What Is A Computer Virus?

A computer virus is malicious software designed to spread to other computers by inserting itself into legitimate programs that are "guests". It may be more or less seriously damage the functions of the infected computer. It can spread through any medium for the exchange of digital information, such as computer networks and CD-ROMs, USB keys, etc. The name comes from an analogy with biological viruses, because the similarities in the way it is distributed with the reproductive capacity of the host cell. It rejects the term "computer virus" in computer and molecular biologist Leonard Adleman (Fred Cohen, Experiments with computer viruses, 1984). Computer viruses are not to be confused with computer worms, which are programs that can spread and replicate on their own without contamination of the host program. In a broad sense, is often used and abused the word virus to any form of malware to be appointed. The total number of malicious programs known to be approximately 95 000 according to Sophos (combining all types of malware). Yet the actual number of viruses in circulation not exceeding a few thousand depending on the WildList Organization, every antivirus vendor with an interest in "blowing up" of viruses detected. The vast majority affect the Windows platform. Although they are extremely few, there are also virus-like systems Unix / Linux, but no outbreaks similar to that of the Windows virus is found in 2010. The remainder focuses on operating systems that are spread over the past year, including 27 viruses - no hazardous - imposed on Mac OS 9 and its predecessors (recorded by John Norstad, author of the antivirus Disinfectant). FreeBSD systems are least affected the development of security targets, as well as Netware and OS / 2 too few to provide a developer known viruses. Viruses are often subject to false alarms that the rumor spread and voluminous cargo. Some of them play on the ignorance of computer users, they sometimes destroy parts of the operating system is completely healthy. The first autonomous software had no purpose they have. The first software of this type were only entertainment, a contest between three data of Bell, Core War, founded in 1970 in the laboratories of the company. For this game, each player writes a program, then loaded into memory. The operating system, which has just multitasking, in turn executes an instruction for the software. The goal of the game is to destroy the adversary programs at its own proliferation. The players are not clearly against the location of the program. The software is able to copy itself, repair itself, to move to different areas of memory and "attacks" of the software by writing random opponent in other memory areas. The game ends after a set time or when a player sees all its programs inactive or destroyed. The winner is the one who has the largest number of running instances. This is precisely the principles of programming viruses. In 1984, the magazine Scientific American presented a computer game design, consisting of small programs that come in s'autoreproduisant fight and try to inflict damage on opponents, making the setting of future viruses. In 1986, the ARPANET was infected by Brain Virus rename all boot disks system (C) Brain. The creators of this virus gave them their name, address and phone number because it was an advertisement for them. The virus is a classic piece of the program, often written in assembler, which fits into a normal program, usually at the end but also at the beginning or middle. Each time the user runs the "infected", activates the virus the chance to get into other executable programs. Moreover, when a load, it can, after a certain time (which can be very long) or a special event, performing a predetermined action. This action can range from a simple message is harmless to the deterioration of certain functions of the operating system or damage to files or even complete destruction of data on the computer. One speaks in this case "logic bomb" A boot virus installs a boot sector of a boot device: .. Hard Disk (the main boot sector, the master boot record, or a partition), floppy or whatever it replaces a boot loader (or boot program or "boot loader") was introduced (by copying the original elsewhere) or created (on a disc or was not) but not to change a program as a normal virus, where it replaces an existing program start, it behaves like a virus "prefix" (which is inserted at the beginning), but fact infecting a virgin device of any software startup is different from classical swine fever virus, which attacks not to "nothing." Macro viruses that attack software macros in Microsoft Office (Word, Excel, etc..) Via VBA Microsoft. For example, compliance with the Normal.dot template in Word, a virus can be activated every time the user runs the program. Viruses, worms, appeared around 2003, experiencing a rapid development in the years that followed, his classic viruses because they have a host program. But similar to the worms (in English "worm") because: Their mode of reproduction is linked to the network, including worms, mostly through the exploitation of security vulnerabilities. Such as worms, their action is discrete and non-destructive to the user of the infected machine. Such as worms, they remain major targets, such as distributed denial of resources attack or DoS (Denial of Service) is set to a server with thousands of infected computers to connect simultaneously. [Ref. needed] The party-type virus, which originated in the days when MS-DOS operating system was in vogue, viruses are "primitive." Although able to reproduce and infect other batch files, they are slow and have very low infectivity. Some programmers have to encrypted and polymorphic viruses make Batch. This is a real technical feat party if the language is simple and primitive. Other threats exist in the IT, it is often distinguished by the lack of reproductive system that characterizes the viruses and worms, the term "malicious software (" malware "in English) is more suitable in this case. The term computer virus was created on analogy with the virus in biology: a computer virus uses its host (the computer it infects) to reproduce and spread to other computers, like biological viruses, where the genetic diversity slows growth opportunities of a virus, computer systems and what are the most popular software. most affected by viruses: Microsoft Windows, Microsoft Office, Microsoft Outlook, Microsoft Internet Explorer, Microsoft Internet Information Server ... Professional versions of Windows (NT/2000/XP Pro) rights are not a professional way vaccinated against this site stealthy intruders. The commoditization of Internet access was a major factor in the rapid widespread dissemination of the latest viruses. This is mainly due to the ability of viruses to the correct e-mail addresses on the infected computer (Address Book, but also in the messages or archives visited web pages or newsgroups). Similarly, the linking of computers in local networks enhances the ability of these viruses to spread way more potential targets. However, systems with a limited diffusion disproportionate hit. The majority of these systems, as variants of the architecture UNIX (BSD, Mac OS X or Linux), using standard management rights of each user giving them the easiest to prevent attacks, the damage is usually confined to areas which should only accessible to users, saving the base operating system. Legal viruses. When discovered, the virus a name. This theory is consistent with the agreement signed in 1991 by members of Best Computer Antivirus Research Organization. This name is as follows: - Prefix, the mode of infection (macro viruses, trojan horses, worms ...) or the operating system; - A word expressing its special or error exploits (Swen is an anagram of News, an anagram of Admin Nimda, Sasser exploits a vulnerability LSASS); - In one version with the suffix (the viruses are often in the form of variants resemble the original version). Unfortunately, the analytical laboratories of the various antiviral publishers may affect their own name to the virus they are working, making it difficult to find information. So, for example, the Netsky virus called Alternative Q W32.Netsky.Q @ mm Symantec, Trend Micro WORM_NETSKY.Q, W32/Netsky.Q.worm Panda and I Worm.NetSky. r at Kaspersky. It is possible to find a generic name given through specialized search engines, such as Virus Bulletin or Kevin Spicer. Virus on Linux. The Linux operating system, and Unix operating systems and related, is usually pretty well protected against computer viruses. However, some viruses can damage Linux systems are not secure. Like other Unix systems, Linux implements a multi-user environment where users have rights corresponding to their specific needs. There is a system for monitoring a user's access to reading or editing a file to prevent. For example, viruses typically have less capacity to influence and infect a system with Linux or DOS on Windows files always with FAT32 (NTFS files have the same protection as files are UNIX, Windows NT database to isolate the accounts between them). Consequence, no viruses written for Linux, including the following, successfully spread. There are vulnerabilities that are exploited by viruses corrected in a few days for updates to the Linux kernel. Virus scanners are available for Linux systems to monitor the activity of active viruses on Windows monitor. They are mainly used on proxy servers or mail servers using Microsoft Windows client Antivirus software systems designed to identify, neutralize and remove malware (including viruses are just one example) based on the exploitation security problems. Antivirus checks the files and emails. Several methods are possible: - The major market focus on antivirus signature files and compare the signature of the virus to virus checking code. -The heuristic method is the most powerful, seeking to discover malicious code by its behavior. She tries to detect it by analyzing the code of an unknown program. Sometimes false alarms may cause. - The shape analysis is based on filtering rules between regexp or in a junk file. The latter may be particularly effective for e-mail servers support postfix regexp kind, as it does not depend on a signature file. Antivirus programs can scan the contents of a hard disk, but also the computer memory. For the more modern they act upstream of the machine by scanning the files are exchanged with the outside world, both in amount that flows down. For example, e-mails reviewed, but the files are copied to or from removable media such as CDs, floppy disks, network cards, USB keys ... Virus creators have previously identified and recorded information about the virus, such as a dictionary, the antivirus can detect and locate the presence of a virus. When this happens, the virus has three options, it may: 1. try to repair the damaged files by removing viruses; 2. put the files in quarantine so they can be accessible to other files or spread and ultimately can later be repaired; 3. infected files. To maximize the yield of the virus, it is essential to make frequent updates by downloading newer versions. Internet and conscientious with good computer skills to identify viruses and send their information to software developers so that their anti-virus database updates. Typically, antivirus review each file when it is created, opened, closed or reading. In this way, viruses can be identified immediately. It is possible to program the system of management that a regular evaluation of all files on the storage space (hard drive, etc.) in progress. Although antivirus software are very reliable and regularly updated, virus writers are just as often inventive. In particular, the virus "oligomorphiques", "polymorphic" and more recently "metamorphic" are harder to detect. Whitelist. The white list is a technique increasingly used to fight malware. Instead of looking for software known as malware, it prevents execution of any program, except those deemed trustworthy by the system. By this method of blocking standard, avoids the problems inherent in the updating of virus signature file. It also helps prevent the execution of unwanted programs. Given that modern enterprises have many applications are considered reliable, the efficiency of this technique depends on the ability of the manager to establish and update the whitelist. This task can be facilitated by the use of tools for process and inventory maintenance. Another approach is to localize the virus to detect suspicious behavior programs. For example, if a program tries to write data to run a program, the antivirus detects suspicious behavior and notify the user that gives the steps to follow. Unlike the previous approach, the method used to identify suspicious behavior very recent viruses that have not known in the dictionary of the virus. However, the fact that users are constantly warned of false alarms they are insensitive to the real threats. If users answer "Agree" to all these messages, antivirus offered them no protection. This problem has worsened since 1997 because many programs have changed some harmless executable files contrary to these false alarms. Therefore, most modern antivirus software use less this method. The heuristic analysis is used by some viruses. For example, the antivirus is the beginning of each code to scan all new applications before the transfer of control to the user. If the program seems a virus, then the user is logged on. However, this method can also lead to false alarms. The heuristic method can detect virus variants, and automatically communicating the results of the analysis to the editor, the accuracy of the database and update the virus definitions. The method of the sandbox (sandpit in English) is the operating system to emulate the file to execute the simulation. Once the program has terminated, software analyzes the results of the sandbox to detect changes that may contain viruses. Because of performance problems, such as detection usually takes place during the scanning application. This method may fail as viruses can be deterministic and result in different actions or no action even when executed. It is impossible to detect from a single execution. Many companies claim the title of the first maker of antivirus software. The first public announcement of a neutralization of a virus for the PC is made by European Bernt Fix (or Bernd) in early 1987, the Vienna virus. In response to this virus, several other viruses have emerged such as ping pong, Lehigh and Survive-3, also known as Jerusalem. Since 1988, several companies with the aim of further research in the field of antivirus software came together. The first breakthroughs in the anti-virus occurred in March 1988 with the release of Den Zuk, made by the Indonesian Denny Yanuar Ramdhani. Den Zuk virus can neutralize the brains. In April 1988, the virus L-created forum on Usenet and in mid-1988 saw the design of a search engine can detect viruses and Trojan horses that were known to the public. In the autumn of 1988 saw antivirus software Dr. Solomon's Anti-Virus Toolkit was designed by Briton Alan Solomon. At the end of December 1990, the market will come to the point of offering consumer products related to 19 different anti-virus, among them, Norton Antivirus and McAfee VirusScan. Peter Tippett was extensively involved in the nascent field of detection of computer viruses. It was an emergency and had occupied his software company. He read an article about the Lehigh virus, which was first being developed, but it is actually that in itself Lehigh Tippett was the most knowledgeable. He asked if there are similar characteristics between these viruses and those that attack humans. In terms epidemic, he was able to determine how these viruses are the same processor computer control (the boot sector was hit by the Brain virus, the. Com with the Lehigh virus, while the Jerusalem virus attacked both files. Com and. exe). Tippett's company Certus International Corp.. was also involved in the development of antivirus software. He sold the company to Symantec Corp. in 1992. Tippett and joined them by implementing the software developed on behalf of Symantec, Norton AntiVirus.