Free Essay

Computer Virus's

In:

Submitted By zimbaz
Words 5198
Pages 21
COMPUTER VIRUSES - CURRENT STATUS,

FUTURE TRENDS AND POSSIBLE ADVANTAGES.

(c) Jean-Paul Van Belle

Note: this was an early draft version - couldn't dig up the final version ;-)

Abstract

This paper attempts to take a longer term perspective on the computer virus technology. Firstly, viruses are defined, described and classified. Popular anti-virus protection mechanisms are listed. The current impact of viruses is briefly assessed and an attempt is made to isolate and project some expected trends in virus technology. Finally, a number of potential advantages of viruses are discussed.

1. Introduction

The computer virus and its technology represent a relatively new phenomenon, although its origins can be traced back to the late fifties. The emergence of the virus technology may be attributed to a combination of factors, including the wide availability of computer resources, the increased level of connectivity, the event of decentralized computing with a certain relaxation of security measures, the development of a hacker community (culture and literacy), and perhaps a general decline in morality principles. All of these factors have resulted in what may be called a democratization of the computer technology. This has in its turn established the necessary "critical mass" for the virus technology to develop.

The media have publicized a large number of virus attacks; not necessarily in the most accurate or factual manner. But the very fast evolution of the technology has even confused many professionals. This resulted in a lot of "hype", popular myths and misconceptions about computer viruses. An interesting study claims that "[s]tories about computer viruses may be as full of myth as they are of truth" and careful investigation of these stories led to the conclusion that "tales about the destruction wrought by Trojan horse programs were, in fact, a new form of urban legend".

Although a number of computer specialists are still of the opinion that the virus problem has been over-estimated, surveys indicate that the incidence of virus infections within academic and commercial computing environments has grown exponentially to very high levels over the past three years.

Most of the virus literature has focussed on the security aspects of viruses. This has led to a relatively reactive viewpoint which is mostly concerned with the negative aspects of viruses. In this paper, an attempt will be made to extrapolate a number of future trends in the virus technology which might enable a more pro-active attitude. A seperate section will deal specifically with the advantages of viruses.

2. Definitions and Concepts

Definitions of viruses abound. As one extreme, the very fuzzy, broad concept used by most mass-media could be adopted. At the other end of the continuüm the following definition has been proposed by

Kauranen & Mäkinen "a computer virus is a description of a TM whose simulation by the [universal] TM causes another description of a viral TM to appear to the tape of the [universal] TM" with the TM [Türing Machine] being a 7-tuple M = {Q, S , G , d , q0, B, F} where each of the tuples is specifically defined as a (set of) state(s), tape symbol(s) or a function.

For the purposes of this paper a more operational definition will be adequate: "a computer virus is a set of instructions which, when executed, spreads itself to other, previously unaffected, programs or files". The key property of the virus is thus its "infection" feature: it attaches itself to another piece of code which serves as its carrier or host. A virus does not necessarily need to contain destructive code, nor does it need to make exact copies of itself. Some viruses also infect previously infected files. Various plural forms of 'virus" can be found in the literature: viruses, viri and virii. The most common plural appears to be "viruses" and is the form that has been adopted in this paper.

Often, the term "virus" is used inappropriately to describe other types of malicious or destructive, replicating code. They are typically known by colourful names such as rabbit, bacterium, time or logic bomb. The following two types in particular are commonly confused with viruses. A Trojan Horse is any program designed to do things that the user of the program did not intend to do. Unlike program bugs, they were coded with the intent of the program author. A Worm is a program that spreads copies of itself through network-attached computers. Neither program requires a host. The widely publicized American "Internet Virus" was in fact not a virus but a worm.

3. Virus Technology.

3.1 General Theory of Operation.

Viruses have two distinct operational features: a replication function and a (usually destructive) action triggered by a certain event.

The objective of the replication function is to infect as many files or systems as possible. Each time the virus code is run it attempts to locate uninfected files on the host system or any other on-line system. Sophisticated viruses employ several techniques to make this process as efficient and invisible as possible: temporary modicification of file attributes, intelligent device access, keeping the reported file size as before, not modifying file date or time stamps and maintaining the Cyclic Renduncy Checksum. To keep track of their activities, virus-marker bytes are usually placed in infected files.

The ultimate aim of this covert reproduction process is usually a specific action. The trigger for the action could be an internal count of the number of infections, but is usually a specific time or date.

3.2 Virus Trigger and Action Examples.

The following examples of MS-DOS viruses may serve as illustration of the diversity of triggers and actions. They have been collated from the documentation of various anti-virus packages. Fu Manchu is triggered (inter alia) by typing Thatcher, Reagan, Waldheim or Botha and adds the sentence part "is a xxxx" where xxxx is a 4-letter word. Italian (Bouncing Ball) is triggered if a certain clock state (every half hour) coincides with a disk access and puts a bouncing dot on the text screen. Stoned (Marijuana) triggers on every 8th infective boot-up and overwrites (non-intentionally) parts of the File Allocation Table on non-standard disks as well as displaying the dreaded "Your PC is now stoned" message. Denzuk keeps an internal infection counter and places its red graphics logo on a CGA system. Datacrime is triggered on October 13th (or thereafter) and does a low level format of cylinder 0 of a hard disk. Cascade's trigger incorporates a random number generator and causes the characters on the monitor to gradually crumble into a heap at the bottom of the screen. Typo checks every fiftieth character send to the printer and substitutes certain pairs. Dbase checks for DOS function calls with the file name extension DBF and swaps certain pairs of bytes. Oropax uses a one in four random number generator coupled to a date later than May 1st, 1987 and a specific machine ID, upon which it plays one of three tunes at an interval of a few minutes. Pretoria renames file names to ZAPPED on June 16th. Print Screen does a screen dump every 255 disk BIOS accesses. Icelandic displays "Gleileg jAl" on December 24th. Virus-90 displays white bars moving down the screen on when the day of the month is a multiple of 9. Solano checks random screen positions at 73 second time intervals for figures and, if found, swaps two digits. Shake displays the message "Shake well before use !" every 6th time it goes resident.

There are many more viruses; the above have been selected to show the diversity of triggers and actions. Although quite a number of viruses do not intentially destroy data, it must be realised that no harmless viruses do exist: just the computational overhead can be critical in certain applications e.g. medical systems

3.3 Types of Viruses.

Since viruses attach themselves to executable code, they can be classified according to the type of their host program.

Boot infectors locate themselves in the system boot track, which is used by the operating system to initiate system operation. They often move the original code to another area on the disk. Their major weakness lies in the fact that they cannot make use of any of the operating system functions; as a result they tend to be fairly simple. Their major strength is that they are always resident, ensuring a high level of infectiousness. The Bouncing Ball and the Stoned virus are two well-known examples.

System infectors attach themselves to a operating system module, such as the command interpreter, system I/O routines or system device drivers. They are just as infectious as boot infectors but can make full use of all operating system routines, enabling very sophisticated actions.

Finally, generic application infectors infect some or all application programs or their code overlay files. They execute only when the infected aplication is loaded and can be further sub-divided into two categories: direct and indirect action file viruses. A direct action file virus (such as the Vienna virus) attempts self-replication immediately upon its first execution. The indirect type (e.g. Israeli) works in two distinct steps: first it copies itself into memory and hooks itself into one (or more) of the system interrupts; only at a later stage, when the redirected interrupts are called, does the actual replication or action code get executed.

From the above discussion it must be clear that viruses cannot be executed from data files. There are however a number of potential exceptions. Firstly, operating system (or program) bugs may cause data to be loaded into the code area and thus be executed by accident. Precisely such a bug in the Unix mail system was apparently exploited by the US Internet worm. Secondly, it is conceivable that certain program source code editors are modified in such a way that they add some virus code to the stored program source which will execute only when the source code is compiled. Admittedly, it would be more practical and efficient to let the compilers be the infection mechanism.

3.4 Typical ways in which virus spread.

Viruses can enter a computer system through any of the input devices. By far the most common vehicle for virus are removable magnetic storage media. These could be programme disks "borrowed" from a friend, collegue or computer club; data diskettes (boot sector viruses only); demonstration diskettes included with computer magazines, etc. Software piracy, academic software libraries and technicians' diagnostics disks appear to be the major culprits. Even cases of infected shrink-wrapped software have been reported where a virus was present on the developer's system and infected the master disk; or the software was infected by a first user, returned and re-wrapped by the retailer.

Another common way of spreading viruses is through communications links. The most spectacular and easiest method is trough computer networks although they have also been downloaded from bulletin board systems and public access information services.

Ultimately, no system is safe since virus code can be entered manually through the keyboard by a user or might conceivable be found on read-only devices such as CD-ROM disks or EPROM chips.

4. Anti-Virus Protection Methods.

4.1 Anti-virus Packages.

A flourishing anti-virus software industry has sprung into being with the advent of the virus threat. Three main functions are provided by these packages: virus "diagnosis" or identification; protection by trying to detect virus intrusion ("vaccination") or check files/disks for alterations; and "antidotes" to remove virus code. It is important to realize that no package can offer 100% security, and the cost of a package is not necessarily a good measure of a package's functionality.

Virus diagnosis is usually done by checking system memory, boot records, and system/application files against a list of virus "signatures". This list is apt to grow longer and longer and must be updated on a regular basis (see addendum 1 for a sample list of viruses); Dr Alan Solomons reported over 770 viruses in May 1991 against a mere 142 as of December 1990. A number of anti-virus services offer dial-up online listings of these signatures. Some viruses employ self-encryption which makes detection even more difficult. On larger systems the detection process can become quite time-consuming and is never fool-proof since it does not detect newly developed virus. In addition, a growing number of "false alarms" can be expected since "signatures" could be present in orthodox program code by coincidence.

A number of virus vaccination alternatives exist. Some software packages append small anti-virus routines to target executable files that check file entegrity by calculating modified file checksum calculations before execution of the proper program. Other antidote programs maintain a separate datafile of checksums for all or most program files of the disk and check against this list on a regular basis (daily or upon system boot). A "brute force" variant of this software maintains coded images of entire disks instead of the checksum totals. A final category of antidotes loads as a background resident application which monitors the critical interrupts to which viruses attach themselves and intercepts exceptional or suspicious system calls. All of these vaccination programmes use system resources in the form of available system memory, processing time and/or disk storage space and represent therefore additional system overhead. More recently, sophisticated viruses have been released that anticipate these vaccines and thus escape detection or, even worse, make use of the anti-virus software as a vehicle to spread even faster. Finally, most vaccination software involves a trade-off between the level of security and the number of false alarms generated, since apparently innocous system routines can still be used to damage data whilst many "dangerous" interrupts have to be called occasionally by orthodox applications. Executable files may be modified in development environments (after re-compilation) or through self-modifying software (SideKick), which will change checksums.

Virus elimination or removal software is intended to remove virus code from a system and, in some cases, repair data damage inflicted by the virus. This is a fairly straightforward process for many boot infectors but the process of infection is often irreversible for the more sophisticated viruses. The only remaining alternative will be to restore the executable code from uninfected backups or the original program disks. Undoing serious data damage is only rarely feasible although the extent of damage can usually be pinpointed more easily with the aid of virus removal packages.

As a final note, there is a growing number of hardware products available that implement some of the above methodologies although their effectiveness is not yet assured.

4.2 Procedures.

Because anti-virus packages are generally of a reactive nature and involve considerable system overhead, organizations are well advised to implement adequate virus control procedures as well. Appropriate anti-virus procedures have become essential in all larger organizations during the last few months. Space limitations prevent full discussion of possible procedures in this paper but some general pointers will be mentioned.

Ideally, the potential impact of virus damage to the organization should first be assessed. The risk and cost appraisal could then serve as a basis for cost-effective preventative management policies.

Preventative procedures are a combination of general data and program exchange regulations; user education; appropriate hardware choices, some centralized controls; security measures; and sound data management principles such as regular system backups, appropriate user rights and program source control. The exact procedures will depend on various factors such as the risk profile, size and culture of the organization. More detailed guidelines for these procedures can be found in White & Chess and many more guidelines can be expected to appear shortly in the literature although they currently concentrate on individual users and LANs.

However, it is virtually impossible to prevent virus attacks entirely and it is therefore imperative for concerned management to set up virus eradication procedures - preferably before the event. In practice, the procedures will depend on the virus type, the extent of its infection and the type of damage incurred. Procedures for both academic and commercial environments are suggested by A. Solomon.

5. Current Impact of Viruses.

The most observable impact is the direct damage done by viruses in the form of lost data, computer and operator time and other resources. The quantification of the estimated losses could form the subject of an elaborate study in its own right but is likely to contain a wide margin of error. At the current virus infection growth rates the estimate is in any case likely to be outdated before it is calculated.

A second area of quantifiable impact is the cost of implementing anti-virus measures. This goes beyond the mere financial costs of software and hardware packages as operator and management productivity are affected and computer processing overhead introduced.

There are also a number of non-quantifiable consequences of the virus threat, mainly in the form of changed attitudes. Some vendors blame the slowdown in growth rate of PC sales on the virus threat although this is probably exagerated. What cannot be denied is that many user errors, hardware problems or software bugs are now blamed on viruses, often resulting in a significant waste of time and efforts before the real problem is diagnosed.

A very important but more long term negative impact is the reduced level of networking and interaction which results from system users who are more hesitant in accessing online bulletin boards and databases or system managers who increase the level of security unduly. This is specifically expressed in the policy statement issued by Internet after the worm attack: "The Internet is a [...] facility whose utility is largely a consequence of its wide availability and accessiblity. [...] Security [to make the Internet more resistant to disruption] may be extremely expensive and may be counterproductive if it inhibits the free flow of information which makes the Internet so valuable."

6. Trends in Virus Technology

A number of trends have already become apparent in the four years that viruses have become widespread, which may serve as pointers to future further evolutions.

Many viruses anticipate anti-virus software and employ a number of stealth techniques to make their detection more difficult. Most viruses now already intercept system error messages while they are trying to infect other files. Many are also careful to retain (or reset) the original file attributes such as date and time stamps, read-only attributes or file size (even if the actual size is larger than the system record!). Some viruses already employ self-encryption schemes whereby the code is dynamically changed as it is executed, others use a number of different signatures. Larger viruses have been reported who contain a lot of redundant "armour" code, apparently in an effort to confuse anti-virus experts. Finally, it is only a matter of time before viruses check file CRCs and add some "padding characters" of the appropriate values in order to retain the original checksums.

Apart from making the detection more difficult, nastier memory-resident viruses even exploit anti-virus packages and use them as a vehicle to spread themselves during the scanning process to all the software that is being virus-checked! This fact constitutes in fact a major dangers of using virus-checking software. Both the Dark Avenger and Plastique have been spread in this way.

As more and more viruses are created, the amount of publicly available information increases which enables prospective virus writers to employ more sophisticated routines which exploit operating system software bugs and current anti-virus software weaknesses. Examples are MS-DOS viruses which make direct use of ROM BIOS routines. Because of this, some virus researchers were moving to restrict the access to facts about computer viruses. This is unlikely to become successful as proven by the many varieties of viruses that are around. The publication of a number of virus codes have made the process even easier, although even unpublished viruses can be disassembled and improved with relative ease. And even relatively unsophisticated computer users will soon be able to construct their own custom-made viruses with user-definable messages and menu-selectable actions using black market "do-it-yourself virus building kits".

Viruses also start targeting specific software applications, such as the Dbase or Lotus virus. This is accompanied by a greater subtility in the damageing actions. Instead of erasing file allocation tables or deleting entire files, only pairs of digits are being swopped or small parts of the disks are being modified over a relatively large time span.

The first virus writers were hackers who wanted to show off their programming capabilities. More and more writers seem to have political objectives in mind. This is already illustrated in a number of viruses (e.g. the Marijuana, Peace and Israeli viruses). As the media attention continues, it motivates certain other individuals bent on (anonymous?) publicity, similar to the psychology behind many serial murders. But the most important source of future highly sophisticated and professionally developed viruses may be the cut-throat, not-so-ethic commercial software industry itself. Consider the following scenario painted by Dvorak.

"Imagine some Microsoft code that went out looking for programs compiled by non-Microsoft compilers. Borland and others insist on inserting a message in the compiled code to let everyone know what product did the compilation. So the virus looks for the Borland name and then swaps a few bits around. What if someone working for Borland did it? An industrial spy somehow hired at Microsoft by accident? Can you imagine the kinds of intrigue we may have in the next few years? Lawyers: on your mark, get set..." and "The next logical step in the marketing of software is to keep people from using the competitor's product at all costs. Viruses are likely to be discussed as a genuine strategy in teh years ahead when the going gets tough."

Viruses will spread to many different operating systems. Although currently only MS/PC-DOS, Apple, Unix and Xenix viruses have been reported, they are likely to spread to other operating environments as well. Already a virus is reported to be written with Novell Netware in mind. Viruses are also likely to become a problem in mainframe environments. It is expected that OS/2 and Windows viruses are much more difficult to create but will also much more difficult to fight.

All the above factors make it clear that the growth in the number of different viruses is exponential as evidenced by recent statistics:

"[In May 1991] the European virus research community revised its estimate of how many know viruses there would be by the end of 1991. Predictions have moved from 1000 to 2000, as against last year in December when a mere 142 viruses had been identified."

It is clear that if this growth rate continues, the traditional virus identification and detection packages will no longer be feasible since it will be impossible to scan entire systems for all known viruses.

7. Advantages of viruses.

The purpose of the following discussion must be seen in context. It is clear that costs associated with viruses have far outweighted any short term benefits. However, very little attention is given to the small benefits they do have, so this discussion should provide some counter balance. Also, in most revolutions short term costs exceed the immediate benefits; the final cost-benefit analysis can often only be assessed from a long term historical perspective. In time, the virus threat may prove to be just one of the growing pains or necessary childhood diseases of a maturing micro-computer industry.

7.1 The Anti-virus Industry.

The virus threat has proved to be a boon for computer security products. The US market for security products and services for computers was estimated at $588 million in 1988 and this market is predicted to grow substantially, in part due to the virus scare. Although many dubious security products were released initially, a shake-out can be expected and has in fact already occurred to a certain extent. But the fact remains that many companies confirm that their sales rose dramatically when they started selling virus protection software.

A huge market has thus been created in the form of software packages, hardware add-ons, conferences, publications etc. It is probably too early to decide whether this market is really a "zero-sum" game or if there is real value being added.

7.2 Security Awareness.

The virus scare has at least made both managers and users aware of the dangers involved with a relatively free data and program exchange between computer systems. An analogy can be drawn with the early hacking activities whereby large corporate mainframe systems were penetrated by youngsters and outsiders. The shocking display of vulnerability of major financial and other information systems was thus brought to light and in many instances proper steps were taken to assure an adequate level of security.

In a similar vein, the security threat posed by virus attacks has prompted many prominent institutions to analyze and review their security systems. A local study undertaken by J.P. van den Berg reveals that the larger South African organisations see virus attacks as the number two priority security issue.

It is important to note that the level of information systems security awareness has risen significantly not only with MIS executives but, maybe more importantly, among corporate chief financial officers and chief executive officers.

7.3 Development of More Secure Operating Systems and Architectures.

Virus have exposed one of the major weaknesses of small system operating systems and open architectures in general: their general lack of security. The lack of password protection or file history of micro-computers make the task of viruses so much easier. More importantly, should it be so easy to modify the operating system? The author used a bit editor to rename the "copy" command within the command processor and thus substituted it with the renamed external "vcopy" program (that checks for viruses in addition to copying). While this procedure addresses a real need it is debatable whether such tampering should be allowed.

More and more programs are coming onto the market with built-in checking procedures which detect and report tampering with source code or file attributes. Whilst this process has been inspired almost entirely by the virus, it may be argued that this a generally positive development which protects the intellectual property rights of software developers. It is expected that future programming language compilers will implement file integrity checking subroutines which may be incorporated almost automatically in user-developed programs.

In the longer run, more thought will be put into the development of operating systems and hardware architectures. Already a number of systems have appeared on the market, such as "The Immune System" announced by American Computer Security Industries which features a system protection kernel, user authorization procedures and protected software directories.

7.4 Computational Aspects of Computer Viruses.

By far the most exciting potential advantage of viruses stems from a theoretical study of their computational aspects. Cohen, which has pioneered theoretical virus research, has shown formally that:

"any number that can by `computed' by a Türing Machine can be `evolved' by a virus, and that therfore, viruses are at least as powerful as Türing machines as a means for computation."

Few people have recognized that fact that viruses are one of the first successful (...) demonstrations of the potential of decentralized computing within a micro-computer environment. The mind boggles at the potential applications for this type of technology. A few examples will be mentioned but cannot be fully worked out due to space limitations.

"The [Simple Viral Protocols] called `viruses' are destructive, but it should be very interesting to use such processes for automatic maintenance of software. As an example : Suppose several packages use an inefficient version of a procedure or routine, in large organizations, it should be easier to update such a package by such an approach rather than to recompile and link all these packages, especially in case of large distribution." (bold print by Guinier)

Another potential application is mentioned by Cohen:

"As an example, a compression virus could be written to find uninfected executables, compress them upon the user's permission, and prepend itself to them. Upon execution, the infected program decompresses itself and executes normally. [...] Studies indicate that such a virus could save over 50% of the space taken up by executable files in an average system."

Many more examples come to the author's mind easily. Maybe the ideal application would be an anti-virus file integrity checking routine that would attach itself to any executable file which has no built-in checking feature. Might a sufficiently powerful but flexible routine not mean the end to the virus saga?

Another potential application might be a network utilitie that spreads and balances application workloads across different workstations: "viruses" in idle workstations send messsages (or message-viruses?) and take some of the workload over from busy workstations. From this perspective, it seems that many unexplored links and potentialities may exist between virus technology, decentralized processing techniques and object-orientation.

Other uses could be a virus that spreads "auto-backup" routines to software that needs backing up, mail and message systems, task scheduling processes and the automatic addition of hardware device drivers to programs when system configurations change.

A proposed name for this type of routines was suggested by Thimbleby: Liveware. The idea is to let liveware spread like a virus, to carry information on behalf of one or more users that want to share their work is.

7.5 Other Advantages.

The event of software piracy may be reduced because of the virus threat. It has certainly prompted a number of companies to make the use of illegal software cause for dismissal. As the relative cost of legal software in Thirld World countries seems to have made piracy more widespread, many of these countries appear to have suffered more extensively from viruses.

Some researchers contend that a community of hackers, often highly intelligent computer programmers, is essential for a dynamic and evolving computer industry. "The hacker is both a national treasure and a national headache and [we need] to learn to live with them." In this light, viruses may be viewed as a detrimental, but necessary by-product of this essential sub-culture.

If nothing else, viruses have also created a new area for sccientific research and media controversy. Many more studies can be expected along the lines of Harrington's "Why people copy software and create computer viruses: individual characteristics or situational factors?"

Thimbleby mentions a number of other potential advantages in . He expresses the

Context - many "costs" but also some advantages - like many revolution it is unclear (initial cost, sometimes outweighted by subsequent better environment)

Computational aspects of viruses: [cohen - theoretical pioneer] first true "distributed procession" (refer definition!) in DOS? file compression [] but also anti-virus (checksum) (Fight fire with fire!) - theoretical research - backup - monitoring (big brother) - messages

Importance of security procedures:

Data & system integrity => more secure OS? MS-DOS comes of age (growth pains of single-user, single-workstation OS) (cost?), selfchecking programs

anti-virus industry

piracy

Similar Documents

Premium Essay

Appendix E

...Components In your own words, describe the following hardware/software components Legacy systems A legacy system is the components of the hardware and software of the existing IT system of a company. This system tends to be older and still used to fill the needs of the company. Mainframe computers Mainframe computers were the first computers developed. They were large and complicated such that IT people were the only ones that could operate them. As they progressed they were connected to local stations such that secretaries or clerks for a department would be able to input data and use word processing capabilities. They still exist today in many companies and are used as the main hub for information processing and storage. Microprocessors Microprocessors are a computer chip that were used for a person’s own computing. This is when they used the chip on their desks and programmed it to do whatever they wanted it to do. PCs Personal computers were introduced in 1976. They were used mostly for the spreadsheets and word process applications. Then the companies realized eventually that they could advance with the new technology of PC to better the company. Network computers This system was designed for work at companies to connect to the individual clients. World Wide Web and Internet This is when the software engineers decided to link companies not only close to them but by other countries also. This new type of technology is linked by mainframes, telephone lines...

Words: 498 - Pages: 2

Free Essay

Internal Use Only

...NT2580 Unit 1 Assignment 2 Internal Use Only Here at Richmond Investments we need to ensure we meet a data classification standard when it comes to our employees accessing the internet from work provided computers and having access to privileged work related data. Under this standard we will implement standards for the LAN Domain, Workstation Domain, and the User Domain. For the LAN Domain we will need to secure the wiring closets, data centers, and computer rooms are secure. For access to these areas personnel will have to have the proper credentials and without them they will not be allowed access. We will need electronic door locks with a push button code. This would ensure that nobody can get into those rooms without that code. For the Workstation Domain we will require user name and passwords on all computers. This will ensure that access to the system will only be available to those that have already been added to the network by an IT Administrator. We will keep the computers up to date with current anti-virus software and regular monitoring. Only approved devices will be allowed to function with the workstations. This will eliminate possible outside threats from getting any data off the network in case they do gain access to an unlocked workstation. For the User Domain we will have an employee manual and acceptable use policy for all employees to follow. Each employee will be placed under the group in which they work for and only have access to the data that...

Words: 421 - Pages: 2

Premium Essay

Nt1330 Unit 2 Assignment 1

...the database, this is known as definition files. Anti-virus protection will protect the computer from malicious software and viruses. Malicious software is self-replicating so that anti-virus protection is used to stop this kind of software replicating. A virus will make the computer shut down, so anti-virus protection is put in place to prevent this from happening. There are different forms of viruses which anti-virus software prevents; these include adwok, malware and worms. Adwok are advertisements which users may see on websites they visit, for example you may visit a website like eBay, and then when you go on to...

Words: 1817 - Pages: 8

Premium Essay

P3 Unit 1 Network Analysis

...P3 – Explain the key components required for client workstations to connect to a network and access network resources. A workstation is a computer focused to a user or group of users engaged in business or professional work. A workstation has larger multitasking capabilities this is because of the additional random access memory (RAM), drives and drive capacity. When building a network, the components used fall into a number of different categories these categories are: Network devices- Network devices are components used to connect computers or electronic devices together so that they can share files or resources for instance printers or fax machines. The devices used to setup a Local Area Network (LAN) are the most common type of network...

Words: 662 - Pages: 3

Premium Essay

Computer and Virus

...effecting today’s business world In the past decade, computer and networking technology has seen enormous growth. This growth however, has not come without a price. With the advent of the Information Highway, as it's coined, a new methodology in crime has been created. Electronic crime has been responsible for some of the most financially devastating victimizations in society. In the recent past, society has seen malicious editing of the Justice Department web page (1), unauthorized access into classified government computer files, phone card and credit card fraud, and electronic embezzlement. All these crimes are committed in the name of free speech. These new breed of criminals claim that information should not be suppressed or protected and that the crimes they commit are really not crimes at all. What they choose to deny is that the nature of their actions are slowly consuming the fabric of our country's moral and ethical trust in the information age. Federal law enforcement agencies, as well as commercial computer companies, have been scrambling around in an attempt to educate the public on how to prevent computer crime from happening to them. They inform us whenever there is an attack, provide us with mostly ineffective anti-virus software, and we are left feeling isolated and vulnerable. I do not feel that this defensive posture is effective because it is not pro-active. Society is still being attacked by highly skilled computer criminals of which we know very little about them...

Words: 1225 - Pages: 5

Free Essay

Computers

...The internet was under attack last night by the fastest-growing computer virus in history. Worldwide systems were buckling after the 'Sobig.F' spread to 134 countries in just 96 hours, generating tens of millions of e-mails. Experts fear it could increase the volume of electronic traffic by a staggering 60per cent, slowing the internet to a crawl. It is believed to have cost British businesses alone hundreds of millions in lost orders and system crashes. The global cost will be immense. Individual companies have been bombarded with millions of copies of the virus, while home users have seen their machines "jammed" by up to 6,000. The PC World chain said tens of thousands of customers had brought in computers to be "cleaned" by technicians. Experts say Sobig appears to have been written by senders of "spam" - unwanted junk e-mail - trying to find ways past internet filters which block their messages. The new digital onslaught comes hard on the heels of two other major viruses, Blaster and Nachi. "This is the worst barrage of viruses in the history of computing," said Graham Cluley of Sophos Anti-Virus. "Even companies who are properly protected are feeling a slowdown. "Sobig. F is the fastest-spreading virus of all time and if it carries on at this pace for a few more days it will become the most prevalent too." MessageLabs, a British-based Internet security firm, said it had intercepted more than a million copies of Sobig.F in 24 hours, more than for any other virus...

Words: 506 - Pages: 3

Premium Essay

Computer Viruses

...Computer Viruses While technology advances have brought many benefits to society there have also been technological abuses (1). In today’s generation, with the help of the Internet and the rapid growth of the personal computer in the average household, we are able to talk to and share information with people from all sides of the globe (2). Unfortunately this transformation of data has opened the doors for a new era of high tech crime – the computer virus. The Internet is now a complex gateway for transgression and immoral activities where often the perpetrators of the crime are far removed from the scene of the criminal activity and hidden behind a maze of double speak (3). Computer viruses are enigmatic and grab our attention. They move silently from computer to computer under a shroud of secrecy and deceit. If they are not caught in time, these malicious programs can erase all the data off a hard drive, rearrange numbers in a spreadsheet file, or practically anything else a clever programmer can devise. A computer virus is a potentially dangerous computer program designed with the intent of obliterating or corrupting data that it comes into contact with. Computer viruses are mysteriously hidden beneath seemingly innocuous programs, which explains the reason for their effective dissemination across the Internet. These malicious computer programs are designed to replicate themselves or insert copies of themselves into other programs when executed within the infected program...

Words: 2468 - Pages: 10

Premium Essay

Personal Internet Based Email Policy

...APPENDIX Employee Handbook 2013 Personal Internet Based Email Policy Purpose Over the last few years the use of email has become predominant in society and most people have multiple accounds. As technology has advanced it has become easier to access personal email from anywhere, especially through the use of internet based email. These internet based email services offer great ease of access; however, they also make it easier to enable the delivery of malware and virus’s into the company infrastructure and must be used with care and awareness. The Personal Internet Based Email Policy lays out the guidelines adopted by Richman Investments in this regard. These guidelines determine the expectations of personal conduct by Richman Investments personnel while engaging in the use of Personal Internet Based Email from Richman Investments computers and networks. Definition Employees will be held accountable for any malicious software, virus, or spyware downloaded or inserted onto Richman Investments computers or networks from a personal account. Policy Richman Investments employees who choose to access Personal Internet Based Email will be held to high professional standards. Personal Internet Based Email accounts can be a useful tool to help our employees maintain a work life balance, however, if used incorrectly or abused, can be detrimental. If there is any confusion in regards to online behavior, refer to the suggested guidelines below before accessing these accounts...

Words: 567 - Pages: 3

Free Essay

Lab 4 Assessment Worksheet

...is one Thing that a virus, a worm, spyware, and malicious code have in common? What are the differences among these four threats: They are all created to create a threat to the security of you system. A virus – A small program designed to infect your computer and cause errors, computer crashes, and even destroy your computer hardware A worm – Software applications designed to spread via computer networks Spyware – Tracking software that hides itself (runs in the background) and gathers information without the computer owner's or user's knowledge or permission for the benefit of someone else. Malicious code – Malware short for "Malicious" software is designed to infiltrate or damage a computer system without the owner's informed consent. 2. How often should you update your anti-virus protection? Must be updated regularly to stay effective against new viruses, and most anti-virus software is designed to update automatically, but you can also update your software manually. 3. Why is it a best practice to have and to carry an antivirus boot-up disc or CD? So that there is not a chance of anti-virus program to have issues (with virus, malware, etc.). Installed on the workstation already there could be virus’s already in there. 4. What other anti-malicious software and anti-malicious code applications are included with Avira under the Real-Time Shields application? What risk and threats do these help mitigate? Real-Time Shield (with Avira) shields the possibility...

Words: 992 - Pages: 4

Free Essay

Lab 7 Security

...Content Filtering, and Content Categories. All of these methods are then filtered into Barracuda Central where the main hub of Barracuda’s security program works its filtering throughout the web. Barracuda Central Collects Data From All Over The World Barracuda Central collects emails, URLs and other data from all over the world. Barracuda Central has thousands of collection points located in over 100 countries. In addition, Barracuda Central collects data contributions from more than 100,000 Barracuda products in use by customers. Barracuda Central analyzes the data collected and develops defenses, rules and signatures to defend Barracuda's customers. You can purchase a Barracuda web router and use their personalized software for your computer system which is fed into the Barracuda hardware throughout the network. Task 2 1. Most good antivirus software is not cheap, but to find out which one best suite your needs you can download free trials from a couple of different versions. Norton, McAfee, and Kaspersky all have free trial versions of their antivirus software. Most of them only last about 90 days where you will have to purchase the full version if you want to continue to...

Words: 876 - Pages: 4

Premium Essay

Love Bug Virus

...To create a virus, a user or attacker needs to create a code. In this code the attacker needs to express what type of virus, he/ or she wants to use. Once the attacker determines what type of virus is going to be used, then they must determine who they want to attack. Lastly, ask what type of data they want to gain from the attack. People write computer viruses. The person has to write the code, test it to make sure it spreads properly and then release it. A person also designs the virus's attack phase, whether it's a silly message or the destruction of a hard disk. . There are at least four reasons why this is done. The first is the same psychology that drives vandals and arsonists. For some people, that seems to be a thrill. If that sort of person knows computer programming, then he or she may funnel energy into the creation of destructive viruses. Secondly the reason has to do with the thrill of watching things blow up. Some people have a fascination with things like explosions and car wrecks. Creating a virus is a somewhat like that, it creates a virtual bomb inside a computer, and the more computers that get infected; the more "fun" the explosion. The third reason involves bragging rights; some people enjoy the status it holds. Certain types of programmers see security holes that could be exploited, and are compelled to exploit the hole themselves before someone else beats them to it. The reason that drives many people on a day-to-day basis to commit crimes, get easy cash...

Words: 963 - Pages: 4

Premium Essay

Security Updates for Malware

...due to the recent Malware infection at one of the sites this is an area that needs to be addressed. The Anti-virus software on the client computers is another issue that needs to be updated. After discussing the situation with the different employees, the following recommendations should be implemented to ensure the future security of each of the sites. Recommendations include firewalls, software security for viruses and malware, and remote access for automatic updates. Firewalls are programs that keep out hackers, viruses, and worms from reaching the computers of employees. There are 2 types of firewalls, a hardware firewall and a software firewall. Commercial software firewalls are usually more powerful than those that come with the operating system. These are installed on each computer from a CD or by downloading it from the internet. Hardware firewalls is a physical device that attaches to the computer and is configured through a cable connection. A hardware router installed between client computers and the internet will help with external security issues. A software firewall should also be installed on each computer to prevent the spread of viruses that might infect the network if a computer becomes infected. Firewalls work by closing ports that are unused by the computers and regulating the traffic in ports that are used by the computer. Several firewalls programs are available, Norton 360 from Symantic, Armor2net, McAfee, and more. Each software package has different...

Words: 1342 - Pages: 6

Premium Essay

An Introduction to the Computer Security Problem

...to the Computer Security Problem Donald L. Brinkley and Roger R. Schell This essay provides an overview of the vulnerabilities and threats to information security in computer systems. It begins with a historical presentation of past experiences with vulnerabilities in communication security along with present and future computer security experiences. The historical perspective demonstrates that misplaced confidence in the security of a system is worse than having no confidence at all in its security. Next, the essay describes four broad areas of computer misuse: (1) theft of computational resources, (2) disruption of computational services, (3) unauthorized disclosure of information in a computer, and (4) unauthorized modification of information in a computer. Classes of techniques whereby computer misuse results in the unauthorized disclosure and modification of information are then described and examples are provided. These classes are (1) human error, (2) user abuse of authority, (3) direct probing, (4) probing with malicious software, (5) direct penetration, and (6) subversion of security mechanism. The roles of Trojan horses, viruses, worms, bombs, and other kinds of malicious software are described and examples provided. In the past few decades, we have seen the implementation of myriads of computer systems of all sizes and their interconnection over computer networks. These systems handle and are required to protect credit data, justice information, computer vote tabulation...

Words: 13185 - Pages: 53

Free Essay

Disaster Plan

...| Disaster plan | | | | 6/6/2010 | | Abstract This is a disaster plan that I created for the IST Department of XYZ Computers company in order to prevent any future problems that may arise such as the situation they had over the weekend when a major water pipe broke and flooded the first floor, causing extensive damage to the servers. Included in the disaster plan I will address a few issues that will aid the company in protecting against such things as any natural disasters that may occur as well as any other occurrences that may deem necessary for such a disaster plan. I will detail my recommendations for using a RAID system for data protection in order to have a well placed back up plan with the most up to date information possible. In short I plan to properly detail a disaster plan the best possible way that I can in order to have a good disaster recovery plan in place rather than having to spend the time and money on extra recovery efforts. Hopefully having such a plan in place will keep from losing important data to unforeseen issues, such as natural disasters due to the geographical location among other issues that may arise at the most in opportune time possible. When creating a disaster plan the first thing to keep in mind is to do a complete risk assessment of the entire existing computer systems. In order to accomplish this task all the risks and probabilities will need to be noted such as any delays to system uptime and how close at hand these...

Words: 1273 - Pages: 6

Premium Essay

How a New Strategy Saved and Created a Bright Future for Ibm in 90s.

...Term Paper Proposal To: Dr. Vijay Karan From: Ming-Tzu Chou Date: 13 February 2012 Subject: Management control system Proposed Research Topic: How a new strategy saved and created a bright future for IBM in 90s. Statement of problem: In the early 1990s, IBM suffered in dramatically declining in the revenue of the mainframe sales, and the stock price also dropped. During the period, the personal computer was the most popular products in Information Technology market, and the mainframe was already outdated. Last but not least, IBM could not reduce its cost according to its size and bureaucracy. As a result, many people believed that IBM could only fell or be divided to smaller companies. Louis V. Gerstner, Jr., who was the new CEO, saved IBM and implemented different strategies in the company. Objective & Method: The purpose of the study is to evaluate how a new strategy affected IBM. Except the abstract, the term project will be separated to four parts: problem statement, strategy formulation and strategy planning of solutions, the summary of results, and recommendations. The term project should reach the following goals through in the four sections. 1. Problem statement will describe IBM’s previous business situation and introduce how problems had generated before Gerstner arrived. 2. The solutions from Gerstner will be deeply analyzed according to the theories from strategy formulation and strategy planning in the textbook. 3. The summary of results will be presented...

Words: 319 - Pages: 2