Topic 9:

Information Security and Privacy

We may have seen the TV commercial; a bored-looking office worker sits in his cubicle and checking his e-mail. He perks up when he sees a message with an exciting subject line, then unthinkingly opens the message. Instantly, a menacing-looking character appears on his computer screen, “eats” the program icons on his desktop, and announces that he just unleashed a virus. Within seconds, the same chaos erupts in the surrounding cubicles, and it becomes clear that the worker has made a horrible mistake.

Because of their ability to cause damage and disruption, viruses have been big news in recent years, especially with the outbreak of e-mail viruses beginning in the late 1990s. These viruses have accounted for billions of dollars in downtime and lost data in the past few years. Experts predict that virus attacks will only increase in the future since many computer users are unaware of the dangers posed by viruses and make no effort to protect their computers and data from viruses. As a result, the viruses have continued to become dominant over the years.

Computer Virus: An Introduction

A virus is a parasitic program that infects another legitimate program, which is sometimes called the host. To infect the host program, the virus modifies the host to store a copy of the virus. In short, a virus is a program that can ‘infect’ other programs by modifying them so that the infected program then begins to act as a virus, infecting still other programs. Many viruses are programmed to do harm once they infect the victim’s system. A virus can be designed to do various kinds of damage. But the ability to do damage is not what defines a virus.

To qualify as a virus, a program must be able to replicate (make copies of) itself. This can mean copying itself to different places on the same computer or looking for ways to reach other computers, such as by infecting disks or traveling across networks. Viruses can be programmed to replicate and travel in many ways. Moreover, viruses are created by human-beings who have a certain amount of technical expertise, basically the computer programmers or developers. These virus-writers are destructive in the sense that they use their creativity and technical skills unproductively to create mayhem among other computer users.

How one can pick up a virus?

There can be 4 different ways through which one can pick up a virus, such as:-

1. Receiving an infected file attached to an e-mail message, or a virus hidden within the message itself. E-mail has become the single most common method for spreading viruses, especially now that so many people use the Internet to exchange messages and files. Viruses can even be spread through online chat rooms and instant messenger programs.

1

2. Downloading an infected file to your computer across a network, an online service, or the Internet. Unless one has antivirus software that inspects each incoming file for viruses, one probably will not know if one has downloaded an infected file.

3. Receiving an infected disk (a diskette, a CD created by someone with a CD-R drive, a high-capacity floppy disk and so on) from another user. In this case, the virus could be stored in the boot sector of the disk or in an executable file (a program) on the disk.

4. Copying to our disk a document file that is infected with a macro virus. An infected document might be copied from another disk or received as an attachment to an e-mail message.

How computer viruses work?

Firstly, the computer virus is being created and most of the time they are found hidden in the code of legitimate software programs. These viruses also known as file infector viruses, gets activated when the host program is launched and the virus code gets executed. As a result, the virus gets loaded into the computer’s memory. The virus then starts searching for other programs in the system which it can infect. If a new program is found, it adds its code to the new program and as a consequence of which the new program also gets infected. The virus starts its function by replicating itself to other uninfected programs in the system unless the whole system becomes inoperative. It also performs certain other malicious operations, some of which have been discussed in the next section.

2

What can a virus do: Few Commercial & Financial Implications

The majority of computer viruses are relatively harmless; their purpose is to annoy their victims rather than to cause specific damage. Such viruses are described as benign. Other viruses are indeed malicious, and they can do great damage to a computer system if permitted to run.

Viruses can be programmed to do many kinds of harm, including the following:

1. Copy themselves to other programs or areas of a disk.2. Replicate as rapidly and frequently as possible, filling up the infected system’s disks and

memory, rendering the system useless.3. Display information on the screen.4. Modify, corrupt, or destroy selected files.5. Erase the contents of entire disks.6. Lie dormant for a specified time or until a given condition is met, and then becomes active.7. Open a “back door” to the infected system that allows someone else to access and even take

control of the system through a network or Internet connection. This type of virus may actually be a type of program called a Trojan Horse, and can be used to turn an infected system into a “zombie”, which the virus’s author can use to attack other systems. For example, by using viruses to create a large number of zombie systems, the author can use the zombies to send thousands of requests to a specific web server, effectively shutting it down. Such an attack is sometimes called a “denial of service (DOS) attack” or a “distributed denial of service (DDOS) attack”, because it prevents the server from providing services to users.

Virus programmers can be extremely creative, and many create viruses to perform a specific type of task, sometimes with a specific victim in mind. Regardless, one need to protect one’s system against all kinds of viruses, because nearly any one can strike at any time, given the right circumstances.

Viruses may seem like major problems for individual computer users. For corporations, however, viruses can be devastating in terms of lost data and productivity. U.S. companies lose billions of dollar every year to damage caused by viruses. Most of the expenses come from the time and effort required to locate and remove viruses, restore systems, rebuild lost or corrupted data, and ensure against future attacks. But companies also lose valuable work time – millions of person-hours each year – as workers sit idle, unable to use their computers.

3

Categories of Viruses

Some specific categories of viruses include the following:-

1. Bimodal, Bipartite, or Multipartite viruses – this type of virus can infect both files and the boot sector of a disk.

2. Bombs – The two most prevalent types of bombs are time-bombs and logic bombs. A time-bomb hides on the victim’s disk and waits until a specific date (or date and time) before running. A logic bomb may be activated by a date, a change to a file, or a particular action taken by a user or a program. Many experts do not classify bombs as viruses because they can cause damage or disruption to a system.

3. Cluster viruses – This type of virus makes changes to a disk’s file system. If any program is run from the infected disk, the program causes the virus to run as well.

4. Boot sector viruses – Regarded as one of the most hostile types of virus, a boot sector virus infects the boot sector of a hard disk or floppy disk. This area of the disk stores essential files the computer accesses during start-up. The virus moves the boot sector’s data to a different part of the disk. When the computer is started, the virus copies itself into memory where it can hide and infect other disks. The virus allows the actual boot sector data to be read as though a normal start-up were occurring.

5. E-mail viruses – E-mail viruses can be transmitted via email messages sent across private networks or the Internet. Some e-mail viruses are transmitted as an infected attachment – a document file or program that is attached to the message. This type of virus is run when the victim opens the file that is attached to the message. Other types of e-mail viruses reside within the body of the message itself. Once launched, many e-mail viruses attempt to spread by sending messages to everyone in the victim’s address book; each of those messages contains a copy of the virus.

6. File infecting viruses – This type of virus infects program files on a disk (such as .exe or .com files). When an infected program is launched, the virus’s code is also executed.

7. Joke programs – Joke programs are not viruses and do not inflict any damage. Their purpose is to frighten their victims into thinking that a virus has infected and damaged their system. For example, a joke program may display a message warning the user not to touch any keys or the computer’s hard disk will be formatted.

8. Macro viruses - A Macro virus is designed to infect a specific type of document file, such as Microsoft word or Excel files. These documents can include macros, which are small programs that execute commands. A macro virus, disguised as a macro, is embedded in a document file and can do various levels of damage to data, from corrupting documents to deleting data.

4

9. Polymorphic, Self-Garbling, self-encrypting, or self-changing viruses – This type of virus can change itself each time it is copied, making it difficult to isolate.

10. Stealth viruses – These viruses take up residence in the computer’s memory, making them hard to detect. They also can conceal changes they make to other files, hiding the damage from the user and the operating system.

11. Trojan Horses – A Trojan Horse is a malicious program that appears to be friendly. For Example, some Trojan Horses appear to be games. Because Trojan Horses do not make duplicates of themselves on the victim’s disk (or copy themselves to other disks), they are not technically viruses. But, because they can do harm, many experts consider them to be a type of virus. Trojan Horses are often used by hackers to create a “backdoor” to an infected system.

12. Worms – A worm is a program whose purpose is to duplicate itself. An effective worm will fill entire disks with copies of itself and will take up as much space as possible in the host system’s memory. Many worms are designed to spread to other computers. Worms are commonly spread over the Internet via e-mail message attachments.

Life-cycle of a computer virus

Source: http://media.wiley.com/product_data/excerpt/77/07821412/0782141277-2.pdf

The above figure illustrates the life-cycle of a computer virus starting from creation phase and ending at eradication phase. The creation phase is the stage when the virus is being created and is launched into the system. Once the virus becomes active, it starts replicating itself into other programs with the objective of destroying the entire system. The Discovery stage is the phase where the virus gets detected and identified. The last two phases namely the Assimilation and the Eradication phase where

5

the use of updated versions of anti-virus softwares helps us to get rid off the virus. The last three phases involves the maximum amount of effort, time and cost starting from the detection of the virus, updation and usage of costly anti-virus softwares to completely eliminate the virus out of the system. Most of the viruses have a shorter life-cycle with a sudden destructive motive, but disappear quickly the moment protective methods are employed to eradicate it.

Prevention against Viruses

1. Start by being aware that viruses can come from many sources – even sources you trust. For eg., an email virus may arrive in our inbox disguised as a message from a friend or colleague because it has already infected that person’s computer. A home-made CD or floppy disk can be infected too. In fact, even programs purchased in shrink-wrapped packages from reputable stores have been known to harbor viruses on many occasions. The best precaution is to treat all e-mail messages and disks as potential carriers of infection.

2. Checking for viruses requires anti-virus software, which scans your computer’s memory and disks for known viruses and eradicates them. After it is installed in the system and activated, a good antivirus program checks for infected files automatically every time you insert any kind of disk or download a file via a network or Internet connection. Most antivirus utilities can also scan e-mail messages and attached files as you receive or send them. Some popular antivirus programs includes: Kaspersky, McAfee, Norton, Virex, PC-cillin, Avast, etc.

3. Since new viruses are released almost daily, no anti-virus program can offer absolute protection against them all. Many antivirus software vendors allow users to download updated virus definitions or virus patterns (databases of information about viruses and code that can eradicate them) to their programs over the Internet. The newest generation anti-virus programs can find, download, and install updated virus definitions by themselves, automatically, whenever our computer is connected to the Internet. It is advisable to update one’s antivirus software manually or automatically in at least once a week, to make sure one is protected against the latest viruses.

6

4. Usage of Firewalls:

Source: “How Firewalls work”, http://www.howstuffworks.com/firewall.htm

A Firewall is a protective barrier that safeguards the system from any unexpected damage. It is basically helpful for those who frequently visits the web or uses the Internet quite regularly. If a firewall is installed, it would help your system to remain protected from any destructive forces although a person uses the computer for any length of time.

Data Security Issues

Computer security has received renewed attention in recent years by reports of striking computer viruses and dramatic computer crimes that involve large sums of money. Widespread publicity regarding potential exposures is increasing public awareness of the need for effective security in computing. Still, most experts agree that many such crimes go undetected. The FBI uniform crime statistics do not separate computer crime from other sorts of crime. Furthermore, most of the incidents that are detected will not be publicized because of shame, or because of fear of damage to the organization’s or its management’s reputation, or because of an agreement not to prosecute if the criminal “goes away”. U.S. companies lose billions of dollars every year to damage caused by viruses. Therefore, dollar estimates of computer crime losses are only vague estimates and range from $300 million to $500 billion per year. Most of the expenses come from the time and effort required to locate and remove viruses, restore systems, rebuild lost or corrupted data, and ensure against future attacks. But companies also lose valuable work time – millions of person-hours each year – as workers sit idle, unable to use their computers.

Protection against computer crime is made especially difficult by the multiplicity of targets and points of penetration. In the case of a bank, the obvious target of a bank robbery is, of course, cash. However, because the list of names and addresses of the bank’s certificate of deposit-holders is valuable to a competing bank, it should also be considered a potential target for a bank robbery. Computer security safeguards must address all possible points of penetration, because strengthening the safeguards at one point could just make another point of penetration more appealing to intruders.

7

Computer security Breaches

Computer security breaches can be classified into 4 categories: Interruption, Interception, Modification and Fabrication. In an Interruption, an asset (hardware, software, or data) of the Computer Based Information System (CBIS) becomes unavailable, unusable or lost. An Interception occurs when an unauthorized party has gained access to an asset. Modification represents the security breach when an unauthorized party not only accesses but tampers with an asset. Finally, Fabrication refers to introduction of counterfeit objects into a CBIS.

Interruption and interception represent the prominent forms of security breaches that involve hardware resources documented in computer crime cases. The list of human attacks on computing hardware ranges from accidental spilling of drinks to intentional shorting of circuit boards using paper clips to thieves carrying off equipment. Although the central computing facility has long been protected by physical security systems, the proliferation of personal computers has resulted in renewed vulnerabilities in this area.

Computer crime cases that involve software security breaches fall into the interruption, interception, and modification categories. Software can be destroyed maliciously and it can be stolen (i.e. copied). Unauthorized copying of software, especially personal computer software, has not been stopped satisfactorily. Nevertheless, unauthorized modification of a working program remains the most important security breach involving software.

Because of its nature, data is more vulnerable than both hardware and software to security breaches. Malicious destruction of data (interruption), wiretapping to obtain data in a network (interception), modification of data being transmitted electronically, and creating fictitious records (fabrication) represent the types of data security breaches encountered in computer crime cases.

The Privacy Act of 1974

The Privacy Act of 1974 (Dec.31, 1974) established a code of Fair Information practices wherein the federal agencies maintains and records the personally identifiable information about individuals without disclosing the personal information to others. The Privacy Act requires that if an individual’s rights are violated, the Federal agencies would be subject to damages. “The Privacy Act mandates that each United States Government agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.” (Source: Wikipedia)

Conditions of disclosure:-

The Privacy Act states in part:

“No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.” (Source: Wikipedia)

8

There are specific exceptions for the record allowing the use of personal records:

1. For statistical purposes by the Census Bureau and the Bureau of Labor Statistics2. For routine uses within a U.S. government agency3. For archival purposes "as a record which has sufficient historical or other value to warrant its

continued preservation by the United States Government"4. For law enforcement purposes5. For congressional investigations6. Other administrative purposes

Future Issues

In conclusion, we may say that computer viruses are malicious computer programs that are designed by human beings to destroy the computers. There are different types of viruses that spread from one computer to the other and create problems to the computer users. So the users must get hold of a good anti-virus program to stop the destructive properties of the viruses. Moreover, the anti-virus software should be constantly updated to include new virus programs that could negate the effects of modern viruses. In addition, one must be extremely cautious while opening any file from any unknown sources or while downloading files from the Internet. Unless the computer users are more aware and cautious about the viruses, it won’t be possible for all of us to prevent the growing menace of the computer viruses.

References:-

1. “Appendix C – Computer Viruses”, Introduction to Computers by Peter Norton, sixth edition, McGraw Hill companies.

2. “Social and Ethical Issues in Information Systems”, (Chapter-19), Principles of Information Systems – A Managerial Approach, by Ralph M. Stair, Boyd and Fraser Publishing company.

3. Computer Security Institute (CSI), http://www.gocsi.com4. IBM Anti-virus Research, http://www.research.ibm.com/antivirus5. “How Firewalls work”, http://www.howstuffworks.com/firewall.htm6. http://en.wikipedia.org/wiki/Privacy_Act_of_1974 7. “Understanding Computer viruses”, Chapter-1,

http://media.wiley.com/product_data/excerpt/77/07821412/0782141277-2.pdf

Prepared by : Joy Chakraborty, Ph.D scholar, 2011, Roll No: 11BM91S01, VGSOM, IIT- Kharagpur

Presentation available at:

http://www.slideshare.net/JoyChakraborty/information-security-and-privacy-10359652

9