SYSTEM SECURITY &

ANTIVIRUS

Chapter - 5

12015-2016

Dr. BALAMURUGAN MUTHURAMAN

MEANING OF COMPUTER SECURITY

22015-2016

Today, however, with pervasive remote terminal access,

communications, and networking, physical measures rarely provide

meaningful protection for either the information or the service; only the

hardware is secure. Most computer facilities continue to protect their

physical machine far better than they do their data, even when the value

of the data is several times greater than the value of the hardware.

Despite significant advances in the state of the art of computer

security in recent years, information in computers is more vulnerable

than ever. Each major technological advance in computing raises new

security threats that require new security solutions, and technology

moves faster than the rate at which such solutions can be developed.

32015-2016

VIRUS

A virus is software that spreads from program to program,

or from disk to disk, and uses each infected program or

disk to make copies of itself. Basically computer damage.

42015-2016

The term comes from biology. A computer virus

reproduces by making, possibly modified, copies of itself in the

computer’s memory, storage, or over a network. Similar to the

way a biological virus would work.

The very first virus to be created outside the single

computer or lab was the program called "Elk Cloner.” It was

written by Rich Skrenta in 1982. The virus attached itself to the

Apple DOS 3.3 operating system and spread through floppy

disk. The virus was originally a joke, created by a high school

student and put onto a game. The 50th time someone played the

game, the virus would be released. So instead of playing the

game, the user saw a blank screen that read a poem about the

virus named Elk Cloner. 52015-2016

A VIRUS SPREAD

First a programmer writes the virus most often being

attached to a normal program; unknown to the user, the

virus spreads to other software. Then the virus is passed by

disk or network to other users who use other computers.

The virus then remains hidden as it is passed on.

62015-2016

TYPES OF VIRUSESThe way viruses are usually categorized is by what they do.

The boot virus which infects the boot sector of disk storage

The program virus which infects the executable programs

The multipartite virus which is a combination of the boot and program virus

The stealth virus which is able avoid detection by a variety of means such as

removing itself from the system registry, or hidden as a system file

The parasitic virus which inserts itself into another file or program such that

the original file is still workable

The polymorphic virus which changes its code structure to avoid detection

and removal

The macro virus which exploits the macro language of a program like

Microsoft Word or Excel.72015-2016

TO PROTECT THE SYSTEMRun a more secure operating system like UNIX, another computer

operating system in which you never hear about viruses on these

operating systems because the of the security features

If you are using an unsecured operating system, you can buy virus

protection software like McAfee or Norton AntiVirus

To help avoid viruses, it is very important that your computer is

current with the latest update and antivirus tools, try to stay

informed with recent threats about viruses and that you be careful

when surfing the Internet, downloading files and opening

attachments 82015-2016

WORMSWorms have been around since 1988. A computer worm is very

similar to that of a normal computer virus. Unlike a virus though,

the worm is a program that can copy itself across a network and it

can run on itself.

A worm also has a unique feature in the sense it does not

have to host program in order to run. A worm works by copying

itself into nodes or network terminals which does not require any

intervention from the user itself. Worms began to take off in the

late ‘90s and early 2000’s. These modern worms ran themselves

through the internet and many file sharing programs such as

KaZaa, a music file-sharing program. 92015-2016

TYPES OF WORMSThe “Email Worm”

– The email worm spreads itself through email

– The worm can hide itself in messages as a link or an attachment that

will redirect the user to an infected website.

– Many users become losses to this particular worm due to their

weakness and willingness to read and open messages that they think

could be interesting.

The Instant Messaging Worm

– This worm masks itself in the form of an “IM” with the contents of a

link that will redirect the user to an infected website and then try to

gain full access of the machine.102015-2016

PROTECT YOURSELVESEven though it seems impossible to not catch a worm, it is

not. One of the best things a computer owner can do is install and

run anti-virus software, especially the kind that updates

automatically. Anti-virus software will notify the user when a

virus or worm is found and prevent it from running and/or

copying itself.

Other precautions to protect in worm Choosing secure passwords and changing them regularly

Not opening unfamiliar emails or attachments and most importantly

not running or copying software from an unsecured website.112015-2016

VIRUSES VS WORMS1. Spreads from program to

program, or from disk to disk

2. Uses each infected program or disk to make copies of itself

3. Computer damage

4. Destroys data or erases disks

5. Operating system specific

1. Uses computer hosts to reproduce themselves

2. Travel independently over computer networks

3. Software sabotage

4. Resides in memory rather on disk

5. Puts computers at a standstill

122015-2016

ANTIVIRUS SOFTWARE

Computer programs intended to identify and eliminate computer viruses.

132015-2016

The most widely used software is the Norton Antivirus. (NAV)

Since its release in 1990, over 100 million people around the world have used it.

It is a free program but in order to receive live updates, a valid subscription is needed.

142015-2016

McAfee Virus Scan is another popular antivirus program.

It’s designed for home and home-office use.

It’s used specifically on a Microsoft Windows platform.

The latest edition includes a number of features including on access

file sharing, inbound and outbound firewall protection, and daily

definition updates.

152015-2016

For the average home user and advanced users the Kaspersky

antivirus software has an easy to use interface.

The program uses 3 tabs for protection, settings and support.

It updates itself on an hourly basis and is one of the fastest antivirus

programs available.

162015-2016

ANTIVIRUS SOFTWARE: HOW IT WORKS

“Antivirus software is the equivalent to penicillin of the computer world.”

Like penicillin, antivirus applications act as a protector

over your system, scanning incoming files and applications,

“quarantining” or cleaning up unwanted viruses looking to cause

harm to your system.

Antivirus software is considered to be an aid that detects,

fixes and even prevents viruses and worms from spreading to

your computer as well as connecting computers.

172015-2016

DRAWBACKS OF ANTIVIRUS SOFTWARE

Some antivirus software can considerably reduce performance.

There should not be more than one antivirus software installed

on a single computer at any given time.

It is sometimes necessary to temporarily disable virus protection

when installing major updates.

Some argue that antivirus software often delivers more pain than

value to end users.182015-2016

TWO MAIN TYPES OF ANTIVIRUS

There are different types of antivirus software for

different computers . Some are designed for personal

computers. Some are for servers and others for

enterprises.

There are mainly two types of antivirus software are

Specific Scanning andGeneric Scanning

192015-2016

SPECIFIC SCANNING

Specific scanning also called signature detection

The application scans files to look for known viruses

matching definitions in a “virus dictionary” then it takes

necessary action

The specific scanning is not always reliable because virus

authors are creating new ways of masking their viruses so

the antivirus software does not match the virus signature to

the virus dictionary. 202015-2016

GENERIC SCANNINGGeneric scanning is also referred to as the suspicious

behavior approach. Generic Scanning is used when new

viruses appear.

In this method the software does not look for a specific

signature but instead monitors the behavior of all

applications. If anything questionable is found by the

software the application is quarantined and a warning is

broadcasted to the user about what the program may be

trying to do. 212015-2016

Computer viruses and worms can so easily be placed into

your work station and you must be careful when going on

the internet, opening emails from unknown users, make sure

you have some kind of anti-virus software and always get

updates then only you are not helping to spread viruses and

worms to other people as well as harming yourself and your

pocket.

222015-2016