Threats to security

 Computers are subjected to different

types of network problems.

 With the advent of web and networks

attacks from outside by introduces
have been added with malicious
codes such as viruses & worms.
 What is computer virus?
 A computer virus is a small software
program that spreads from one computer
to another computer and that interferes
with computer operation. A computer virus
may corrupt or delete data on a computer,
use an e-mail program to spread the virus
to other computers, or even delete
everything on the hard disk.

 The original virus may modify the copies,

or the copies may modify themselves, as
 How virus spreads?
 A virus can only spread from one
computer to another when its host is taken
to the uninfected computer, for instance
by a user sending it over a network or the
Internet, or by carrying it on a removable
medium such as a floppy disk, CD, or
USB drive .

 It can also spread through connection of

LAN, internet, e-mail, or file sharing.
 Functional logic of virus
 Search for a file to infect it.

 Open the file to see if its infected.

 If infected, search for another file to infect.

 Else, infect the opened file.

 Return control to host program.

 Types of viruses
I. PC viruses.
II. Stealth virus.
III. Polymorphic virus.
IV. Fast and slow infectors.
V. Companion virus.
VI. Armored virus.
VII. Macro virus.
 PC virus
 Consists of FILE INFECTORS  affects
execution of .sys, .exe, .ovl, .prg, & .mnu
files.

 FILE INFECTORS can be DIRECT ACTION or

RESIDENT  affects the memory.

 E.g. Vienna is the virus in RESIDENT

category.

 SYSTEM or BOOT-RECORD INFECTORS 

affects certain areas on disk such as DOS,
MBR, DBR.

 E.g. Brain, Stoned, Empire, etc. are some of

 STEALTH virus
 Hides the modifications it has made in the
original file and copies the original file in
the memory.

 So during virus scan, by anti-viral

program, it (stealth) copies /scans original
file & hence the file gets undetected.

 Hence, it can also be called as SMART

virus.
 FAST INFECTORS
 It is a virus, affects not only executed
programs but also which are merely open,
if active in memory.

 E.g. DARK AVENGER & FRODO virus.

 SLOW INFECTORS
 It is a virus, infects the file by modifying &
fooling the integrity checkers, if active in
memory.

 E.g. DARTH VADER virus.

 COMPANION virus

 It is an virus which doesn’t modifies the

files or programs.

 It creates a new program (unknown to

user) which gets executed instead of
original file.

 ARMORED virus

 it is an virus which uses special tricks to

make their tracing, disassembling &
understanding their code difficult. E.g.
 CATEGORIES OF VIRUSES
 There are 2 major categories:-

 Destructive viruses:- includes 1.massive

destruction. 2.partial destruction.
3.selective destruction.

 Non-destructive viruses:- they intend

to cause attention or harass the end-user.
 VIRUS SPREADING MECHANISM
 The virus may re-produce itself by
delaying its attack.

 It can have an active re-production by

making copies of itself on other disks.

 It can also have an passive re-

production by depending on the un-
suspecting user to make the copies of it &
pass them around.
 TRIGGERS OF THE VIRUS
ATTACK
The virus may trigger upon:-

 On a certain date/time.
 At a certain time of day.
 When a certain job is run.
 After “closing” itself n times.
 When a certain combinations of keystrokes
occur.
 When the computer is restarted.
PROTECTION AGAINST VIRUSES
There are 5 steps against virus-
protection:-

 Education.

 Back-up & recovery procedures.

 Isolate software libraries.

 Implement software library management

procedures.

 Develop a virus-alert procedure.

 FACTORS AFFECTING LEVEL OF
PROTECTION
1. The sensitivity of the data on your PC.

3. The number of personnel having access

to your PC.

5. The security awareness of computing

personnel.

7. The skills levels of computing personnel.

9. Attitudes, ethics, & morale of computing

 TROJAN HORSE
 An unauthorized program contained within
a legitimate program. this unauthorized
program performs functions unknown to
user.

 It is an legitimate that has been altered by

the placement of unauthorized code within
it; this code performs functions unknown
to user.

 Trojan’s can also be called as Rat's, or

 RECOVERY METHODS

 Once a computer has been

compromised by a virus, it is usually
unsafe to continue using the same
computer without completely
reinstalling the operating system.

 However, there are a number of

recovery options that exist after a
computer has a virus. These actions
depend on severity of the type of
virus.
 VIRUS REMOVAL
 One of the Virus Removal technique is
to restore the whole system.

 This service is provided on WINDOWS

ME, WINDOWS XP, WINDOWS VISTA
for the system restore.

 A virus will cause a system to hang,

and a subsequent hard reboot will
render a system restore point from
the same day corrupt.
 Some viruses, however, disable
system restore and other important
tools such as Task Manager and
Command Prompt.

 An example of a virus that does this

is Cia Door.
 OPERATING SYSTEM
REINSTALLATION
 Reinstalling the operating system is
another approach to virus removal.

 It involves simply reformatting the OS

partition and installing the OS from
its original media, or imaging the
partition with a clean backup image.

 For creating this type of Ghost image,

ACRONIS , is the software required.
 Thank you

by :-
Mr. Shankar .l.
Dhameja
Mr. Jeetendra .r.
Chhatpar