Иностранные языки

What is computer virus

1. What is computer virus?
    A virus is a piece of software designed and written to adversely affect
your computer by altering  the  way  it  works  without  your  knowledge  or
permission. In more technical terms, a virus is a segment  of  program  code
that  implants  itself  to  one  of  your  executable  files   and   spreads
systematically  from  one  file  to  another.  Computer   viruses   do   not
spontaneously generate: They must be written and have  a  specific  purpose.
Usually a virus has two distinct functions:
    . Spreads itself  from  one  file  to  another  without  your  input  or
      knowledge.  Technically,  this  is  known  as   self-replication   and
      propagation.
    . Implements the symptom or damage  planned  by  the  perpetrator.  This
      could include  erasing  a  disk,  corrupting  your  programs  or  just
      creating havoc on your computer. Technically, this  is  known  as  the
      virus payload, which can be benign or malignant at  the  whim  of  the
      virus creator.
    A benign virus is one that is designed to do no  real  damage  to  your
computer.  For  example,  a  virus   that   conceals   itself   until   some
predetermined date or time and then does  nothing  more  than  display  some
sort of message is considered benign.
    A malignant virus is one that attempts to inflict malicious  damage  to
your computer, although the damage may  not  be  intentional.  There  are  a
significant number of viruses that cause damage due to poor programming  and
outright bugs in the viral code. A malicious virus might alter one  or  more
of your programs so that it does  not  work,  as  it  should.  The  infected
program might terminate abnormally, write incorrect  information  into  your
documents. Or, the virus might alter the directory  information  on  one  of
your system area. This might prevent the partition  from  mounting,  or  you
might not be able to launch one or more programs, or programs might  not  be
able to locate the documents you want to open.
    Some of the viruses identified are benign; however, a  high  percentage
of them are very malignant. Some of the more malignant  viruses  will  erase
your entire hard disk, or delete files.

    What Viruses Do

    Some viruses are programmed specifically to damage  the  data  on  your
computer by corrupting programs, deleting  files,  or  erasing  your  entire
hard disk. Many of the currently known Macintosh viruses  are  not  designed
to do any damage. However, because of bugs (programming errors)  within  the
virus, an infected system may behave erratically.

    What Viruses Don't Do

    Computer viruses don't infect files on write-protected disks and  don't
infect documents, except in the case of Word  macro  viruses,  which  infect
only documents and templates written in  Word  6.0  or  higher.  They  don't
infect compressed files either. However, applications  within  a  compressed
file could have been infected before  they  were  compressed.  Viruses  also
don't infect computer hardware, such as monitors  or  computer  chips;  they
only infect software.
    In addition, Macintosh viruses don't infect DOS-based computer software
and vice versa. For  example,  the  infamous  Michelangelo  virus  does  not
infect Macintosh applications. Again, exceptions to this rule are  the  Word
and  Excel  macro  viruses,  which  infect   spreadsheets,   documents   and
templates, which can be opened by either Windows or Macintosh computers.
    Finally, viruses don't necessarily let you know that they are  there  -
even after they do something destructive. [1]



    2.  Types of Computer Viruses


    Nowadays number of viruses is about 55000. It increases constantly. New
unknown types of viruses appear. To classify  them  becomes  more  and  more
difficult. In common they can be divided by three basic signs:  a  place  of
situating, used operation system and work algorithms. For example  according
these three classifications virus Chernobyl    can  be  classified  as  file
infector and resident Windows virus. Further it will be  explained  what  it
means.


    2.1 A place of existence


    2.1.1File Infectors

    These are viruses that attach themselves to (or replace) .COM and  .EXE
files, although in some cases they can infect files  with  extensions  .SYS,
.DRV, .BIN, .OVL and .OVY. With this  type  of  virus,  uninfected  programs
usually become infected when they are executed with the virus in memory.  In
other cases they are infected when they are opened (such as  using  the  DOS
DIR command) or the virus simply infects all of the files in  the  directory
is run from (a direct infector).
    There are three groups of file infectors.
    Viruses of the first group are called overwriting viruses because  they
overwrite their code into infected file erasing contents. But these  viruses
are primitive and they can be found very quickly.
    Other group is called parasitic or cavity  viruses.  Infected  file  is
capable of work fully or partly  but  contents  of  last  one  are  changed.
Viruses can copy itself into begin, middle or end of  a  file.  They  record
their code in data known not to be used.
    Third group is called companion viruses. They don’t change files.  They
make double of infected file so  when  infected  file  is  being  started  a
double file becomes managing, it means virus. For example companion  viruses
working with DOS use that DOS firstly runs COM. file and after if this  file
is not found runs EXE. file. Viruses make double file with a same  name  and
with extension COM and copies itself in this file. During start of  infected
file DOS runs a COM. file with a virus firstly and then a  virus  starts  an
EXE. file.
    Sometime companion viruses rename file  will  be  infected  and  record
their code in a double file with old name. For example  the  file  XCOPY.EXE
is renamed into XCOPY.EXD and virus record itself in  file  XCOPY.EXE.  When
this file is started computer runs a virus  code  firstly  and  after  virus
starts original XCOPY, saved as XCOPY.EXD. Viruses like this were found  not
only in DOS. They were found in Windows and OS/2.
    It is not only one way to make  double  files.  For  example  there  is
subgroup of  companion  viruses  called  path-companion  viruses.  They  use
special feature of DOS - PATH: hierarchical record of file  location.  Virus
copies itself in file with the same name but situated one level  higher.  In
this case DOS will find file with virus.   [2]



    2.1.2Boot viruses


    Boot Sector Infectors

    Every logical drive, both hard disk and floppy, contains a boot sector.
This is true even of disks that are not bootable. This boot sector  contains
specific information relating to  the  formatting  of  the  disk,  the  data
stored there and also contains a  small  program  called  the  boot  program
(which loads the DOS system files). The boot program displays  the  familiar
"Non-system Disk or Disk Error" message if the  DOS  system  files  are  not
present. It is also the program that gets infected by  viruses.  You  get  a
boot sector virus by leaving an infected diskette in a drive  and  rebooting
the machine. When the boot sector program is read and  executed,  the  virus
goes into memory and infects your hard drive. Remember, because  every  disk
has a boot sector, it is possible (and common) to infect a  machine  from  a
data disk.  NOTE:  Both  floppy  diskettes  and  hard  drives  contain  boot
sectors.

    Master Boot Record Infectors

    The first physical sector of every hard disk (Side Ш, Track  Ш,  Sector
1) contains the disk's Master Boot Record and Partition  Table.  The  Master
Boot Record has a small program within it called the  Master  Boot  Program,
which looks up the values in the partition table for the  starting  location
of the bootable partition, and  then  tells  the  system  to  go  there  and
execute any code it finds. Assuming your disk is set up  properly,  what  it
finds in that location (Side 1, Track Ш, Sector 1) is a valid  boot  sector.
On floppy disks, these same viruses infect  the  boot  sectors.  You  get  a
Master Boot Record virus in exactly the same manner you get  a  boot  sector
virus -- by leaving an infected  diskette  in  a  drive  and  rebooting  the
machine. When the boot sector program is read and executed, the  virus  goes
into memory and infects the MBR of your hard  drive.  Again,  because  every
disk has a boot sector, it is possible (and  common)  to  infect  a  machine
from a data disk. [3]

    2.1.3 Multi-partite Viruses

    Multi-partite viruses are a combination of the  viruses  listed  above.
They will infect both files and MBRs or both files and boot  sectors.  These
types of viruses are currently rare, but the  number  of  cases  is  growing
steadily.

    2.1.4 Macro Viruses
     Until recently, the macro languages included  with  most  applications
were not powerful or robust enough to support writing  an  effective  virus.
However, many of the more advanced applications  that  are  being  developed
today include built-in programming  capabilities  that  rival  some  of  the
larger development packages. This has  recently  been  demonstrated  by  the
various strains of Microsoft Word  viruses,  including  the  so-called  Word
Concept  and  Word  Nuclear  viruses.  These  viruses  transport  themselves
through Microsoft Word documents. When opened in Word, they perform  various
actions, including spreading themselves  into  the  user's  installation  of
Word, thus preparing to infect all future documents on the system.
    An additional concern is that macro viruses can be cross-platform.  The
Word Concept virus has the claim to fame of being the first prominent cross-
platform virus, because it can infect both Windows and Macintosh systems.
    Because most application macro languages support passing  execution  to
an external shell, such as COMMAND.COM or CMD.EXE, the power  of  the  macro
virus is not limited to the constraints of the macro language itself[4].



    2.2 Used operation system.
    Any computer or net virus can infect files of  one  or  more  operation
systems: DOS, Windows, OS/2, Linux, MacOS and others. It is a base  of  this
way of classification. For example virus BOZA working with Windows  only  is
classified as Windows virus, virus BLISS – as Linux virus.

    2.3 Work algorithms.
    Viruses can be differed by used algorithms making them danger and  hard
for catching.
    Firstly viruses can be divided on resident and nonresident.
    Resident virus having come in  operation  memory  of  computer  doesn’t
infect memory. They are capable of copying when they are  started  only.  We
can  call  any  macro  virus  resident.  They  present  in   memory   during
application infected by them works.
    Second   viruses are visible and invisible. To be invisible means  that
users and antivirus programs can’t notice changes of infected file  done  by
virus. Invisible virus catches all requires  of  operation  system  to  read
file and to record in file and shows uninfected version of file. So  we  can
see only ‘clear’ programs during virus works. One of  first  invisible  file
infectors was FRODO and boot infector – BRAIN.
    Almost any virus uses methods of self-coding or polymorphism to  escape
antivirus programs. It means that they can change  itself.  Changing  itself
helps virus to be able work.[5]



    3. Conclusion
    In conclusion I would like to say few words about future of this
classification. Nowadays computer technologies and all software develop
very quickly. It helps new types of computer viruses to appear. Viruses are
becoming more and more dangerous and ‘cleverer’. It means that viruses can
be found more and more hard. But I think that this classification can be
saved a long time thank for principles of work of computer. It means that
this classification will be changed when computers work by principles that
differ from principles of von Neiman. So this classification can be change
by adding new subtypes of basic types if virus makers have created
something new.

[pic]



                 Buryat State University



          The paper: Types of computer viruses



                                              Presented by Nefyodov Yuri
                                          Scientific advisor: Sodboyeva L.D.



      Ulan-Ude 2003



      Abstract
    This paper is about the classification of  computer  viruses.  Firstly,
the paper tells what a computer virus is, what viruses can do and what  they
can’t  do.  Then  there  are  basic  ways  of  classification:  a  place  of
situation, used operation system and work  algorithms.  In  conclusion  it’s
said about future of classification.


    Аннотация
    Этот доклад  посвящён  классификации  компьютерных  вирусов.  В  начале
рассказывается, что такое компьютерный вирус, что вирусы могут делать и  что
не могут. Далее здесь описаны три основных способа классификации:  по  среде
обитания,  используемой   операционной  системе  и   алгоритму   работы.   В
заключении говорится о будущем классификации.



    Plan
        1. What is a computer virus?
        2. Types of computer viruses.
       2.1 a place of existence
       2.1.1 file infectors
       2.1.2 boot viruses
       2.1.3 multi-partite viruses
       2.1.4 macro viruses
        2.2 used operation system
        2.3 work algorithms
    3. Conclusion.



    References:
   1. Могилёв, Хеннер, Пак  «Информатика» Издательство «Академия» 2000г
   2. Журнал «Наука и жизнь» №7 2000 год
   3. сайт WWW.SEMANTEC.RU


-----------------------
[1] WWW.SEMANTEC.RU

[2] Наука и жизнь №7 2000 год стр. 100



[3] Могилёв, Пак ,Хеннер  Информатика  2000 изд. «Академия»
[4] WWW.SEMANTEC.RU

[5] Наука и жизнь №7 2000 год стр. 101-102



смотреть на рефераты похожие на "What is computer virus "