computer virus and related legal issuesPresentation Transcript
MIT college of Engineering
•Introduction of Virus.
• Types of Viruses
• Legal issues of
• Handling Third Party
Introduction To Virus
A virus is a computer program that
can copy itself and infect a computer
without the permission or knowledge
of the owner.
Viruses can damage your hardware,
software or files and replicate
Types of Virus
There are two main types of virus.
• A VIRUS doing same thing with the
help of Operating system and
memory called Residential virus
• Those viruses searching new file to
affect called Non-residential virus.
Basic Types Of Virus
Appears as interesting program file but when
installed it allows intruders to access and read
your files.Eg: “I LOVE YOU“.
Virus that copies and multiplies itself by using
computer networks and security flaws. Eg.“CODE
Use e-mail messages to spread which allow it to
automatically forward itself to thousands of
people Eg. Rasom virus
Types of Virus
Boot Sector Virus
• A boot sector virus infects diskettes and hard drives.
• Boot sector viruses often spread to other computers by
the use of shared infected disks and pirated software
• Active when the program file (usually with extensions
.BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is
• Once active, the virus will make copies of itself and will
infect other programs on the computer.
• Programmed as a macro embedded in a
document, usually found in Microsoft Word and
• Once it gets in to your computer, every
document you produce will become infected
• Relatively new type of virus and may slip by
your antivirus software if you don't have the
most recent version installed.
• Eg. Melissa
• Hybrid of a Boot Sector and Program viruses.
• Infects program files and when the infected
program is active it will affect the boot record
Virus-Legal Issues of protection
Grounds on which virus creation or
distribution may be found to be illegal
• Unauthorized Access
Any kind of access without the
• Unauthorized Modification
Any kind of modification to the data without
the permission of the User
Eg. Email attacks
• Includes making available viruses, virus
code, information on virus creation, and
Denial of Service attacks
• Flooding a computer resource with more
requests than it can handle. This causes
the resource to crash thereby denying
access of service to authorized users.
• All such kind of attacks come under
Cyber Crime i.e “unlawful acts wherein the
computer is either a tool or target or both”.
• Thus to control the Cyber Crime “Cyber
Laws “ were introduced .
The world 1st computer specific law was enacted
in the year 1970 by the German State of Hesse
in the form of „Data Protection Act, 1970’
with the advancement of cyber technology.
Indian parliament passed its “INFORMATION
TECHNOLOGY ACT, 2000” on 17th October to
have its exhaustive law to deal with the
IT ACT OF INDIA 2000
The Information Technology Act, 2000 aims to
provide for the legal framework so that legal
sanctity is accorded to all electronic records and
other activities carried out by electronic means.
This ACT defines many CHAPTERS, which
defines different kinds of punishments for
different types of crime.
IT ACT OF INDIA 2000
• Act talks about penalties and adjudication
(preparing official judgment)for various
• The penalties for damage to computer
systems etc. has been fixed as damages
by way of compensation not exceeding Rs.
1,00,00,000 to affected persons.
Penalty : 2year prisonment or/and 2lack
The Act talks of appointment of any officers
not below the rank of a Director to the
Government of India or an equivalent officer
of state government.
Adjudicating Officer has been given the
powers of a Civil Court.
Handling Third Party Software
• Third party software refers
to programs that are developed by
companies other than the company
that developed the
computer's operating system.
• Eg. Windows programs developed by
companies other than Microsoft are
called third party programs.
The risk is not in code that internal developers have
written, but in components provided by outside
developers, whether open-source libraries or third-party
There is an assumption that vendors and open-source
developers have gone through the security checkpoints
during the application development process, and that
assumption is false.“
To secure their software, companies must first figure out
which code components have become part of their code
To analyze the software the developers
and IT security teams need to do an
application assessment .
They need to find the vulnerabilities in the
through static analysis
by monitoring the developer's support
through an intelligence service that
tracks changes to software.
The company can then make an informed
Binary only Source
• Chieh-jen,Chao-Ching Wang,” A Scalable
High-Performance Virus Detection
Processor Against a Large Pattern Set for
Embedded Network Security ” ,IEEE,
pages 841-854, May 2012.