computer viruses 911 computer support

32
COMPUTER VIRUSES REMOVE

Upload: bozzerapide

Post on 07-May-2015

170 views

Category:

Business


1 download

DESCRIPTION

911 Computers Support and Repair is a Fort Worth-based emergency response team that offers an array of computer repair services to the distressed computer user. With over 10 years of commitment and swift service, we are continuing to provide exemplary technology support to all our clients.

TRANSCRIPT

Page 1: Computer viruses 911 computer support

COMPUTER VIRUSES REMOVE

Page 2: Computer viruses 911 computer support

OVERVIEW

Computers & Viruses

History of Computer Viruses

How Viruses Work

Virus Detection\Removal\Analysis

Alternative Detection Method

Computer Immune System

Miscellaneous Other Topics

Page 3: Computer viruses 911 computer support

COMPUTERS AND VIRUSES

Page 4: Computer viruses 911 computer support

COM

PUTERS AN

D VIRU

SES

“A computer is a machine that manipulates data according to a list of instructions.”

“A computer is, at its most basic, a machine which can take instructions, and perform computations based on those instructions.”

“Computers are not very intelligent devices, but they handle instructions flawlessly and fast.”

“A computer is an electronic device that executes the instructions in a program.”

What is a Computer?

Page 5: Computer viruses 911 computer support

COM

PUTERS AN

D VIRU

SES

“A virus is a sub-microscopic infectious agent that is unable to grow or reproduce outside a host cell.”

“A virus is not strictly alive.. nor is it strictly dead... A virus has some fundamental information which allows it to make copies of itself. However, the virus must be inside a living cell of some kind before the information can be used.”

“Viruses are not living cells, but efficient parasites that commandeer living cells and turn them into virus factories.”

“an ultramicroscopic, metabolically inert, infectious agent that replicates only within the cells of living hosts, mainly bacteria, plants, and animals: composed of an RNA or DNA core, a protein coat, and, in more complex types, a surrounding envelope.”

What is a Virus?

Page 6: Computer viruses 911 computer support

COM

PUTERS AN

D VIRU

SES

“Computer Viruses are self replicating software entities that attach themselves parasitically to existing programs.”

“We define a computer 'virus' as a program that can 'infect' other programs by modifying them to include a possibly evolved copy of itself.”

“A computer virus is a self-replicating computer program that spreads by attaching itself to executable files or system areas on diskettes.”

“Computer viruses are small software programs that are designed to spread from one computer to another and to interfere with computer operation.”

What is a Computer Virus?

Page 7: Computer viruses 911 computer support

HISTORY OF COMPUTER VIRUSES

Page 8: Computer viruses 911 computer support

HISTO

RY OF CO

MPU

TER VIRUSES

Early 1980’s - University of Southern California

Leonard Adleman•Computer Science & Molecular Biology•Famous for work with Rivest and Shamir on RSA•DNA Computing•Coined the term “Computer Virus”

Fred Cohen•PhD student under Adleman•Created the first ‘real’ computer virus November 10, 1983

•Parasitic application that seized control of computer operation

The Beginnings

Page 9: Computer viruses 911 computer support

HISTO

RY OF CO

MPU

TER VIRUSES

OSX Linux MS-DOS Windows

? 30 4000 >200,000

Statistics

Page 10: Computer viruses 911 computer support

HOW VIRUSES WORK

Page 11: Computer viruses 911 computer support

HO

W VIRU

SES WO

RK

1.Attachment2.Penetration3.Uncoating4.Replication5.Assembly6.Release

Virus Life Cycle

Page 12: Computer viruses 911 computer support

HO

W VIRU

SES WO

RKComputer Virus Life Cycle

Page 13: Computer viruses 911 computer support

HO

W VIRU

SES WO

RKInfection of a Program

Page 14: Computer viruses 911 computer support

VIRUS DETECTION\REMOVAL\ANALYSIS

Page 15: Computer viruses 911 computer support

VIRUS D

ETECTION

\REMO

VAL\ANALYSIS

The goal of anti-virus software is to detect all viral infections on a given computer system and to restore each infected program to its original uninfected state. If possible.

Activity MonitorsAlert user to system activity that is indicative of a virus.

Integrity Management SystemsWarn user of suspicious changes to files.

These methods can detect presence of unknown viruses, but they are not often able to pinpoint the nature or even location of the infecting agent. Normal, legitimate activity can also be flagged, causing a nuisance and disrupting normal work. This can lead to the warnings being completely ignored.

Virus Detection

Page 16: Computer viruses 911 computer support

VIRUS D

ETECTION

\REMO

VAL\ANALYSIS

Virus Scanners scour the file system, searching through files, boot records, memory, and anywhere else executable code can be stored, searching for characteristic byte patterns (Signatures) that are identifying portions of viruses.

Scanners provide much more specific detection than activity monitors and integrity management systems, and are essential for establishing the identity and location of a virus.

Disinfectors use the identity and location information to restore programs to their original states.

Scanning and repairing can only be applied to known viruses and variants

Every Virus strain must be examined individually to extract signatures and information on how to remove it.

Virus Detection & Removal

Page 17: Computer viruses 911 computer support

VIRUS D

ETECTION

\REMO

VAL\ANALYSIS

Once a new virus is discovered, it is passed around a group of anti-virus experts.

A human expert disassembles the virus and then analyzes the code to determine both behavior and the method it uses to attach itself to host programs.

The expert than extracts a signature that is guaranteed to be found in each instance of the virus, but which is unlikely to be found in normal programs.

The new signature is added to the database so that this virus can be detected and removed in the wild.

This is a very time consuming process, taking anywhere from hours to days to complete, and it is possible that a bad signature can be chosen.

Virus Analysis

Page 18: Computer viruses 911 computer support

ALTERNATIVE DETECTION METHOD

Page 19: Computer viruses 911 computer support

ALTERNATIVE D

ETECTION

METH

OD

In the middle of Scanners and Activity Monitors/Integrity Management Systems, lies the generic detector.

A Generic Detector takes a programs code as input and determines whether or not the program is viral or non-viral.

Perfect Generic Detection is an NP-Complete problem, which is reducible to the Halting Problem

Imperfect Generic Detection, however, is possible, and turns out to be a problem in pattern classification.

Generic Detection of Viruses

Page 20: Computer viruses 911 computer support

ALTERNATIVE D

ETECTION

METH

OD

The basic concept of machine learning is applied to virus detection.

Very similar to concepts in Robot Vision for face/object detection.

Features are selected, and then classifiers are trained.

85% detection rate. Other 15% escape detection due to code obscuring techniques.

This method works well for boot sector viruses, but has a few drawbacks1. New viruses can be detected only if they have a sufficient amount of

code in common with known viruses.2. The method is appropriate for viral detection only, and is incapable of

aiding in removal of a virus from an infected boot sector or file.

Imperfect Generic Detection

Page 21: Computer viruses 911 computer support

COMPUTER IMMUNE SYSTEM

Page 22: Computer viruses 911 computer support

COM

PUTER IM

MU

NE SYSTEM

The Generic Detection system is a good start, but is a static, non-adaptive system.

An adaptive system, such as out own immune system is much better.

The immune system responds to virus-like anomalies by capturing and analyzing viral samples.

The samples are analyzed, and a means for detecting and removing the virus are found.

Motivation

Page 23: Computer viruses 911 computer support

COM

PUTER IM

MU

NE SYSTEM

Anomaly DetectionThe ability to determine self from non-self, the existence of things which are not a part of the system.

Scanning for Known VirusesParallel searching through all known virus signatures looking for a match.

Virus RemovalA known virus has been discovered and is now removed.

DecoysAn anomaly has been detected that does not match any known virus signature.Decoys, or programs which are very attractive to viruses, are placed out to bait the viruses.

Biological Defense

Page 24: Computer viruses 911 computer support

COM

PUTER IM

MU

NE SYSTEM

Automatic Virus AnalysisOnce several decoys have become infected with the virus, they can be compared and the inner workings of the virus can be discovered.

Automatic Signature ExtractionA signature that will minimize false negatives and false positives is the goal of this phase.It should be likely to be found in all instances of the virus, but not in normal programs.

Immunological MemoryAdd analysis data and signature of new virus to known virus database for quick lookup later.

Biological Defense

Page 25: Computer viruses 911 computer support

COM

PUTER IM

MU

NE SYSTEM

Immune System Overview

Page 26: Computer viruses 911 computer support

MISCELLANEOUS OTHER TOPICS

Page 27: Computer viruses 911 computer support

MISCELLAN

EOU

S OTH

ER TOPICS

Worm•A worm can spread itself to other computers without needing to be transferred as part of a host

Trojan Horse•A Trojan horse is a file that appears harmless until executed.

A program that does not replicate is not a virus, regardless of whether it is malicious or not. Maliciousness in a program does not make it a virus.

Worms & Trojan Horses & Other Non-viruses

Page 28: Computer viruses 911 computer support

MISCELLAN

EOU

S OTH

ER TOPICS

Can your cat get a Computer Virus?

Page 29: Computer viruses 911 computer support

MISCELLAN

EOU

S OTH

ER TOPICS

RFID – Radio Frequency Identification

RFID Virus uses RFID to spreads primarily by means of SQL Injection.

Everything about regular viruses still apply to RFID Viruses.

The primary attack of RFID Viruses is focused on Databases.

RFID Viruses

Page 30: Computer viruses 911 computer support

MISCELLAN

EOU

S OTH

ER TOPICS

Examples•Supermarket uses RFID to scan merchandise.•Veterinarian uses RFID embedded in pets to find information about animals.•Airport baggage handling system uses RFID to route baggage.

RFID Viruses

Page 31: Computer viruses 911 computer support

1. What feature is a requirement for a program to be a virus?

2. If a program is self-replicating, but does nothing malicious, is it still a virus?

Homework

Page 32: Computer viruses 911 computer support

Visit for quick supporthttp://www.911computersupport.com

Homework