2. • Viruses can also replicate themselves.
• All computer viruses are manmade.
• A simple virus is dangerous because it will quickly
use all available memory and bring the system
down.
• Virus can damage: files, can format hard drives,
and can also scramble partition tables, etc.
3. VIRUS
• Computer viruses are small software programs designed to transfer
from one computer to another.
• “A virus is simply a computer program that is intentionally written
to attach itself to other programs and replicate whenever those
programs are executed ”.
• Viruses can easily spread by e-mail attachment or instant messaging
messages.
• Virus can be spread by downloading unnecessary files from Internet.
• Viruses can be disguised as attachments of funny images, greeting
cards, or audio and video files.
4. HISTORY
• The creeper virus was first detected on ARPANET, in early 1970s
• Propagated from TENEX operating system.( modem are dialed and
connected to remote computers and infect them )
• The first pc virus was a boot sector virus called “brain”, created by Basit
and Amjad Farooq Alvi, in 1986, Lahore, Pakistan.
• This virus copies itself from the software.
5. TRADITIONAL COMPUTER VIRUSES
• First widely seen in the late 1980s,
• Technology development encouraged virus creation.
• Development of personal computers.
• Due to the internet.
• Development of floppy disks.
6. HOW VIRUS WORKS?
• When we run infected program it loads into the memory and stars
running as well. It also has an ability to infect other programs.
• When virus runs unidentified programs it adds itself to it.
• When we transfer some programs and files to our friend either through
email, cd, and floppy disk, our friend’s computer can also be affected as
well.
7. TYPE
• Trojan horses –
A Trojan horse is a simple computer program. The program
damage when we run it. It can even damage hard disk. Trojan horses
can’t replicate automatically.
• E-mail viruses –
An e-mail virus travels as an attachment to email-message and
replicates itself by automatically mailing itself to the entire contact list
on our email address book. Some e-mail viruses don't even require a
double- click. If we hit once, it directly passes to system.
8. TYPE CONT..
• Worms –
A worm is a small piece of software that uses computer networks
and security holes to replicate itself. A copy of the worm scans the
network for another machine that has a specific security hole. It copies
itself to the new machine using the security hole, and then starts
replicating from there, as well.
• Cross-site scripting viruses are among the new virus. They use cross-site
scripting for propagation. Myspace and Yahoo are most affected sites due
this virus.
9. SAFETY MEASURES FOR VIRUSES
• Run a secure operating system like UNIX.
• Buy virus protection software and install in PCs.
• Avoid program from unknown sources (INTERNET).
• Use commercial software.
• For Microsoft application, Macro Virus Protection should be
enabled.
• Never download unknown email attachment.
• Block receiving and sending executable codes.
• Solution is Antivirus software
10. ANTIVIRUS-SOFTWARE
• Softwares that attempt to identify and eliminate computer viruses and
other malicious software (malware).
• Sophisticated - But virus creators are always one step ahead.
• Detection - This is the key to antivirus software.
11. DETECTION TECHNIQUES
• Scanning
• Integrity Checking
• Interception/ Heuristic Detection
• Scanning is the most commonly used technique in antivirus software.
12. SCANNING
• Also known as Virus Dictionary Approach.
• Scanner scans the hard disk, memory, boot sector for code snippets.
• If code snippet in a file matches any virus in the dictionary, appropriate
action is taken.
13. SCANNING
• Advantages
- Viruses can be found before execution.
- False alarms are rare.
- Quick at detecting known viruses.
• Disadvantages
- Polymorphic Viruses.
- Virus executes at least once.
- Continuous updates necessary.
14. INTEGRITY CHECKER
• Keeps track of threats by monitoring changes to files.
• Maintains information about important files on disk, usually by
calculating checksums
• If a file changes due to virus activity, its checksum will change.
• E.g. Norman Virus Control.
15. INTEGRITY CHECKER
• Advantages
- Constants updates are not necessary.
- Can be used to detect new viruses.
- Can also detect other damages to data e.g. corruption.
• Disadvantages
- False Positives.
- Cant’ differentiate between corrupted and infected data.
16. HEURISTIC VIRUS CHECKING
• Generic mechanism for virus detection.
• Rule based.
• Rules differentiate a virus from a non virus.
• If a code snippet follows the defined rules, it is marked as a virus.
• E.g. F-secure antivirus software.
17. HEURISTIC VIRUS CHECKING
• Advantages
- No need to download updated list of viruses weekly.
- Can be used to detect new viruses.
• Disadvantages
- False Positives.
- Virus creators can write viruses that do not follow the
rules.