Viruses notes


Published on

Published in: Education, Technology
1 Comment
  • very usefull
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Viruses notes

  1. 1. A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer. The major difference between a computer virus and spyware is that spyware does not replicate itself. A computer virus will gain entry onto your computer using only one file and replicate its code many times onto other files in your computer. Spyware is generally contained to one file and can easily be deleted to rid your system of the problem.
  2. 2.  Computer viruses can not infect write protected disks or infect written documents.  Viruses do not infect compressed files, unless the file was infected prior to the compression. [Compressed files are programs or files with its common characters, etc. removed to take up less space on a disk.]  Viruses do not infect computer hardware, such as monitors or computer chips; they only infect software.  In addition, Macintosh viruses do not infect DOS / Window computer software and vice versa. For example, the Melissa virus incident of late 1998 and the ILOVEYOU virus of 2000 worked only on Window based machines and could not operate on Macintosh computers WHAT VIRUSES CAN DO An annoying message appearing on the computer screen. Reduced memory or disk space. Modification of data. Files overwritten or damaged. Hard drive erased.
  3. 3. Viruses begin to work and spread when you start up the program or application of which the virus is present. For example, a word processing program that contains a virus will place the virus in memory every time the word processing program is run. Once in memory, one of a number of things can happen. The virus may be programmed to attach to other applications, disks or folders. It may infect a network if given the opportunity. Viruses behave in different ways. Some viruses stay active only when the application it is part of is running. Turn the computer off and the virus is inactive. Other viruses will operate every time you turn on your computer after infecting a system file or network.
  4. 4. 1. Macro Viruses: Macro Viruses are one of the most commonly seen computer viruses. These are platform independent viruses and hence they are seen in applications. They will be making the application malfunctioning and thus we won’t be getting the desired results out of it. These viruses are ported directly into the desired applications for which it has been written. But don’t think that they won’t be doing any harm to other parts of your system. They will surely be harming the whole performance of your computer. Examples: DMV, Nuclear, Word Concept. 2. Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting. Examples: Form, Disk Killer, Michelangelo, and Stone virus 3. Polymorphic viruses: A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect. Examples: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud, Virus 101
  5. 5. 4. Trojan Horse: Strictly speaking, a Trojan horse is NOT a virus because it does not replicate like ordinary viruses do. A Trojan horse is an unfriendly program which will appear to be something other than what it is, for example a program that is disguised as a legitimate software program. The Trojan virus once on your computer, doesn't reproduce, but instead makes your computer susceptible to malicious intruders by allowing them to access and read your files. Making this type of virus extremely dangerous to your computer's security and your personal privacy. Therefore, you should avoid downloading programs or files from sites if you're not 100 percent positive of what the file or program does. Below are some common Trojans: Back Orifice 2000 : BO2K allows outsiders to access and modify any information on a Windows 95, 98 and NT machines through an invisible server program installed by the program. It also allows outsiders to spy on what user is doing. BO2K is expected to be released on 10/7/1999. 5. Program viruses: These infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of itself and infecting files on disk. Examples: Sunday, Cascade
  6. 6. 6. Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. A stealth virus actively hides the changes it has made to the hard disk so that it appears that it has not infected the system. For example, a file infector might stay memory resident and misreport the size of infected files so they don't appear to be infected. Boot sector viruses can trap attempts to read the boot sector and return forged data that makes them appear to be "clean". For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory. Examples: Frodo, Joshi, Whale 7. WORM: A Worm is a virus program that copies and multiplies itself by using computer networks and security flaws. Worms are more complex than Trojan viruses, and usually attack multi-user systems such as Unix environments and can spread over corporate networks via the circulation of emails. Once multiplied, the copied worms scan the network for further loopholes and flaws in the network. A classic example of a worm is the ILOVEYOU virus. The best way you can protect yourself from worms is by updating your security patches. Operating systems and application vendors normally provide these patches. In addition, you should avoid opening email attachments from unknown senders.
  7. 7. Antivirus (or anti-virus) software is used to prevent, detect, and remove malware, including computer viruses, worms, and Trojan horses.. Such programs may also prevent and remove adware, spyware and other forms of malware(malicious software) A software utility that searches a hard disk for viruses and removes any that are found. Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered. These programs scan the code of every file on your computer for traces of viruses and spyware, and if found, the file is quarantined until the code can be removed or the file deleted.
  8. 8. Protection Antivirus software can provide real-time protection, meaning it can prevent unwanted processes from accessing your computer while you surf the Internet. Cleanup Antivirus software allows you to scan your computer for viruses and other unwanted programs, and provides you with the tools to get rid of them. Alerts Antivirus programs can alert you when something is trying to access your computer, or when something in your computer is trying to access something on the Internet. Updates Antivirus programs can update themselves, keeping your computer's protection up to date without you having to manually update it. Further Protection If an antivirus software finds an infected file that cannot be deleted, it can quarantine the file so that it cannot infect other files or programs on your computer.
  9. 9. Conventional disk scanners Memory resident scanners Start up scanners inoculation
  10. 10. Conventional disk scanners: This is the standard virus check program. It is run when the user requests it, and it scans the contents of the disks, directories or files that the user wants, for any boot sectors and/or files that contain viruses that it recognizes, based on the virus description information in its virus definition files. Usually run manually by the user either as a preventive maintenance activity or when a virus is suspected, scanning can also be automated through the use of a program scheduler. This is the most common type of virus scanning program Memory resident scanners: Some antivirus software now comes with a special program that sits in the background while you use your PC and automatically scans for viruses based on different triggers. These programs typically can be configured to automatically scan programs as they are run or scan floppy disks when you issue a shutdown command to the operating system. Start up scanners: Antivirus products often come with a special program that is designed to be run every time the PC is booted up. It does a quick scan of the disk's boot sectors and critical system files (instead of a full disk scan which takes a long time). The idea is to catch critical viruses, especially boot sector viruses, before the PC boots up (which can give the virus a chance to spread). Inoculation: This is a totally different approach to virus detection. Instead of looking for the viruses themselves, this technique looks for the changes that the viruses make to files and boot sectors. Starting with a clean system, the software "inoculates" each boot sector and program file by storing a snapshot of information about it based on its content and size. Then, periodically, it re-examines these files to see if anything has changed. If it has, then the utility will inform you; if you haven't made the change, a virus may have.
  11. 11. However, no matter how useful antivirus software is, it can sometimes have drawbacks. Antivirus software can degrade computer performance if it is not designed efficiently. Inexperienced users may have trouble understanding the prompts and decisions that antivirus software presents them with. An incorrect decision may lead to a security breach. One study found that the detection success of major antivirus software dropped over a one-year period.