viruses
TRANSCRIPT
Computer Security Risks
What is a computer security risk?
p. 556 - 558 Fig. 11-1 Next
Event or action that causes loss of or damage to computer system
Virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but misused to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.
Types of Virus
Not all computer viruses behave, replicate, or infect the same way. There are several different categories of viruses and malware. Below I list and discuss some of the most common types of computer viruses.
Trojan Horse
Trojan Horse:
A Trojan horse program has the appearance of having a useful and desired function. While it may advertise its activity after launching, this information is not apparent to the user beforehand. Secretly the program performs other, undesired functions. A Trojan Horse neither replicates nor copies itself, but causes damage or compromises the security of the computer. A Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. The malicious functionality of a Trojan Horse may be anything undesirable for a computer user, including data destruction or compromising a system by providing a means for another computer to gain access, thus bypassing normal access controls.
Worms
Worms: A worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using email or another transport mechanism. The worm may do damage and compromise the security of the computer. It may arrive via exploitation of a system vulnerability or by clicking on an infected e-mail.
Types of virus continued ……
Bootsector Virus: A virus which attaches itself to the first part of the hard disk that is read by the computer upon bootup. These are normally spread by floppy disks.
Macro Virus:Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel and are typically spread to other similar documents.
Memory Resident Viruses:Memory Resident Viruses reside in a computers volitale memory (RAM). They are initiated from a virus which runs on the computer and they stay in memory after it's initiating program closes.
Types of virus continued ……
Root kit Virus: A root kit virus is an undetectable virus which attempts to allow someone to gain control of a computer system. The term root kit comes from the Linux administrator root user. These viruses are usually installed by Trojans and are normally disguised as operating system files.
Polymorphic Viruses:A polymorphic virus not only replicates itself by creating multiple files of itself, but it also changes it's digital signature every time it replicates. This makes it difficult or less sophisticated antivirus software to detect.
Logic Bombs/Time Bombs: These are viruses which are programmed to initiate at a specific date or when a specific event occurs. Some examples are a virus which deletes your photos on Halloween, or a virus which deletes a database table if a certain employee gets fired.
Stand-Alone Utility Programs
What is a virus?
p. 425 - 426 Fig. 8-36
Potentially damaging computer program Affects computer without user’s knowledge
SIGNS OF SIGNS OF VIRUS VIRUS
INFECTIONINFECTION
• An unusual message or image is displayed on the computer screen• An unusual sound or music plays randomly• The available memory is less than what should be available• A program or file suddenly is missing• An unknown program or file mysteriously appears• The size of a file changes without explanation• A file becomes corrupted• A program or file does not work properly• System properties change•The operating system runs much slower than usual
Stand-Alone Utility Programs
What is an antivirus program?
p. 426 Fig. 8-37
Identifies and removes viruses in memory, storage media, and incoming files
Must be updated frequently
Internet and Network Attacks
What is an antivirus program?
p. 560 - 561 Fig. 11-4 Next
Identifies and removes computer viruses
Most also protect against worms and Trojan horses
Internet and Network Attacks
What are viruses, worms, and Trojan horses?
p. 558 Next
VirusVirus is a potentially damaging computer program
WormWorm copies itself repeatedly,
using up resources
and possibly shutting down computer or
network
Trojan horseTrojan horse hides within or looks like
legitimate program until
triggered
Payload (destructive event) that is
delivered when you open file, run infected program, or boot computer with infected disk
in disk driveCan spread and
damage files
Does not replicate itself on
other computers
Internet and Network Attacks
How can a virus spread through an e-mail message?
p. 559 Fig. 11-2 Next
Step 1. Unscrupulous programmers create a virus program. They hide the virus in a Word document and attach the Word document to an e-mail message.
Step 2. They use the Internet to send the e-mail message to thousands of users around the world.
Step 3b. Other users do not recognize the name of the sender of the e-mail message. These users do not open the e-mail message. Instead they delete the e-mail message. These users’ computers are not infected with the virus.
Step 3a. Some users open the attachment and their computers become infected with the virus.
Internet and Network Attacks
How can you protect your system from a macro virus?
p. 560 Fig. 11-3 Next
Set macro security level in applications that allow you to write macros
Set security level so that warning displays that document contains macro Macros are instructions
saved in an application, such as word processing or spreadsheet program
Keeps file in separate area of hard disk
Internet and Network Attacks
How does an antivirus program inoculate a program file?
p. 561 Next
Records Records information information
about program such about program such as file size and as file size and
creation creation datedate
Attempts Attempts to remove to remove
any detected any detected virusvirus
Uses Uses information information to detect if to detect if
virus tampers virus tampers with filewith file
QuarantinesQuarantines infected infected
files that it files that it cannot cannot removeremove
Internet and Network Attacks
What is a firewall?
p. 563 Fig. 11-7 Next
Security system consisting of hardware and/or software that prevents unauthorized intrusion
Unauthorized Access and Use
What are other ways to protect your personal computer?
p. 565 Fig. 11-9 Next
Disable file and printer sharing on Internet connection
User Authentication(login)
What is a user name?
p. 566 Fig. 11-10 Next
Unique combination of characters that identifies user Password is private
combination of characters associated with the user name that allows access to computer resources
Tips for security
What are some tips for preventing virus, worm, and Trojan horse infections?
p. 562 Next
Install a personalfirewall program
If the antivirus program flags an e-mail attachment as infected, delete
the attachment immediately
Never start a computer with
removable media inserted
Never open an e-mail attachment
unless you are expecting it and
it is from a trusted source
Install an antivirus program on all of your computers
Check all downloaded programs for
viruses, worms, or Trojan horses
Software Theft
What is a license agreement?
p. 570 Fig. 11-15 Next
Right to use software Single-user license agreement allows user to install software
on one computer, make backup copy, and sell software after removing from computer
Backing Up — The Ultimate SafeguardWhat is a backup?
p. 576 Next
Duplicate of file, program, or disk
Full backupFull backupall files in computer
Full backupFull backupall files in computer
Selective backupSelective backupselect which files
to back up
Selective backupSelective backupselect which files
to back up
Three-generation Three-generation backupbackup
preserves three copies of important files
Three-generation Three-generation backupbackup
preserves three copies of important files
In case of system failure or corrupted files, restorerestore files by copying to original location
Information Privacy
What are spyware, adware, and spam?
p. 583 - 584 Fig. 11-29 Next
Spyware is program placed on computer without user’s knowledge
Adware is a programthat displays onlineadvertisements
Spam is bogus e-mail message sent to many recipients
Information Privacy
How can you control spam?
p. 584 Next
Collects spam incentral location
that you can view any time
Service that blocks e-mail
messages from designated
sources
E-mail filteringE-mail filtering
Sometimes removes valid
e-mail messages
Attempts to remove spam
Anti-spam programAnti-spam program