Virus (computers): Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
No edit summary
imported>Howard C. Berkowitz
Line 15: Line 15:
Once running, they may directly attack a resource with an explicit command, such as to delete files, or with invocation of standard system code that has a similar function.  The virus may try to avoid security checks by breaking out of normal limits with techniques such as [[buffer overflow]]s.
Once running, they may directly attack a resource with an explicit command, such as to delete files, or with invocation of standard system code that has a similar function.  The virus may try to avoid security checks by breaking out of normal limits with techniques such as [[buffer overflow]]s.
== Protection ==
== Protection ==
The most useful protection against computer viruses is the education of the end user.  If computer users know what to look for, and what to avoid, they can escape many of the dangers of computer viruses.  Perhaps the most useful tool in the fight against computer viruses is an [[anti-virus (computers)|anti-virus]] program.  These programs range from single purpose and free programs to extensive suites of protection packages.
The most useful protection against computer viruses is the education of the end user.  If computer users know what to look for, and what to avoid, they can escape many of the dangers of computer viruses.   
 
Perhaps the most useful tool in the fight against computer viruses is an [[anti-virus (computers)|anti-virus]] program.  These programs range from single purpose and free programs to extensive suites of protection packages.
 
Antivirus programs depend on being programmed with a signature that lets them recognize a virus before it executes. [[Malware polymorphism]] is one way to defeat the early warning. A second line of defense can look for the known names of executable viruses, but, again, these can be polymorphed. Antiviral software that looks for behavior of viruses is stronger but must be written much more specifically.
 
==References==
==References==
{{reflist}}
{{reflist}}

Revision as of 10:43, 8 February 2009

This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Template:TOC-right In the context of computer security, a virus is a piece of malicious software (i.e., malware) that has the general characteristics that the computer user is unaware of its existence, it has been installed without permission, and is an unauthorized consumer of resources. Qualifying the software as "unauthorized" excludes such things as remotely installed maintenance updates, since there is an implicit authorization, by the computer owner, to allow such updates to install and confuse resources.

Computer viruses differ from other forms of malware in that, like a virus (biology), they cannot "live" on their own. A biological virus must be a parasite inside a cell; a computer virus is a parasite to some other fully executable software.

A virus will propagate after some action is taken to "infect" resources in the computer. This typically requires the execution of some other program, which is either a legitimate program that has had virus code inserted into it, or a program that the user has been tricked into activating (e.g., trojan (computers)). Viruses, as opposed to worms, do not have the capacity to enter a computer and immediately begin to spread to other computers. Much like a biological virus can only exist inside a living cell, a computer virus only can exist inside a separately established program.

Viruses may only replicate inside the computer, altering and consuming resources, or may insert themselves into executable software distributed by the computer, such as a mail attachment containing a macro, HTML, or Postscript.

Targets

While a virus may attack almost any type of system, the majority of viruses are written to attack a computer system running Microsoft Windows related computers is simply because they retain the largest market share in the computer field. There certainly have been a number intended to attack UNIX and LINUX systems, as well as the Apple Macintosh operating system. At some of the times when it was most difficult to get third-party software for Macintoshes, one would occasionally hear the plaintive comment, "even the people that run viruses don't support Macs."

Viral design

Viruses may run as at the level of the actual computer (i.e., machine language), or in virtualized languages that are interpreted, such as HTML or client-side extensions such as Javascript, Postscript, or the macro language inside Microsoft Word.

Once running, they may directly attack a resource with an explicit command, such as to delete files, or with invocation of standard system code that has a similar function. The virus may try to avoid security checks by breaking out of normal limits with techniques such as buffer overflows.

Protection

The most useful protection against computer viruses is the education of the end user. If computer users know what to look for, and what to avoid, they can escape many of the dangers of computer viruses.

Perhaps the most useful tool in the fight against computer viruses is an anti-virus program. These programs range from single purpose and free programs to extensive suites of protection packages.

Antivirus programs depend on being programmed with a signature that lets them recognize a virus before it executes. Malware polymorphism is one way to defeat the early warning. A second line of defense can look for the known names of executable viruses, but, again, these can be polymorphed. Antiviral software that looks for behavior of viruses is stronger but must be written much more specifically.

References