Basic Computer Security/Malware/Viruses

From Wikibooks, open books for an open world
Jump to: navigation, search

Chapter 1: Combating Viruses[edit]

In this chapter you will get a good understanding about computer viruses including what they are, how they are written, what do they do, and how to fight back.

What is a computer virus?[edit]

A computer virus is a program which mutates/infects other trusted programs in such a way that they also become like it. A computer virus mainly consists of 2 main modules 1) A Replicator/Infector and 2) Payload/Bomb. But for a program to be considered a virus just having the first module is enough, payload or bomb can be null, even then the program would be considered a virus. This in effect means a program may be doing no harm to other (say it has no payload/bomb) but the fact that it is spreading itself by attaching itself to trusted programs makes it a virus.

This replication or capability to mutate trusted programs is important for a virus' survival.

Say there's a program which deletes all the files when run, the simple action you would take to get rid of it is do a search and delete all copies of it from your disk.

But a real computer virus works a little differently, it has got first the "Spread" stage, in which it infects other trusted programs by adding copies of its Replication module (so that these in turn can affect others) and Payload module. During this time, Payload module will not do anything but stay silent. Only when this "spread" stage is over by meeting "Virii Coders" criteria, like "Have we infected 10,000 files?", if yes, then its showtime. So when it's in showtime stage, it would have already infected all your favourite programs like Notepad, media player etc. Well, you know when a person is bitten by Dracula you see teeth marks on his/her neck, but there's no such easy identification way here. One needs to study the virus to come with such identification mechanisms known as Virus' Digital Signature, which is nothing but a byte patter that helps Anti-Virus programs identify it.

By the way, existence of FIRST virus program was demonstrated by Fred Cohen in 1983.

How is a computer virus written?[edit]

So for all of you who think that a program which deletes all the files when run is a VIRUS, think again. Here's a tiny-winy C program which can delete all the files on a computer, and I repeat: this program cannot be considered a VIRUS. Compile it and when you get the .exe extension, scan it many times with any of the Anti-Virus programs you have, be it Norton, McAfee or any other, they just won't report it as a VIRUS. Do you know why? Because it's not a virus, that's why.

//Source code for program which deletes all the files when run and is not a virus, but a trojan.
#include<stdio.h>
#include<process.h>
int main() { system("del *.*"); return 0 ;}
//Source code ends

Writing a real virus takes effort 100 times more than that. One needs to understand the machine and a lot about the targeted Operating System. So will you ever be able to write a virus or understand its working to save the universe? The answer is YES, if you spend at least 12+ hours a day on computer doing some hardcore programming and reading about your machine, like Intel manuals, etc.

You might on the other hand find some virus source code floating around somewhere, but you will never be able to understand it or innovate upon it until the answer to above question is YES.

Fighting Back[edit]

What is an anti-Virus?[edit]

An anti-virus is a program specifically written to examine all the programs installed on your computer looking for the known malicious programs (viruses). The anti-virus software is no longer effective after approximately 30 days unless you download the updates, therefore the new updates tell the program about newly found viruses since the last update.

Do I need an anti-virus?[edit]

This largely depends on your operating system. If you are running Windows, then it's probably not a bad idea. That said, it is possible to stay safe without installing anti-virus software if you are careful (this means not going to porn sites, avoiding illegal downloads, etc. etc.) about your online activities.

If you're using a Unix or Unix-like OS (such as Linux, BSD, Solaris, Mac OS X, and so fourth) then viruses are not a substantial threat to you. Malware does exist on these platforms, and has done for quite some time, however due to the design of these operating systems, as well as the culture of their userbases, malware does not pose a threat to users of these systems. You'll be fine just so long as you don't do anything foolish whilst logged in as root.

Where can I get an anti-virus program, and how much will it cost me?[edit]

There are many options out there for users looking for Anti-Virus programs, both paid and free services. Some of the major brands for Anti-Virus are McAfee, Norton/Symantec, and Kaspersky; several companies offer security suites, such as Zone Alarm, McAfee, and Norton, which offer Antivirus, Firewall, and Anti-Spyware programs in a single bundle. Many of these products have free trials available, but will require you to subscribe to their update service. Free (for personal users) products exist, like AVG Free edition and Avast! Home; there is also the open source ClamAV. There is a port of ClamAV on Windows known as ClamWin. Microsoft Windows users can also use web-based free security scan services, like the one available at safety.live.com.

What are signature files? Is it important to update my software?[edit]

It is very important to update anti-virus software. Every day, new viruses are released, putting your computer at risk. As a result, it is very important to update your product. The most important aspect of updating your anti-virus software is updating signature files. Every virus contains a unique signature, a string generated based on the contents of its files (after all, a virus is just a program on your computer). When scanning, an anti-virus program will check the signatures of scanned files to see if they match any of the virus signatures. Signature files are provided by the anti-virus companies.