Реферат на тему UnH1d Essay Research Paper Polymorphic
Работа добавлена на сайт bukvasha.net: 2015-06-18Поможем написать учебную работу
Если у вас возникли сложности с курсовой, контрольной, дипломной, рефератом, отчетом по практике, научно-исследовательской и любой другой работой - мы готовы помочь.
Untitled Essay, Research Paper
Polymorphic &
Cloning Computer
Viruses
The generation of today is growing up in a fast-growing, high-tech
world which allows us to do the impossibilities of yesterday. With the help of modern
telecommunications and the rapid growth of the personal computer in the average household
we are able to talk to and share information with people from all sides of the globe.
However, this vast amount of information transport has opened the doors for the computer
"virus" of the future to flourish. As time passes on, so-called
"viruses" are becoming more and more adaptive and dangerous. No longer are
viruses merely a rarity among computer users and no longer are they mere nuisances. Since
many people depend on the data in their computer every day to make a living, the risk of
catastrophe has increased tenfold. The people who create computer viruses are now becoming
much more adept at making them harder to detect and eliminate. These so-called
"polymorphic" viruses are able to clone themselves and change themselves as they
need to avoid detection. This form of "smart viruses" allows the virus to have a
form of artificial intelligence. To understand the way a computer virus works and spreads,
first one must understand some basics about computers, specifically pertaining to the way
it stores data. Because of the severity of the damage that these viruses may cause, it is
important to understand how anti-virus programs go about detecting them and how the virus
itself adapts to meet the ever changing conditions of a computer.
In much the same way as animals, computer viruses live in complex environments. In this
case, the computer acts as a form of ecosystem in which the virus functions. In order for
someone to adequately understand how and why the virus adapts itself, it must first be
shown how the environment is constantly changing and how the virus can interact and deal
with these changes. There are many forms of computers in the world; however, for
simplicity’s sake, this paper will focus on the most common form of personal
computers, the 80×86, better known as an IBM compatible machine. The computer itself is
run by a special piece of electronics known as a microprocessor. This acts as the brains
of the computer ecosystem and could be said to be at the top of the food chain. A
computer’s primary function is to hold and manipulate data and that is where a virus
comes into play. Data itself is stored in the computer via memory. There are two general
categories for all memory: random access memory (RAM) and physical memory (hard and floppy
diskettes). In either of those types of memory can a virus reside. RAM is by nature
temporary; every time the computer is reset the RAM is erased. Physical memory, however,
is fairly permanent. A piece of information, data, file, program, or virus placed here
will still be around in the event that the computer is turned off.
Within this complex environment, exists computer viruses. There is no
exact and concrete definition for a computer virus, but over time some commonly accepted
facts have been related to them. All viruses are programs or pieces of programs that
reside in some form of memory. They all were created by a person with the explicit intent
of being a virus. For example, a bug (or error) in a program, while perhaps dangerous, is
not considered a computer virus due to the fact that it was created on accident by the
programmers of the software. Therefore, viruses are not created by accident. They can,
however, be contracted and passed along by accident. In fact it may be weeks until a
person even is aware that their computer has a virus. All viruses try to spread themselves
in some way. Some viruses simply copy clones of themselves all over the hard drive. These
are referred to as cloning viruses. They can be very destructive and spread fast and
easily throughout the computer system.
To illustrate the way a standard cloning virus would adapt to its
surroundings a theoretical example will be used. One day a teacher decides to use his/her
classroom Macintosh’s Netscape to download some material on photosynthesis. Included
in that material is a movie file which illustrates the process. However, the teacher is
not aware that the movie file is infected with a computer virus. The virus is a section of
binary code attached to the end of the movie file that will execute its programmed
operations whenever the file is accessed. Then, the teacher plays the movie. As the movie
is being played the virus makes a clone of itself in every file inside the system folder
of that computer. The teacher shuts down the computer normally, but the next day when it
is booted up all of the colors are changed to black and white. The explanation is that the
virus has been programmed to copy itself into all of the files that the computer accesses
in a day. Thus, when the computer reboots, the Macintosh operating system looks into the
system folder at a file to see how many colors to use. The virus notices it access this
file and immediately copies it self into it and changes the number of colors to two. Thus
the virus has detected a change in the files that are opened in the computer and adapted
itself by placing a clone of itself into the color configuration files.
Another prime way that viruses are spread throughout computers
extremely rapidly is via LANs (Local Area Networks) such as the one setup at Lincoln that
connects all of the classroom Macs together. A LAN is a group of computers linked together
with very fast and high capacity cables. Below is an illustrated example of a network of
computers:
Since all of the computers on a network are connected together already,
the transportation of a virus is made even easier. When the "color" virus from
the above example detects that the computer is using the network to copy files across the
school, it automatically clones a copy of itself into every file that is transported
across the network. When it reaches the new computer it waits until it has been shut off
then turned back on again to copy itself into the color configuration files and change the
display to black and white. If this computer should then log on to the network, the virus
will transport again. In this manner network capable viruses can very quickly adapt and
cripple an entire corporation or office building.
Do to the severity of some viruses, people have devised methods of
detecting and eradicating them. The anti-viral programs will scan the entire hard drive
looking for evidence that viruses may have infected it. These programs must be told very
specifically what to look for on the hard drive. There are two main methods of detecting
viruses on a computer. The first is to compare all of the viruses on the hard disk to
known types of viruses. While this method is very precise, it can be rendered totally
useless when dealing with a new and previously unknown virus. The other method deals with
the way in which a common cloning virus adapts. All that a cloning virus really does is
look at what operations the computer is executing and react and adapt to them by making
more copies of itself. This is the serious flaw with cloning viruses: all the copies of
itself look the same. Basically all data in a computer is stored in a byte structure
format. These bytes, which are analogous to symbols, occur in specific orders and lengths.
Each of the cloned viruses has the same order and length of the byte structure. All that
the anti-virus program has to do is scan the hard drive for byte structures that are
duplicated several times and delete them. This method is an excellent way of dealing with
the adaptive and reproducing format of cloning viruses. The disadvantage is that it can
produce a number of false alarms such as when a user has two copies of the same file.
Thereby, a simple cloning viruses’ main flaw is exposed. However,
the (sick minded) people who create these viruses have founded a way to get around this by
creating a new and even more adaptive virus called the polymorphic virus. Polymorphic
viruses were created with the explicit intent of being able to adapt and reproduce in ways
other than simple cloning. These viruses contain a form of artificial intelligence. While
this makes them by no means as smart or adaptive as a human being, it does allow them to
avoid conventional means of detection. A conventional anti-virus program searching for
cloned viruses will not think files with different byte-structures as are viruses. A good
analogy for a polymorphic virus would be a chameleon. The chameleon is able to change its
outward appearance but not the fact that it is a chameleon. A polymorphic virus’s
main goal is just like that of any other virus: to reproduce itself and complete some
programmed task (like deleting files or changing the colors of the monitor); this fact is
never changed. However, it is the way in which they reproduce that makes them different. A
polymorphic virus does more to adapt than just make copies of itself into other files. In
fact, it does not really even clone its physical byte structure. Instead it creates other
programs with different byte structures that are attempting to perform the same task. In a
sense, polymorphic viruses are smart enough to evolve itself by writing new programs on
the fly. Because of the fact that they all have different byte structures, they pass
undetected through conventional byte comparison anti-viral techniques. Not only are
polymorphic viruses smart enough to react to their environment by adaptation, but they are
able to do it in a systematic way that will prevent their future detection and allow them
to take on a new life of their own.
Computer viruses are extremely dangerous programs that will adapt
themselves to the ever changing environment of memory by making copies of themselves.
Cloning viruses create exact copies of themselves and attach to other files on the hard
drive in an attempt to survive detection. Polymorphic viruses are able to change their
actual appearance in memory and copy themselves in much the same way that a chameleon can
change colors to avoid a predator. It is not only the destructive nature of computer
viruses that make them so dangerous in today’s society of telecommunications, but
also their ability to adapt themselves to their surroundings and react in ways that allow
them to proceed undetected to wreck more havoc on personal computer users across the
globe.BibliographyRizzello, Michael. Computer Viruses. Internet. http://business.yorku.ca
/mgts4710/rizello/viruses.htmSolomon, Dr. Alan. A Guide to Viruses. Internet. http://dbweb.agora.stm.it/
webforum/virus/viruinfo.htmTippett, Peter S. Alive! Internet. http://www.bocklabs.wisc.edu/~janda/alive10.html.
1995."Virus (computer)," Microsoft (R) Encarta. Copyright (c) 1993 Microsoft
Corporation.
Copyright (c) 1993 Funk & Wagnall’s CorporationYetiser, Tarkan. Polymorphic Viruses. VDS Advanced Research Group. Baltimore, 1993.