VIRUS Full Form is Vital Information Resources Under Siege. VIRUS is a software designed to duplicate itself and this is done by replicating itself into various programs that are stored in the computer. Most often it creates a negative effect like corrupting the programs and functionalities of them as well as the data stored in the memory of the computer.
Man creates every VIRUS that affects a computer. It is quite easy to create a simple virus which duplicates itself multiple times.Though it appears simple it can cause high damages to the system. On the other hand, complicated VIRUS programs have the capability to transmit across various networks and bypass security systems.
It was in 1987 when one of these VIRUSES damaged ARPANET (which was a huge network utilized by several universities and defense departments) that several anti virus programs started appearing in the market. Currently, most systems are equipped with adequate anti-virus tools to conduct periodic checks of the computer to the commonly known virus programs.
VIRUS Full Form – Additional Information
The progress of the digital world has picked up incredible pace since last few decades, especially with the advent of computers. Without computers, one can hardly imagine life. Almost everything we do seem to have some or the other connection with the digital world. The world has switched to computers that provide mechanisms that are more convenient.
When computer was first invented, no one could have imagined that in future different varieties of computers would occupy the households, open cafes, business cabins, and other places. No one could have imagined that human beings would become so dependent upon these machines that almost everything in their lives would have some or other thing to do with them. Because of the incredible dependency of humans on computers, computer engineers have been working hard to come up with better advancements to improve the services.
These computer engineers have big tasks to achieve and they are the tasks to protect the internal mechanism of computer systems, the database stored in them, and interests of the consumers. They now face the biggest challenge from tech-savvy miscreants who dispatch numerous computer viruses that posses the capability to destroy the functioning systems of the computers and render them useless.
A computer virus, or popularly known as virus, refers to the biggest problem to the security of computer systems. It refers to a malware program, which functions like viruses affecting human body. This program the has the tendency to replicate by inserting its own copies into computer programs, files, or the boot sector of the hard drive. This replication happens when the virus is successfully executed. As soon as the virus conducts replication successfully, the files affected by it are referred to as “infected” areas.
Like a virus weakens or destroys the immunity system of a human body similarly a computer virus has the capability to reduce the performance of or destroy the computer system. It can cause stealing of hard disk space, accessing personal information stored on the computer database, displaying comical messages on the computer screen, showing explicit advertisements on the screen, sending spam, etc. Many computer viruses have the feature of installing themselves on the target computer system without the consent of the computer user. This feature is not common among all viruses. The operating system most affected by viruses is the Microsoft Windows.
It is often asked why anyone would want to create viruses and transmit them to various computer systems. Well, the most common reasons for the deliberate creation of viruses are profit making, stealing personal information, carrying out a political agenda, etc. Many cases have come where viruses were created as a matter of time pass and entertainment. Whatever the reason may be, a computer virus has caused great economic losses of more than billions because it results in the dysfunctional computer system, malfunctioned features, squandering of money, corruption of database, etc. Although there are many free ant-virus softwares available for detection and elimination of computer virus, the loss is still huge because many of these antivirus softwares are unable to detect all the viruses hidden in the system.
Computer virus is a serious concern to computer engineers as well as consumers. There are many aspects of computer virus which must be known to people because they affect a vital object of your life, computer. This article will deal with ten points of information about the computer virus that everyone must know.
Historical facts about Computer VIRUS:
To begin with this topic, let us explore some historical facts about the computer virus. It is important to know where all this started and how it all started.
The first virus was detected on ARPANET, the predecessor of the Internet, during the 1970s. The virus was termed the “Creeper Virus”. It would be interesting to note that this virus was made on an experimental basis for the purpose of infecting DEC PDP-10 computers that functioned on TENEX Operating Systems. The virus was written by Bob Thomas. The Creeper virus, when successfully executed, would display a message on the display screen: “I’m the creeper, catch me if you can!”
In the year 1982, another virus known by the name Elk Cloner appeared. It was declared to be the first virus to infect personal computers. The virus was written by Richard Skrenta, who attached the virus with Apple DOS 3.3 operating system. The virus could spread through a floppy disk.
Fred Cohen had published a paper titled “Computer Viruses-Theory and Experiments” in the year 1984 that was the first paper to expressly use the term ‘virus’. In his paper, he explained that complete detection of all the computer viruses was not possible. It was Fred Cohen, who came up with the concept of compression virus that talked about viruses that he termed ‘benevolent’.
In the year 1992, Microsoft Windows witnessed its first attack. The virus named Winvir was detected in April month of the same year. The virus functioned with the help of DOS interrupts. Eventually in the year 1995, the Boza group developed the VLAD virus that came to be known as the first virus to attack Windows 95. Commodore Amiga was the first known virus to have affected home computers.
Even social networking websites could not remain untouched by the virus writers. Win32.5-0-1 is the first virus to have been directed towards social networking websites. It targeted MSN Messenger and Bulletin Boards. In this, the users of these sites would be asked to click on a link given, which if clicked, would cause the virus to activate. On activation, the user data will send to an unknown e-mail id. That e-mail id was later found to belong to the writer of the virus, Matt Larose.
Vulnerability of Operating Systems:
Different operating systems are differently vulnerable to viruses and thus differential factor often becomes one of the determining points on whether or not to buy a particular operating system.
As mentioned earlier, the most commonly affected operating system is the Microsoft Windows. This is due to the massive popularity of this operating system across the globe, which makes it easier to distribute viruses. Operating systems like Linux, which are available in the form of open source operating system, facilitate options to users to choose from like desktop environments, packaging tools, etc and this limits the effects of malicious program. In operating systems like Linux, the virus would only affect limited number of users. Unlike Linux, the Microsoft Windows makes use of same set of applications the that allows virus to impact larger number of users.
Mac operating systems are preferred over Microsoft Windows and other operating systems because of their significant invulnerability to the virus. Records show that only a few viruses have been reported to affect Mac systems.
Another problem with Microsoft Windows is that it allows users greater freedom in making alterations in the operating system environment and many of these alterations can be easily done without any permissions. This feature is not available in operating systems like UNIX and Linux that do not enable users to make changes to the system’s environment without permission. Ease in making changes allows viruses to gain control over the operating system.
Social Engineering and other practices:
Before a virus could affect the system, it must be allowed to successfully execute a code and write it to memory. That is why often viruses would cling to executable files, which when launched would cause the execution of the virus code.
Many operating systems like Windows often makes use of file extensions that help in ascertaining the category of file. Many of these extensions are not visible to users and because of that, viruses take advantage. Viruses are able to create files extensions that seem different to users. Let us take up an example for clear understanding. Suppose an executable file is created with name abcd.png,exe. The user might believe it to be a file is an image. Thus, virus writers undertake many practices that can expose vulnerabilities in operating systems.
Resident and non-resident Computer Viruses:
Of all kinds of viruses, resident, and non-resident viruses need to be specially discussed as they lay down broad distinctions between different kinds of computer viruses.
A memory-resident virus, also known as a resident virus, undergoes automatic installation meaning that the virus will be installed the moment the code is executed. After installation, the virus remains in the RAM (Random Access Memory) throughout the time the computer is booted and until it is shut down. These viruses attempt to intercept the access to a target file and redirect the control flow to the replication module. This way these viruses are able to infect the system.
On the other side, we have a non-memory-resident virus, also known as a non-resident virus. These viruses function quite differently from resident viruses. On being executed, the virus will undertake scanning of the disk to look for targets, infect them, and then leave the memory.
Another category of viruses is Macro Viruses. Applications like Microsoft Outlook and Microsoft Word facilitate large-sized or macro programs into e-mails and documents. This facility enables automatic run of the programs when document or e-mail is opened. A macro virus affects these applications.
A Macro virus, also known as document virus, is a virus that is scripted in the macro language. -These viruses are inputted into these documents or e-mail, which when opened cause execution of the virus code and then, infection of the computer system. It is therefore advised that unwanted attachments or files should not be opened.
Read request intercepts:
The virus writers always keep in their mind that the virus should be capable of avoiding detection and therefore, they make use of many deception techniques to achieve the task. These are called stealth mechanisms. One such method is read request intercepts.
When the antivirus software sends a read request to the Windows Operating System, some viruses are able to fool the antivirus software. They do so by intercepting its request to read infected files to the operating system. What it does is simple: it intercepts the request, handles the request itself, and provides the antivirus software with an unaffected/uninfected file. This way the virus remains undetected by the software.
This stealth strategy is achieved with the help of code injection of the actual files of the operating system. Code injection, for common knowledge, means misuse of a bug caused due to the processing of invalid data. A person would “inject” a code into the system’s programs and change the manner in which execution takes place.
There is a way to detect stealth. One has to boot from a medium that is supposedly clean. Then, the antivirus software can be employed to scan the unused or inactive files on the operating system. These softwares also detect stealth through virus signatures.
As mentioned earlier, stealth mechanism is necessarily implanted into viruses so that they are able to avoid detection from antivirus softwares. We have already dealt with read request intercept as one of the methods employed to evade detection; we shall now discuss modes of self-modification that viruses employ to secure stealth mode.
There can be many ways in which viruses can achieve evasion through self-modification. One such method is encryption. Encryption is one method to avoid detection of virus signatures. This type of encryption leaves only the encrypted module and cryptographic key. Many viruses may undertake encryption within an executable under exceptional circumstances for example, when the antivirus software is updating or when the computer has been rebooted. This method of encryption is known as Cryptovirology. In this, the virus may even posses the capability to disable the antivirus software.
Let us discuss Polymorphic Code that needs special mention. It needs special mention because it was the first evasion technique adopted that raised serious concerns about the effectiveness of antivirus softwares. In this method, the virus causes infection of the files with the help of an encrypted copy of its own self. This encrypted copy is decrypted by a decryption module, which is altered by every infection caused. This alteration or modification, whatever you may call it, causes none of the parts of the virus to remain identical, making it easier to evade antivirus detection.
Another technique to avoid detection is metamorphic code. In this type of method, many viruses would undertake rewriting of themselves each time they infect files. Such viruses are commonly known as metamorphic. These types of viruses are difficult to create, as they are large and more complex than other viruses’ forms. To employ this technique, it is essential that there is a metamorphic engine.
One of the pre-emptive measures taken to protect the operating system from viruses is antivirus software. It is a common practice to download antivirus software that has the ability to significantly detect and destroy viruses from the operating system whenever the computer downloads or runs an executable. Nowadays there are many antivirus softwares that block websites containing malwares. In order to have their scanner function properly, it is important that the software is regularly updated to “patch security vulnerabilities”.
There are many antivirus software in the market, offering various features to the users. Some of the softwares for Windows operating systems are Microsoft Security Essentials, the Windows Malicious Software Removal Tool, Windows Defender. There are also free programs available like Secunia PSI.
Antivirus softwares make use of two methods to detect viruses. The first method is virus signatures, which is also the most common method of detection. It compares database on the system with a list of virus signature definitions. The only issue with this method is that it can only detect viruses with signatures. The second method of detection is a heuristic algorithm. This method detects viruses whose signature is not updated in the software.
Computer Virus and Internet:
There is a strong connection between virus and internet. Before the Internet happened, the viruses were usually transmitted by means of floppy disks, CD-ROMs, etc. However, with the increase in use of personal computers, of Bulletin Board System (BBS), of modems, and of softwares, Trojan Horse programs were easily transmitted. With time, internet became a hotspot for the transmission of viruses. In the year 2002, the cross-scripting technique surfaced. In this technique, the attackers are able to inject virus code into a webpages accessed by other users. It is often used to avoid access controls. This technique has specially affected websites like MySpace and Yahoo!
It is not always possible to prevent virus attacks but the damage caused can be contained. In order to avoid excessive damage, one must ensure backup of data on media that is not connected with the system or otherwise the media would also be affected. It is better if the media is read only or operates different file systems. When a CD-ROM or DVD is used for backup and the back-up session closes, it becomes read-only and therefore, invulnerable to viruses unless of course an infected filed is copied into the CD/DVD.
Another method is the re-installation of operating system. On successful re-installation, applications should be freshly downloaded and necessary precautions should be taken to prevent infection from restored executable files.