Computer Virus • Software programs written by someone that needs to get a life • Can range from being a nuisance to causing major destruction and recovery time • Software packages can be infected
Viruses Hide in: • Another computer program that executes so that the virus program can be placed into main memory. • Typically, viruses come from programs on floppy disks or networks. • Very complex viruses can write themselves in between hard disk sectors making them very difficult to detect.
Virus Types • Trojan Horse - contained inside of another “host” program. Often date activated. White collar sabotage. • Worms - may not be an executable program itself but duplicates in main memory and hard disk space. Slows down the operating system. • Stealth virus - pretends to be another program that should be on the computer
Virus Components: • Replication code - how it does what it does • Marker - set of codes that virus looks at to determine if the file has been infected • Kernel - code that controls task manipulation and replication • Overwriting vs non-overwriting: replaces an existing program file vs appending to it
Elimination and Protection • Scanner software - “shield” software scans all data coming into a computer system looking for known or suspected viruses. Known viruses are detected by some recognizable “character string” in the virus computer code. Suspected viruses are detected whenever the virus program tries to do something weird, like attach to an existing program or reuse disk space reserved for the operating system. • Cleaner software - can try to restore infected files back to a useable state. Requires booting from a clean, write protected floppy disk May take a lot of time. • Detection software - detects the presence of a virus on an infected disk • Typical packages: McAfee, Dr. Solomon, etc