Term

Paper
Of
Operating
System
CSE 316
Topic- How windows operating system
handles viruses? Write down various
viruses that can cause serious damage to
the computer system.
 Submitted To: Submitted
By:

ACKNOWLEDGEMENT

I take this opportunity to offer my deep

gratitude to all those who have extended their
valued support and advice to complete this
term paper. I cannot in full measure,
reciprocate the kindness showed and
contribution made by various persons in this
endeavor.

I acknowledge my sincere thanks to

____________ ma’am (Faculty Member) who
stood by me as a pillar of strength throughout
the course of work and under whose mature
guidance the term paper arrives out
successfully. I am grateful to his valuable
suggestions.

Contents:

1. Abstract

2. Introduction To Viruses

3. Different Types Of Computer Virses

o Resident Viruses

o Direct Action Viruses

o Overwrite Viruses

o Boot Viruses

o Macro Virus

o Directory Virus

o Polymorphic Virus

o File Infectors

o Companions Virus
 o FAT Virus
o Worms
o Trojans Or Trojan Horses
o E-Mail Virus
o Logic Bombs
4. Strategies For Implementing Antivirus
5. Virus Detection By OS
o Network Firewall
o Online Scanning
6. Linux Virus Protection
7. References
1. Abstract:
Computer viruses are pieces of
computer code, designed to
implant itself in programs or files
with the idea of destroying, or
changing the data transmitted.
Viruses can be spread through
interchange of files and
programs, loaded onto a
computer and executed. They
slow down computers, crash a
system, or simply reroute data to
other units. Virus numbers have
risen since the 90s, and the U.S
government has passed laws
making virus introduction into
computers of unknowing victims,
a serious crime. Software
companies have also sought to
stem the tide by creating
programs specifically for tracking
down viruses and stopping them.
Below are articles which provide
information on latest computer
viruses, virus statistics, computer
virus protection and removal.
There are so many things you
have to watch out for when
you're online, and one of the
worst of those is the good old
computer virus. Now that
broadband Internet is almost
everywhere it's making things a
lot easier for viruses to get to
your computer quickly. This is
why it's very important to have a
very good firewall on your
computer, as well as a good
antivirus program. It's just as
important to keep them updated
on a regular basis - having out-
of-date security software is
pointless.
This term paper is about
operating system, different types
of computer viruses and and
different techniques of operating
system to handle viruses like
windows firewall, various anti
viruses etc.
2. Introduction to
Virus:
A computer virus is a computer
program that can copy itself and
infect a computer. The term
"virus" is also commonly but
erroneously used to refer to other
types of malware, including but
not limited to adware and
spyware programs that do not
have the reproductive ability. A
true virus can spread from one
computer to another (in some
form of executable code) when
its host is taken to the target
computer; for instance because a
user sent it over a network or the
Internet, or carried it on a
removable medium such as a
floppy disk, CD, DVD, or USB
drive.
As stated above, the term
"computer virus" is sometimes
used as a catch-all phrase to
include all types of malware,
even those that do not have the
reproductive ability. Malware
includes computer viruses,
computer worms, Trojan horses,
most rootkits, spyware, dishonest
adware and other malicious and
unwanted software, including
true viruses. Viruses are
sometimes confused with worms
and Trojan horses, which are
technically different. A worm can
exploit security vulnerabilities to
spread itself automatically to
other computers through
networks, while a Trojan horse is
a program that appears harmless
but hides malicious functions.
Worms and Trojan horses, like
viruses, may harm a computer
system's data or performance.
Some viruses and other malware
have symptoms noticeable to the
computer user, but many are
surreptitious or simply do
nothing to call attention to
themselves. Some viruses do
nothing beyond reproducing
themselves.

Viruses can increase their

chances of spreading to other
computers by infecting files on a
network file system or a file
system that is accessed by
another computer.

Different Types of
Computer Viruses
Computer Virus is a kind of
malicious software written
intentionally to enter a computer
without the user’s permission or
knowledge, with an ability to
replicate itself, thus continuing to
spread. Some viruses do little but
replicate others can cause severe
harm or adversely effect program
and performance of the system. A
virus should never be assumed
harmless and left on a system.
Most common types of viruses
are mentioned below:
3.1 Resident Viruses
This type of virus is a permanent
which dwells in the RAM
memory. From there it can
overcome and interrupt all of the
operations executed by the
system: corrupting files and
programs that are opened, closed,
copied, renamed etc.
Examples include: Randex, CMJ,
Meve, and MrKlunky.
3.2 Direct Action Viruses
The main purpose of this virus is
to replicate and take action when
it is executed. When a specific
condition is met, the virus will go
into action and infect files in the
directory or folder that it is in and
in directories that are specified in
the AUTOEXEC.BAT file
PATH. This batch file is always
located in the root directory of
the hard disk and carries out
certain operations when the
computer is booted.
3.3 Overwrite Viruses
Virus of this kind is characterized
by the fact that it deletes the
information contained in the files
that it infects, rendering them
partially or totally useless once
they have been infected.
The only way to clean a file
infected by an overwrite virus is
to delete the file completely, thus
losing the original content.
Examples of this virus include:
Way, Trj.Reboot, Trivial.88.D.

3.4 Boot Virus
This type of virus affects the boot
sector of a floppy or hard disk.
This is a crucial part of a disk, in
which information on the disk
itself is stored together with a
program that makes it possible to
boot (start) the computer from the
disk.
The best way of avoiding boot
viruses is to ensure that floppy
disks are write-protected and
never start your computer with an
unknown floppy disk in the disk
drive.
Examples of macro viruses:
Relax, Melissa.A, Bablas,
O97M/Y2K.
3.6 Directory Virus
Directory viruses change the
paths that indicate the location of
a file. By executing a program
(file with the extension .EXE
or .COM) which has been
infected by a virus, you are
unknowingly running the virus
program, while the original file
and program have been
previously moved by the virus.
Once infected it becomes
impossible to locate the original
files.

Examples of boot viruses

include: Polyboot.B, AntiEXE.

3.5 Macro Virus

Macro viruses infect files that are
created using certain applications
or programs that contain macros.
These mini-programs make it
possible to automate series of
operations so that they are
performed as a single action,
thereby saving the user from
having to carry them out one by
one. 3.7 Polymorphic Virus
Polymorphic viruses encrypt or
encode themselves in a different
way (using different algorithms
and encryption keys) every time
they infect a system.
This makes it impossible for anti-
viruses to find them using string
or signature searches (because
they are different in each
encryption) and also enables
them to create a large number of
copies of themselves.
Examples include: Elkern,
Marburg, Satan Bug, and Tuareg.
3.8 File Infectors
This type of virus infects
programs or executable files
(files with an .EXE or .COM
extension). When one of these
programs is run, directly or
indirectly, the virus is activated,
producing the damaging effects it
is programmed to carry out. The
majority of existing viruses
belong to this category, and can
be classified depending on the
actions that they carry out.
3.9 Companion Viruses
Companion viruses can be
considered file infector viruses
like resident or direct action
types. They are known as
companion viruses because once
they get into the system they
"accompany" the other files that
already exist. In other words, in
order to carry out their infection
routines, companion viruses can
wait in memory until a program
is run (resident viruses) or act
immediately by making copies of
themselves (direct action
viruses).
Some examples include: Stator,
Asimov.1539, and Terrax.1069
3.10 FAT Virus
The file allocation table or FAT
is the part of a disk used to
connect information and is a vital
part of the normal functioning of
the computer.
This type of virus attack can be
especially dangerous, by
preventing access to certain
sections of the disk where
important files are stored.
Damage caused can result in
information losses from
individual files or even entire
directories.
3.11 Worms
A worm is a program very
similar to a virus; it has the
ability to self-replicate, and can
lead to negative effects on your
system and most importantly they
are detected and eliminated by
antiviruses.
Examples of worms include:
PSWBugbear.B, Lovgate.F,
Trile.C, Sobig.D, Mapson.
3.12 Trojans or Trojan
Horses
Another unsavory breed of
malicious code are Trojans or
Trojan horses, which unlike
viruses do not reproduce by
infecting other files, nor do they
self-replicate like worms.
3.13 Logic Bombs
They are not considered viruses
because they do not replicate.
They are not even programs in
their own right but rather
camouflaged segments of other
programs.
Their objective is to destroy data
on the computer once certain
conditions have been met. Logic
bombs go undetected until
launched, and the results can be
destructive.
3.14 E-mail viruses:
E-mail usually replicates itself by
automatically mailing itself to
dozens of people in the victim's
e-mail address book.
When a virus comes in a
computer system it can be
Role of operating system
in handling viruses-Once
a computer has been
compromised by a virus,
to continue using the
same computer without
completely reinstalling
the operating system is
unsafe. There are a
number of recovery
options that exist to
recover a computer by
removing viruses. It
depends on severity of
type of virus. It involves
either reformatting the
computer’s hard drive or
installing the OS and all
programs from original
media, or restore entire
partition with clean
backup image.
detected by antivirus installed
in computer.
Antivirus software is used to
prevent, detect, and
remove malware,
including computer
viruses, worms, and Trojan
horses, adware, spyware etc.
3. Strategies used for
implementing
antivirus software
are:
Signature-based detection
involves searching for known
patterns of data within executable
code. A signature file is a
database of uniquely identifiable
"fingerprints" that a virus
contains. The fingerprint for an
executable virus is a series of
machine code bytes aka "strings"
that a virus contains
Heuristic scanning is similar to
signature scanning, but in this
instead of looking for specific
signatures, heuristic scanning
looks for certain instructions or
commands within a program that
are not found in typical
application programs.
4. Operating system
contains following by
which virus can be
detected:
5.1 Network firewall
Network firewalls is designed to
block unauthorized access while
permitting authorized
communications. They are not
antivirus systems as such and
thus make no attempt to identify
or remove anything. They may
protect against infection from
outside the protected computer
or LAN, by blocking incoming or
outgoing requests on certain
TCP/IP ports. It is designed to
deal with broader system threats
that come from network
connections into the system.
5.2 Online scanning
It is an on-demand antivirus and
antispyware tool that shows how
safe PC is. Some antivirus
vendors maintain websites with
free online scanning capability of
the entire computer, critical areas
only, local disks, folders or files.
Linux Virus Protection
Linux Virus Protection, you
say, isn't that redundant?
Why Linux itself is virus
protection. A malicious
program that seeks to infect
system files is going to have
very little success when
invoked by a non-root user.
Linux Virus Protection, you say,
isn't that redundant? Why Linux
itself is virus protection. A
malicious program that seeks to
infect system files is going to
have very little success when
invoked by a non-root user. So
while our hearts are filled with
great sorrow over the travails of
our Windows friends who have
had to do battle with Melissa,
Chernobyl and ExploreZip, we
have felt insulated from those
threats ourselves. Those days are
rapidly coming to an end. Not
because Linux is highly
susceptible to virii, but because
the key to enterprise acceptance
of Linux is its ability to be highly
integrated with corporate
standards, even if it means
solving problems caused by other
operating systems.
In this increasingly
interconnected world, the indirect
effects of problematic systems
can be felt by everyone. When
the Melissa virus hit, some Linux
servers' sendmail became
overloaded with messages and
had to shut down. When
ExploreZip exploded, some
Linux servers running Samba had
to contend with Windows clients
deleting data files, which had to
be restored. In this sense, Linux
is only immune to virii if you
unplug it from the network.
Beyond protecting Linux systems
from the indirect effect of virii, in
many enterprise networks, Linux
servers should have anti-virus
detection capabilities to detect
and clean infected files that are
moving through the network,
files that may be missed by the
anti-virus software running on
other stations. As Linux is
increasingly adopted in corporate
environments, it must not act as
"Typhoid Mary" during a virus
outbreak, obliviously storing and
passing along a virus. As IT
managers seek to provide
solutions to the increasing
instances of virii, many are
taking the approach of
implementing multiple layers of
defense, anti-virus software at
every point of entry into the
network, using multiple signature
files.
While it is theoretically possible
to develop a native Linux virus, it
is a difficult task. The program
will need to obtain root access to
perform major damage, unlike
Windows 9x where any user can
execute a virus that can destroy
the Master Boot Record and
render a system unusable. The
way Linux handles memory
management also prevents a virus
from executing at will. It is
possible that a virus author could
attempt to create an environment
for infection by creating a buffer
overflow condition. By invoking
a child process out of an attacked
daemon running with root
privileges, a virus could
potentially have access to system
files and infect them. This is a
very difficult piece of code to
write, but merits more research as
Linux gains in popularity. The
bottom line is that since the first
"native" Linux virus, Staog was
reported in the fall of 1996, you
can count the number of new
Linux viruses on your shop
teacher's left hand. Linux can be
considered to have a strong
inherent immunity to virii.
The virtual immunity that Linux
has to the virus can and should be
leveraged to build Linux anti-
virus appliances. Not only should
Linux Samba servers scan
infected files deposited by
Windows clients, but a Linux-
based anti-virus gateway can be
used to scan and protect SMTP,
FTP and Web traffic for entire
networks. It seems natural that an
operating system that cannot be
compromised a virus itself, will
be the ideal platform for
providing enterprise anti-virus
solutions
There are a small but growing
number of anti-virus solutions for
the Linux market. There is a
single open source solution and
two "freeware" solutions we are
aware of:
AMaVis - A Mail Virus Scanner.
This software is intended to use
other virus scanners as plug-ins
to disinfect attachments traveling
through sendmail. It is in effect a
SMTP anti-virus gateway. This is
an open source, GPL solution.
H+B EDV AntiVir/X - This
scanner is only free for personal
use.
Central Command - This is
actually developed at Kaspersky
labs
On the commercial side, Network
Associates, Data Fellows and
Sophos all have Linux versions
of their virus scanners. Trend
Micro is beta testing VirusWall,
which is an example of an anti-
virus gateway. We hope to see
more products like this and
additional functionality into some
of the free solutions, such as
AmaVis.
Linux users have had the luxury
of ignoring virus threats in the
past. As Linux grows up and
becomes an enterprise player,
integration and interoperability
are key issues, and we can be in
blissful ignorance no longer.
Linux systems will grow as
network file servers and need to
be able to provide integrated
virus detection and repair. In
some instances, IT managers
migrating to Linux are forced to
keep NT servers in service to
provide functions like anti-virus
scanning, because of a dearth of
Linux solutions. Linux advocates
need to see the powerful role
their chosen operating system can
play in the AV market, even if it
means they are making
Microsoft-based desktops run all
that more smoothly.
5. Refrences:
• http://linux.omnipotent.ne
t/article.php?
article_id=5409
• www.articlesnatch.co
m/Article/Ways-To-
Handle-
Virus.../1247345
• en.wikipedia.org/wiki/
Computer_virus
• www.avast.com/free-
virus-cleaner
• www.boloji.com/comp
uting/security/015.htm
• www.secureurpc.com/.
../types-of-computer-
viruses.php