Term Paper

Of

Operating System

CSE 316Topic - How windows operating system handles viruses? Write down various

viruses that can cause serious damage to the computer system.

Submitted To: Submitted By:

ACKNOWLEDGEMENT

I take this opportunity to offer my deep gratitude to all

those who have extended their valued support and advice

to complete this term paper. I cannot in full measure,

reciprocate the kindness showed and contribution made

by various persons in this endeavor.

I acknowledge my sincere thanks to ____________

ma’am (Faculty Member) who stood by me as a pillar of

strength throughout the course of work and under whose

mature guidance the term paper arrives out successfully.

I am grateful to his valuable suggestions.

Contents:

1. Abstract

2. Introduction To Viruses

3. Different Types Of Computer Virses

o Resident Viruses

o Direct Action Viruses

o Overwrite Viruses

o Boot Viruses

o Macro Virus

o Directory Virus

o Polymorphic Virus

o File Infectors

o Companions Virus

o FAT Virus

o Worms

o Trojans Or Trojan Horses

o E-Mail Virus

o Logic Bombs

4. Strategies For Implementing Antivirus

5. Virus Detection By OS

o Network Firewall

o Online Scanning

6. Linux Virus Protection

7. References

1. Abstract:

Computer viruses are pieces of computer code, designed to implant itself in programs or files with the idea of destroying, or changing the data transmitted. Viruses can be spread through interchange of files and programs, loaded onto a computer and executed. They slow down computers, crash a system, or simply reroute data to other units. Virus numbers have risen since the 90s, and the U.S government has passed laws making virus introduction into computers of unknowing victims, a serious crime. Software companies have also sought to stem the tide by creating programs specifically for tracking down viruses and stopping them. Below are articles which provide information on latest computer viruses, virus statistics, computer virus protection and removal.

There are so many things you have to watch out for when you're online, and one of the worst of those is the good old computer virus. Now that broadband Internet is almost everywhere it's making things a lot easier for viruses to get to your computer quickly. This is why it's very important to have a very good firewall on your computer, as well as a good antivirus program. It's just as important to keep them updated on a regular basis - having out-of-date security software is pointless.

This term paper is about operating system, different types of computer viruses and and different techniques of operating system to handle viruses like windows firewall, various anti viruses etc.

2. Introduction to Virus:

A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.

Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and

Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves.

3. Different Types of Computer Viruses

Computer Virus is a kind of malicious software written intentionally to enter a computer without the user’s permission or knowledge, with an ability to replicate itself, thus continuing to spread. Some viruses do little but replicate others can cause severe harm or adversely effect program and performance of the system. A virus should never be assumed

harmless and left on a system. Most common types of viruses are mentioned below:

3.1 Resident VirusesThis type of virus is a permanent which dwells in the RAM memory. From there it can overcome and interrupt all of the operations executed by the system: corrupting files and programs that are opened, closed, copied, renamed etc.

Examples include: Randex, CMJ, Meve, and MrKlunky.

3.2 Direct Action VirusesThe main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted.

3.3 Overwrite VirusesVirus of this kind is characterized by the fact that it deletes the information contained in the files

that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

3.4 Boot VirusThis type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a disk, in which information on the disk itself is stored together with a program that makes it possible to boot (start) the computer from the disk.

The best way of avoiding boot viruses is to ensure that floppy disks are write-protected and never start your computer with an unknown floppy disk in the disk drive.

Examples of boot viruses include: Polyboot.B, AntiEXE.

3.5 Macro Virus

Macro viruses infect files that are created using certain applications or programs that contain macros. These mini-programs make it possible to automate series of operations so that they are performed as a single action, thereby saving the user from having to carry them out one by one.

Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.

3.6 Directory VirusDirectory viruses change the paths that indicate the location of a file. By executing a program (file with the extension .EXE or .COM) which has been infected by a virus, you are unknowingly running the virus program, while the original file and program have been previously moved by the virus.

Once infected it becomes impossible to locate the original files.

3.7 Polymorphic VirusPolymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

3.8 File InfectorsThis type of virus infects

programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belong to this category, and can be classified depending on the actions that they carry out.

3.9 Companion VirusesCompanion viruses can be considered file infector viruses like resident or direct action types. They are known as companion viruses because once they get into the system they "accompany" the other files that already exist. In other words, in order to carry out their infection routines, companion viruses can wait in memory until a program is run (resident viruses) or act immediately by making copies of themselves (direct action viruses).

Some examples include: Stator, Asimov.1539, and Terrax.1069

3.10 FAT VirusThe file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer. This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

3.11 WormsA worm is a program very similar to a virus; it has the ability to self-replicate, and can lead to negative effects on your system and most importantly they are detected and eliminated by antiviruses.

Examples of worms include: PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson.

3.12 Trojans or Trojan HorsesAnother unsavory breed of malicious code are Trojans or Trojan horses, which unlike viruses do not reproduce by infecting other files, nor do they self-replicate like worms.

3.13 Logic BombsThey are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic

bombs go undetected until launched, and the results can be destructive.

3.14 E-mail viruses:

E-mail usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.

Role of operating system in handling viruses-Once a computer has been compromised by a virus, to continue using the same computer without completely reinstalling the operating system is unsafe. There are a number of recovery options that exist

to recover a computer by removing viruses. It depends on severity of type of virus. It involves either reformatting the computer’s hard drive or installing the OS and all programs from original media, or restore entire partition with clean backup image.

When a virus comes in a computer system it can be detected by antivirus installed in computer. Antivirus software is used to prevent, detect, and remove malware, including computer viruses, worms, and Trojan horses, adware, spyware etc.

4. Strategies used for implementing antivirus software are:

Signature-based detection involves searching for known patterns of data within executable code. A signature file is a database of uniquely identifiable "fingerprints" that a virus contains. The fingerprint for an executable virus is a series of machine code bytes aka "strings" that a virus contains

Heuristic scanning is similar to signature scanning, but in this instead of looking for specific signatures, heuristic scanning looks for certain instructions or commands within a program that are not found in typical application programs.

5. Operating system contains following by which virus can be detected:

5.1 Network firewall

Network firewalls is designed to block unauthorized access while permitting authorized communications. They are not antivirus systems as such and thus make no attempt to identify or remove anything. They may protect against infection from outside the protected computer or LAN, by blocking incoming or outgoing requests on certain TCP/IP ports. It is designed to deal with broader system threats that come from network connections into the system.

5.2 Online   scanning

It is an on-demand antivirus and antispyware tool that shows how safe PC is. Some antivirus vendors maintain websites with free online scanning capability of the entire computer, critical areas only, local disks, folders or files.

6. Linux Virus Protection

Linux Virus Protection, you say, isn't that redundant? Why Linux itself is virus protection. A malicious program that seeks to infect system files is going to have very little success when invoked by a non-root user.

Linux Virus Protection, you say, isn't that redundant? Why Linux itself is virus protection. A malicious program that seeks to infect system files is going to have very little success when invoked by a non-root user. So while our hearts are filled with great sorrow over the travails of our Windows friends who have had to do battle with Melissa, Chernobyl and ExploreZip, we have felt insulated from those threats ourselves. Those days are rapidly coming to an end. Not because Linux is highly susceptible to virii, but because the key to enterprise acceptance of Linux is its ability to be highly integrated with corporate standards, even if it means solving problems caused by other operating systems.

In this increasingly interconnected world, the indirect effects of problematic systems can be felt by everyone. When the Melissa virus hit, some Linux servers' sendmail became overloaded with messages and had to shut down. When ExploreZip exploded, some Linux servers running Samba had to contend with Windows clients deleting data files, which had to be restored. In this sense, Linux is only immune to virii if you unplug it from the network.

Beyond protecting Linux systems from the indirect effect of virii, in many enterprise networks, Linux servers should have anti-virus detection capabilities to detect and clean infected files that are moving through the network, files that may be missed by the anti-

virus software running on other stations. As Linux is increasingly adopted in corporate environments, it must not act as "Typhoid Mary" during a virus outbreak, obliviously storing and passing along a virus. As IT managers seek to provide solutions to the increasing instances of virii, many are taking the approach of implementing multiple layers of defense, anti-virus software at every point of entry into the network, using multiple signature files.

While it is theoretically possible to develop a native Linux virus, it is a difficult task. The program will need to obtain root access to perform major damage, unlike Windows 9x where any user can execute a virus that can destroy the Master Boot Record and render a system unusable. The way Linux handles memory management also prevents a virus from executing at will. It is possible that a virus author could attempt to create an environment for infection by creating a buffer overflow condition. By invoking a child process out of an attacked daemon running with root privileges, a virus could potentially have access to system files and infect them. This is a very difficult piece of code to write, but merits more research as Linux gains in popularity. The bottom line is that since the first "native" Linux virus, Staog was reported in the fall of 1996, you can count the number of new Linux viruses on your shop teacher's left hand. Linux can be

considered to have a strong inherent immunity to virii.

The virtual immunity that Linux has to the virus can and should be leveraged to build Linux anti-virus appliances. Not only should Linux Samba servers scan infected files deposited by Windows clients, but a Linux-based anti-virus gateway can be used to scan and protect SMTP, FTP and Web traffic for entire networks. It seems natural that an operating system that cannot be compromised a virus itself, will be the ideal platform for providing enterprise anti-virus solutions

There are a small but growing number of anti-virus solutions for the Linux market. There is a single open source solution and two "freeware" solutions we are aware of:

AMaVis - A Mail Virus Scanner. This software is intended to use other virus scanners as plug-ins to disinfect attachments traveling through sendmail. It is in effect a SMTP anti-virus gateway. This is an open source, GPL solution.

H+B EDV AntiVir/X - This scanner is only free for personal use.

Central Command - This is actually developed at Kaspersky labs

On the commercial side, Network Associates, Data Fellows and Sophos all have Linux versions of their virus scanners. Trend Micro

is beta testing VirusWall, which is an example of an anti-virus gateway. We hope to see more products like this and additional functionality into some of the free solutions, such as AmaVis.

Linux users have had the luxury of ignoring virus threats in the past. As Linux grows up and becomes an enterprise player, integration and interoperability are key issues, and we can be in blissful ignorance no longer. Linux systems will grow as network file servers and need to be able to provide integrated virus detection and repair. In some instances, IT managers migrating to Linux are forced to keep NT servers in service to provide functions like anti-virus scanning, because of a dearth of Linux solutions. Linux advocates need to see the powerful role their chosen operating system can play in the AV market, even if it means they are making Microsoft-based desktops run all that more smoothly.

7. Refrences:

http:// linux.omnipotent.net/article.php?article_id=5409

www. article snatch.com/ Article /Ways-To- Handle - Virus .../1247345

en.wikipedia.org/wiki/Computer_virus

www.avast.com/free- virus - cleaner

www.boloji.com/ computing/security/015.htm

www.secureurpc.com/.../ types -of- computer - viruses .php