trojan malware, users should keep their antivirus software
up to date, never download files or programs from untrusted sources,
and always scan new files with antivirus software before opening
them.
12
server application of Back Orifice to be installed on a machine is for it
to be installed deliberately. Obviously, the Trojan does not come with
a default installation of Windows 2000, so you must find a way to get
the victim to install it.
There are various types of Trojans that damage victim machines
or threaten data integrity, or impair the functioning of the victims
machine. Multi-purpose Trojans are also included some virus writers
have created multi-functional Trojans rather than Trojan packs. Some
types of Trojans as listed below;
PSW Trojan
Trojan Droppers
Rootkits
Arcbomb
Trojan Downloaders
Trojan Proxies
Trojan Spies
Trojan Notifiers
Backdoors.
ANTIVIRUS PROGRAMS
They represent the first level of protection against viruses and
Trojans. These software packages are able to detect, isolate and (or)
eliminate viruses. All antivirus programs consist of several parts. One
part of it '' Monitor '' is memory-resident and provides continuous
protection against viruses, while the second part '' Scan 'allows
scanning the entire system. Antivirus are today an essential piece of
software that everyone should have installed on computer. These
programs include various methods of monitoring and protecting your
computer against malicious code. Usually there is a protection in real
time and scanning the user's request, while modern versions of these
programs offer a variety of other forms of protection against viruses
that spread via the Internet. There are plenty of companies that
13
develop and offer these programs, and the most famous among them
are: Symantec, Sophos, Panda, Kaspersky ... Today the number of
of known viruses is about 65,000, which hundreds of them are
dangerous. High quality protection is reduced to a caution, using good
antivirus program, regularly update the virus signature.
Type of antivirus programs
The best known and most widely used antivirus programs are:
- NORTON ANTIVIRUS,
- SOPHOS ANTI-VIRUS,
- MCAFFEE,
- PCCLLIN.
NOD32
ESET NOD32 Antivirus, commonly known as NOD32, is an
antivirus software package made by the Slovak company ESET. ESET
NOD32 Antivirus is sold in two editions, Home Edition and Business
Edition. The Business Edition packages add ESET Remote
Administrator allowing for server deployment and management,
mirroring of threat signature database updates and the ability to install
on Microsoft Windows Server operating systems. NOD32 has
accumulated sixty seven VB100 awards from Virus Bulletin; it has
thrice failed to receive this award. To install this antivirus software it
requires little space, so that there's enough space for other programs.
NOD32 antivirus tool is characterized by transparent graphical
interface. For detection of the virus it need's to specify the scanning
area, to define the action that will be executed when the program finds
15
a virus and in the Setup options to determine the mode. Once the
certain basic items are scanned, the machine scans with action Scan,
or cleans with command Clean. While scanning, NOD32 memory
will detect viruses, worms and Trojans; and also archives like (ZIP,
RAR, ARJ, ...). In addition to the basic settings, NOD32 has an
integrated control center that takes care of updating the entire system
NOD32. Except the Control Center, NOD32 contains a tiny program
Amon who is ''access scanner for Windows 95, 98, ME, NT, 2000 and
XP platforms'', which prevents the opening infected files, scans the
floppy drive when you open and shut down, sends notice of the
infected e-mail which is automatically activated at system startup.
Average of other antivirus tools is 825 seconds, while NOD32 is
performed for 135 seconds (Scan Rate).
PANDA ANTIVIRUS TITANIUM
Panda Antivirus Titanium is a Security software developed by Panda
Security. Panda Antivirus Titanium is the latest generation of antivirus
software. Its innovative technology and ease of use make it the most
powerful antivirus on the market. Panda Antivirus Titanium features a
new UltraFast scan engine, 30 faster than its predecessors, Panda's
exclusive SmartClean technology, which not only disinfects viruses
but also restores system settings damaged by the latest trojan horse
technologies, and its low use of system resources. Coupled with a new
best-of-breed truly automatic update system which takes advantage of
your Internet connection to transparently update the virus signature
files incrementally and its new innovative ease of use interface, Panda
Antivirus Titanium is the first truly 'install-and-forget' antivirus for the
home user. It contains all the options necessary for a quality
computers protection and elegant setting options. It is intended for
home users and anyone with lower configurations.
The company Panda Software was founded in 1990. and so far has
achieved good results in the field of network solutions. After
installation Panda is placed in memory, where it works invisibly and
without occupies minimal memory resources. Its activity focuses on
the files that are in some ways changed (copying, opening, recording
16
of certain programs, etc.). The user can choose to run a system scan,
which is done through so-called. Search engines (Search Engine).
Antivirus methodes
SCANNERS
The working principle of the antivirus scanner is based on checking
the files, sectors and system memory for known and unknown
malicious code. The search for known viruses is called masking.
Virus '' mask '' is a specific piece of code contained in a virus. If a
file does not contain a mask (that part of the code) or the size of the
mask is insufficient, it should use other methods to find viruses.
Scanners are divided into two categories:
- general and
- special.
General - scanners are designed to find and disable all types of
viruses for a particular type of operating system.
Special - finds a limited number of viruses or certain types of
viruses, such as macro viruses. Scanners are divided into resident
and non-resident (check system only if it is requested by them).
Resident system provide better protection, because he react
immediately upon the occurrence of the virus, while non-resident
virus is detected only when they are running.
CRC SCANNERS works by calculating the CRC sums for the
current disk, file system or sector. CRC sums contain a database
with information such as file size, date and so on. They compare
the information to the database and control 18 values. If the data in
the database are different from those that the scanner found, that
indicate the possible presence of a virus on your computer.
CRC scanners use powerful anti - stealth algorithms against viruses
and often it occurs that viruses can be detected only by this method.
The problem with these types of scanners is that they can not
register for viruses infecting the system at the moment, because
17
they have not yet made the necessary changes to sis files. CRC
scanners can not detect the existence of viruses in incoming files,
such as e-mail, floppy disks, restored backup files unpacked
archives, etc., Because their base don't have information about
them.
NETWORK VIRUSES
This type of virus spreads through the global network - Internet.
The way they are spreading is varied. The most common way of
spreading the virus is one of the most commonly used Internet 19
service, e-mail. Besides e-mail, network virus can 'earn' 'and in other
ways - in the newsgroup, over IRC, ICQ or by downloading
unsolicited files. Many of these viruses take control of a computer, so
that malicious allow access to files on the disk, screen or data that the
user types to the keyboard in the infected computer. Virus, like
program, via e-mail or news groups can come as an attachment. When
it downloads from a Web site or FTP address, the program is that file
that is downloaded to the virus, which are often 'packaged' as a
product catalog, greeting card for holiday and the like. However, all
have one thing in common - they are all executable files, ie. programs.
Under Windows operating system, executable programs all files
ending with .exe. This is very important, because there are cases that
files which carry viruses have the name picture.jpg.exe or
katalog.txt.exe. Even if it writes slika.jpg this is not a picture, but a
program. Upon execution, this program may actually show an image,
but almost certainly will infect your computer with a virus.
18
Bad Attachments
If it happen to get a message that has attachments (files attached
to the message) it should not be opened immediately. This creates the
danger of starting the attachment that infects your computer.
Unfortunately, most modern programs for e-mail, including the far the
most popular Microsoft Outlook Express often do not show that the
type of an attached file. It shows only his name. All e-mail programs
allow recording files on the disc. The best thing would be for every
attachment that arrives, to burn to disc, and then check it out.
Checking the recorded file starts with checking which type it is.
If it really comes to images (.gif, .jpg, .bmp) or text (.txt, .asc) then it
is safe to open. If it is about the document of the popular word
processor, Word (.doc), an executable file (.exe, .com, .bot, .cmd) or
something unknown, it is necessary to scan that directory with
antivirus program. Everything that is said for the the e-mail
attachments, goes for attachments from news groups. Files that are
downloaded from the Web or FTP address is are not anything different
from attachment. With them you have to be careful as much, if not
more.
Network protection
Network security consists of the policies and practices adopted
to prevent and monitor unauthorized access, misuse, modification, or
denial of a computer network and network-accessible resources.
Network security involves the authorization of access to data in a
network, which is controlled by the network administrator. Users
choose or are assigned an ID and password or other authenticating
information that allows them access to information and programs
within their authority. Network security covers a variety of computer
networks, both public and private, that are used in everyday jobs;
conducting transactions and communications among businesses,
government agencies and individuals.
Networks can be private, such as within a company, and others
which might be open to public access. Network security is involved in
19
organizations, enterprises, and other types of institutions. It does as its
title explains: It secures the network, as well as protecting and
overseeing operations being done. The most common and simple way
of protecting a network resource is by assigning it a unique name and
a corresponding password.
Network security starts with authenticating, commonly with a
username and a password. Since this requires just one detail
authenticating the user namei.e., the passwordthis is sometimes
termed one-factor authentication. With two-factor authentication,
something the user 'has' is also used (e.g., a security token or 'dongle',
an ATM card, or a mobile phone); and with three-factor
authentication, something the user 'is' is also used (e.g., a fingerprint
or retinal scan).
20
SIX GOLDEN RULES IN ANTIVIRUS PROTECTION
Step 1: Make sure to install some antivirus tools! Even though there
is no absolute protection against viruses, installation and proper
adjustment of some of these programs significantly reduce the
possibility of infection.
Step 2: Regularly update antivirus definitions. Set tools to
automatically '' remove '' the latest virus definitions. If an antivirus
program does not support automatic refresh (which is unlikely), then
this is done manually from the company site. This step is very
important because it occurs daily around thirteen new virus.
Refreshing base we give the possibility to antivirus tool that protects
your computer from a large number of viruses.
Step 3: Set your antivirus software to automatically scan all files. By
checking all files, not just the executive, protection is complete and it
prevents the spread of the virus. Attention should be paid to
incorporate scanning compressed files (optional Scan Compressed
Files)
Step 4: Scan all files that come from the Internet. First of all, it is
necessary to scan all incoming and outgoing e-mail messages. Email is
now the most common way of spreading viruses. Also, many websites
contain software that could be infected. So by scanining all files
copied from the Internet will protect them.
Step 5: Periodically scan the entire disk. Regularly scan the entire disk
(or partitions, if the disk is partitioned). The scanning process can take
time because it depends on the size of the hard drive and the number
of files which disposes. Therefore, i tis not so bad to leave a computer
to scan during night.
Step 6: Scan the hard drive after installing the software. After the
installation of various tools (especially those that are copied from the
Internet) scan the hard drive or the location to which the software is
21
installed. It may happen that compressed archive are infected by
viruses.It may be that compressed archive to be infected by viruses.
LITERATURE
1. http://vesti.serbiancafe.ws/index.php?
str=opsirnije&kat=10&vid=6446
2. https://promos.mcafee.com/offer.aspx?
id=1016765&clickid=2%3Arz%3AgxugXE4zSd3Fz0-
JT1WUkkTraR4PWQ-
22
Rk0&lqmcat=Affiliate:IR:null:206606:13696:13696:null&utm_
medium=affiliate&utm_source=IR&affiliateProgramType=1249
3. Prof.dr Vesna Aleksi- Mari, prof.dr Duanka Stojanovi
Informacioni sistemi, Drugo, neimjenjeno izdanje, Ekonomski
fakultet, Banja Luka, 2005.godine,
4. Ladislav Krasny, lanak u asopisu ''INFO'' Br-522/00, str.43-55,
5. Samir Leme, dipl. ing. ma., Muhamed Muji, ''PC nije bauk'',
Zenica, Mart 1998. godine.
23