A computer virus is a program that is designed to copy itself into other programs. When the other programs are run, they carry out the virus’s instructions, either instead of or in addition to their own. Since one of the primary tasks 110 computer virus programmed into a virus is to reproduce itself, a virus program can spread rapidly. Viruses are generally programmed to seek out program files that are likely to be executed in the near future, such as those used by the operating system during the startup process. The result is a copy that can in turn generate an additional copy, and so on. (A virus disguised as an innocuous program is sometimes called a Trojan, short for “Trojan horse.” A distinction is sometimes made between viruses and worms. A worm generally uses flaws in a networking system to send copies to other machines, without needing to insert code into a program.)
Appearing in the 1980s, the first computer viruses were generally spread by infecting programs on floppy disks, which were often passed between users. Today, viruses generally have instructions that enable them to gain access to network facilities (such as e-mail) to facilitate their spreading to other systems on a local network or on the Internet.
The spread of viruses is complicated by the fact that operating systems (particularly Microsoft Windows) and applications (such as Microsoft Office) have the ability to run scripts or “macros” that are attached to documents. This facility can be useful for tasks such as sophisticated document formatting or form-handling, but it also means that viruses can attach themselves to scripts or macros and run whenever a document containing them is opened. Since modern e-mail programs have the ability to include documents as attachments to messages, this means that the unsuspecting recipient of a message can trigger a virus simply by opening a message attachment.
In today’s Web-centric world, viruses are often spread using links in e-mail that either entices or frightens the reader into clicking on a link to a Web site, which can be made to closely resemble that of a legitimate institution such as a bank or e-commerce site (see phishing and spoofing). Once connected to the site, the user’s computer can be infected with a virus or with some other form of “malware” (see spyware and adware). This route of infection is particularly dangerous because normal antivirus programs scan e-mail but not data being downloaded from a Web site, and firewalls are generally set to allow normal Web requests.
Once installed, a virus can be used for a variety of purposes according to the “payload” of instructions that are set to execute. Sensitive information such as credit card details can be stolen (see identity theft). Sometimes the infected computer can appear to be unaffected, but has had a stealthy “bot” (robot) program inserted. Thousands of bots can be linked into a “botnet” and later commanded to trigger large-scale “distributed denial of service” (DDOS) attacks to flood targeted Web sites with requests, crashing or disabling the site.
Viruses can be further disguised by programming them to remain dormant until a certain date, time, or other condition is reached. (Such a virus is sometimes called a logic bomb.) For example, a disgruntled programmer who is about to be dismissed might insert a virus that will wipe out payroll data at the beginning of the next month. A famous example of the time-triggered virus was the Michelangelo virus, so named because it was triggered to run on the artist’s birthday, March 6, 1992. (See computer crime and security.)
Viruses can be overtly destructive (such as by reformatting a computer’s hard drive, wiping out its data). Other viruses can simply tie up system resources. The most infamous example of this was the “Internet Worm” introduced onto the network on November 2, 1988, by Robert Morris, Jr. This program was intended to reproduce slowly, planting its “segments” on networked computers by exploiting a flaw in the UNIX send mail program. Unfortunately, Morris made an error that caused the worm to spread much more rapidly. Before the coordinated efforts of system administrators at affected sites came up with countermeasures, the worm had cost somewhere in the hundreds of thousands of dollars in lost computer and programmer time.
Countermeasures
The only certain defense of a computer system from viruses would be through abstaining from contact between it and any other computers, either directly through a network or indirectly through exchange of programs on floppy disks or other removable media. In today’s highly networked world, this is usually impractical. A more practical defense is to install antivirus software. Antivirus programs work by comparing the contents of files (either those already on the disk or entering via the Internet) with “signatures” or patterns of data found in known viruses. More sophisticated antivirus programs include the ability to recognize program code that is similar to that found in known viruses or that attempts suspicious operations (such as attempts to reformat a disk or bypass the operating system and write directly to disk). If an antivirus program recognizes a virus, it warns the user and can be told to actually remove the virus. Because dozens of new viruses are identified each week, virus programs must be updated frequently with new virus signature files in order to remain effective. Many antivirus programs can update themselves by periodically linking to a Web site containing the update files.
Modern operating systems (such as Microsoft Windows Vista) have attempted to make it harder for unauthorized programs to access critical system files, such as by limiting default access permissions or prompting the user to approve various activities. Such operating systems also include an updating feature that can automatically download and install security “patches”—a vital task, as can be seen from the volume and variety of such updates that seem to appear every month. Indeed the use of “blended” threats (including more than one potential infection mechanism) and the development of new “exploits” for hundreds of different data file formats make system protection an ongoing challenge.
Reducing user temptation and enhancing user awareness is also important. Since unsolicited e-mail (see spam) is often a source of potentially malicious links and attachments, running a spam-blocking program can help protect the computer. There are also programs that can detect and block “phishing” messages and their related Web sites.
Since none of these programs can completely keep up with the rapid appearance of new threats, caution and common sense on the part of the user remain an important last line of defense.
Reference:
Henderson, Harry. Encyclopedia of Computer Science And Technology, Revised Edition. New York. Facts on File. Inc
Further Reading
Antivirus Software Buying Guide. PC World. Available online. URL: http://www.pcworld.idg.com.au/index.php/id;316975074. Accessed June 24, 2007.
CERT Coordination Center. Available online. URL: http://www.cert.org. Accessed June 24, 2007. Gregory, Peter H. Computer Viruses for Dummies. Indianapolis: Wiley, 2004.
Henderson, Harry. Computer Viruses. Detroit: Lucent Books/Thomson-Gale, 2006.
McAfee Corporation. Available online. URL: http://www.mcafee.com. Accessed June 24, 2007.
Symantec Corporation. Available online. URL: http://www.symantec.com. Accessed June 24, 2007.
No comments:
Post a Comment