computer viruses Essay Example
computer viruses Essay Example

computer viruses Essay Example

Available Only on StudyHippo
  • Pages: 12 (3269 words)
  • Published: December 16, 2018
  • Type: Case Study
View Entire Sample
Text preview

Analyzing the growth of wearable computing technology and its impact on electronic crime victimizations 3.Conclusion a.Summarizing the findings on computer viruses as a new form of threat b.Highlighting the role of wearable computing in increasing electronic crime victimizations.The text discusses the vulnerabilities and threats in computer and networking technology, including configuration errors and passwords as vulnerabilities. It also highlights the importance of identifying internal threats originating from within the system and examining information dissemination related to computer viruses. Additionally, it speculates on the future implications of computer viruses.

Introduction:
In the past decade, there has been significant growth in computer and networking technology, which includes wearable computing devices like smartwatches and fitness trackers. While these advancements have revolutionized our interaction with technology, they have also brought about certain drawbacks. The progress in technolog

...

y has created an "Information Highway" that has paved the way for criminal activities causing financial harm.

These criminal activities include incidents such as malicious editing of government web pages, unauthorized access to classified files, phone card fraud, credit card fraud, and electronic embezzlement crimes resulting from electronic crime. Those responsible for these crimes argue that their actions should not be considered criminal since they believe it is a form of exercising their right to free speech.

This text emphasizes how such actions deny the negative impact they have on society's trust in the information age. Both federal law enforcement agencies and commercial computer companies are working towards educating the public on preventing computer crimes; however, their efforts fall short due to ineffective anti-virus software and neglecting proactive measures.The text emphasizes the importance of understanding computer criminals and their motives in order to effectively defend against attacks.

View entire sample
Join StudyHippo to see entire essay

It highlights that computers are interconnected with people, meaning that exploiting vulnerabilities in computer systems directly impacts individuals. The paper aims to explore these lesser-known areas and stresses that familiarizing ourselves with the mindset of computer criminals is crucial for protection against financial and emotional consequences. Today, computer systems face attacks from various sources including malicious code (viruses and worms) as well as human threats like hackers and phone "phreaks." These attacks exploit different aspects of a system, making certain systems more susceptible to specific types of attacks. Malicious code can target a system internally or externally, while human threats involve attempts by individuals or groups to infiltrate systems through various means such as computer networks or public switched telephone networks. These attacks often take advantage of known vulnerabilities resulting from configuration errors.The differences and similarities between viruses and worms, as well as the environments they target, can be understood by examining their histories. Viruses primarily impact personal computers, while worms predominantly attack multi-user systems. Both viruses and worms have specific functional requirements that are not currently fulfilled by any single class of systems. However, the gap in functionality between personal computers and multi-tasking workstations is rapidly narrowing. This suggests that future systems could potentially meet the needs of both worms and viruses simultaneously, leading to the emergence of new types of infected systems. Understanding the histories of viruses and worms can help predict future issues caused by malicious code. To facilitate further discussion, the following definitions will be used: a Trojan Horse refers to a program that carries out an unexpected action while performing a useful function; a virus refers to a code segment

that replicates by attaching copies to existing executables; a worm refers to a program that reproduces itself and executes the new copy; and a Network Worm is specifically a worm that duplicates itself on another system using common network facilities and executes the copy on that system.The main idea is that when a computer program gets infected with a virus, it becomes a "trojan horse" and unintentionally executes viral code. Viruses reproduce by attaching themselves to other programs, leading to significant damage before detection. They are designed for specific platforms, such as hardware or operating systems. The term "computer virus" was coined in 1983 during experiments on the Digital Equipment Corporation VAX system. There are two types of viruses: research viruses developed for study purposes and widely spread "in the wild" viruses. The first computer viruses emerged in the early 1980s, affecting various platforms like Apple II, IBM PC, Macintosh, Atari, and Amiga. These popular viruses caused data loss without much protection or recourse for users.Over time, it has become increasingly challenging to detect, disassemble, and eliminate virus code, particularly in IBM PC viruses. The DOS operating system has experienced the highest number of distinct viruses. In 1986, the first IBM-PC virus called Brain emerged as a boot sector virus that remained resident until removed. Other notable viruses like Alameda (Yale), Cascade, Jerusalem Lehigh Miami (South African Friday the 13th) targeted COM and EXE files. Cascade even employed encryption techniques to prevent detection and disassembly. Variable encryption methods appeared with the introduction of the 1260 virus in 1989. In that same year, various stealth viruses such as Zero Bug Dark Avenger Frodo (4096 or 4K)

arose while self-modifying ones like Whale were introduced in 1990. The GP1 virus specifically targeted Novell NetWare passwords in 1991. Since then, viruses have become more complex and equally devastating. Although commonly detected viruses on IBM-PC systems vary across continents, widely spread viruses like Stoned, Brain, Cascade, and members of the Jerusalem family continue to emerge. This suggests that highly resilient viruses exhibit benign characteristics and replicate multiple times before activation or employ innovative techniques not previously seen in other viruses. Personal computer systems lack efficient access controls which allow viruses to modify files and even the operating system itself without being considered "illegal" within the context of the operating system's rules.

:

Over time...

The DOS operating system...

In 1986...

Cascade even utilized...

Variable encryption techniques...

Various stealth viruses such as Zero Bug Dark Avenger Frodo (4096 or 4K)...

The GP1 virus emerged in 1991...

Since then...

This suggests that highly survivable viruses exhibit benign traits and replicate numerous times before activation or employ innovative techniques previously unseen in viruses.

Personal computer systems lack effective access controls which allow viruses to modify files and even the operating system itself.

These actions are considered "legal" within the operating system's context.

Multi-tasking and multi-user operating systems, such as LAN Networks or Unix, have stricter controls in place; nevertheless, viruses can still exist on these systems due to configuration errors and security vulnerabilities. In essence, viruses exploit weaknesses in operating system controls and human behavior when using/misusing the system. Destructive viruses are more likely to be quickly eliminated, whereas innovative ones may go undetected by "average" anti-virus software that requires updating for detection or removal. Disregarding the notion that multi-user systems are immune to viruses due to their complexity, there

are other reasons why they continue to exist considering the abundance of PC viruses compared to other personal computer systems. The larger population of PCs and PC compatible devices significantly increases the potential for virus spread. Personal computer users often exchange disks, which could be avoided if all systems were connected to a network. However, this practice can lead to numerous infections across shared network resources. One reason why viruses may go unnoticed on multi-user systems is that administrators tend to share source code instead of executable files as a means of protecting copyrighted materials; thus prioritizing sharing locally developed or public domain software.Exchanging source code is more convenient than sharing executable files due to potential differences in hardware architecture. However, this perspective on network security can inadvertently expose network administrators to attacks. In summary, conclusions can be drawn about virus spread and eradication based on the following observations: viruses require similar systems and exchange of executable software for effective propagation; destructive viruses are more likely to be eliminated; and innovative viruses may have an initial opportunity for widespread transmission before being detected by anti-viral products.

When it comes to preventing virus attacks, the first line of defense should involve personal and administrative practices, as well as institutional policies regarding shared or external software usage. It is also crucial for users to consider the wide range of available anti-virus products. These products fall into three categories: detection tools, identification tools, and removal tools. Scanners serve as examples of both detection and identification tools, while vulnerability monitors and modification detection programs function as other types of detection tools. Disinfectors belong to the category of removal tools. Scanners

and disinfectors remain the most popular types of anti-virus software used today.They heavily rely on prior knowledge about viral code and utilize methods such as searching for "signature strings" or using algorithmic detection techniques to identify known viruses. Disinfectors require detailed information regarding a virus's size and the specific modifications made in order to restore infected file contents. Vulnerability monitors aim to prevent unauthorized access or modifications to sensitive parts of a system, thus preventing viruses from hooking sensitive interrupts. However, this type of software necessitates knowledge about normal system usage since personal computer viruses cannot bypass security features without involving user decisions. Modification detection is a comprehensive technique that enables the detection of virus infection or Trojan horses without requiring specific information about the virus itself. Modification detection programs commonly employ checksums to compare and identify any changes in executable files. The process involves calculating and saving checksums of clean executables as a baseline, followed by computing and comparing subsequent checksums with the stored values. It should be noted that while simple checksums can be easily circumvented, cyclic redundancy checks (CRC) provide better security but can still be overcome. For maximum security, cryptographic checksums are recommended. Worms possess two essential characteristics: replication and self-containment.Unlike Trojan horses, worms do not need a host and can activate themselves by creating processes on a multitasking system. Network worms replicate across communication links, which distinguishes them from other types of malware. Worms can perform various tasks in addition to replication. Initially, network worms were designed for useful network management functions that utilize system properties to carry out necessary actions. However, malicious worms exploit these same system properties. The

mechanisms that enable both good and malicious code to replicate do not always accurately differentiate between them (SH82). To protect a system against worms, it is important to have both basic system security and sound network security. Different procedures and tools can be used for protection. For basic system security, integrating identification and authentication (I&A) controls into the system is crucial. However, if these controls are poorly managed, they can become vulnerabilities that worms easily exploit. Worms are adept at exploiting such vulnerabilities, particularly internet and DECnet worms targeting I&A controls specifically. Additional tools like configuration review tools (e.g., COPS GS91 for UNIX systems) and checksum-based change detection tools can also be utilized. Designing configuration review tools requires an in-depth understanding of the system but does not require knowledge of worm code.
Intrusion detection tools are a more complex type of tool that is similar to PC monitoring software. These tools analyze commands to identify any suspicious activities performed by users. If such activity is detected, the system manager is promptly alerted.

Wrapper programs are network security tools that can be used to filter network connections. These programs have the ability to allow or reject specific types of connections or connections originating from predetermined systems. By implementing this solution, worm infections from untrusted systems can be prevented.

It should be noted that these tools do not actively protect the system against vulnerabilities in the operating system. This concern must be addressed during procurement and becomes a procedural matter. System managers can access resources such as CERT computer security advisories to stay informed about security bugs and fixes.

Firewalls are widely used security tools for safeguarding networks from worms. The

GS91 firewall system protects the organizational network from external systems within the larger network environment. There are two forms of firewalls: simple and intelligent.

An intelligent firewall regulates connections between hosts within the organizational network and the outside world, acting as a barrier that divides the network into separate parts. To exchange information between hosts on these different networks, users need an account on the firewall systemWhen it comes to human threats, insiders, hackers, and "phone phreaks" are important factors to consider. Insiders exploit their access as legitimate users to bypass security measures and launch insider attacks. Hackers enjoy breaking into systems, while "phreakers" focus specifically on telephone systems.

Insider attacks have historically been the primary threat to computer systems. These individuals, who often have legitimate access to the system, can be difficult to detect or protect against as they have specific objectives. They are capable of planting trojan horses, browsing through files, and compromising both the integrity and confidentiality of the system. Additionally, insiders can impact availability by overwhelming processing or storage capacity, leading to system crashes.

The reasons behind these attacks vary. One factor is that access control settings on many systems do not align with an organization's security policy. This allows insiders to view sensitive data or introduce malicious software without being detected. Another reason is that insiders take advantage of operating system glitches to crash the system, often going unnoticed due to inadequate audit trails that are either insufficient or disregarded.

The definition of a hacker has evolved over time. Originally, hackers were individuals who extensively used and studied a system in order to become experts and provide assistance to computer users.
However, the term now

refers to individuals who unlawfully breach unauthorized systems or exceed their boundaries on systems they have legitimate access to. Hacker methods for gaining unauthorized access include password cracking, exploiting known security weaknesses, network spoofing, and utilizing "Social Engineering". The most commonly used techniques involve password cracking and exploiting known security weaknesses. Password cracking is accessing a system without permission using someone else's account. This is easier when users choose weak passwords that can be easily guessed based on personal knowledge or by using a dictionary. Another way to breach a system is through exploiting known security weaknesses resulting from configuration errors or security bugs. Configuration errors occur when the system exposes itself to risks even from legitimate actions, such as exporting a file system to the network. Security bugs occur when an application program allows unexpected actions due to loopholes. Exploiting these vulnerabilities may involve sending an excessively long string of keystrokes to crash a screen locking program and render the system inaccessible. Lastly, network spoofing is another method used for gaining unauthorized access.
Network spoofing involves one system pretending to be another within the network, taking advantage of trust between systems. By impersonating a trusted system, unauthorized access can be gained to other systems in the network. This compromises the integrity of the targeted system. Social engineering is another method of unauthorized access, involving manipulation to gain entry by pretending to be an authority figure or using personal data for password guessing. Phone phreak hackers pose a threat not only to phone systems but also computer networks connected through dedicated telephone lines on the Internet. Attacking via the phone system has advantages such as difficult

tracing and potential monitoring by the phone company. Using the phone system eliminates the need for sophisticated host machines or direct network access, allowing attacks with a simple dumb terminal connected to a modem.This method often involves multiple hops, where one breached system serves as a launching point for accessing another system and so on. These multiple hops further complicate tracing efforts.
In today's world, desktop workstations are increasingly utilized by scientists and professionals. However, due to lack of proper administration training and time, these systems become more vulnerable to both internal and external attacks.
The primary responsibility of workstation administrators is not administering the workstations themselves; rather, they view them as tools for performing job tasks. As long as the workstation functions properly, they are content. Unfortunately, this neglectful and permissive attitude towards computer security can lead to significant dangers. Poor utilization of controls and use of easily guessable passwords are common outcomes of this approach.
Furthermore, when users begin acting as workstation administrators without sufficient knowledge or concern for security bug fixes and configuration errors occur frequently exacerbating this lackadaisical approach to security.
To tackle this issue, it is important to design systems that prioritize security by default and provide personnel with the necessary tools to verify system security. However, even with proper training and adequate tools, threats will persist as new vulnerabilities and attack methods emerge.
Many organizations currently lack effective channels for distributing security-related information.If organizations do not prioritize computer security, their average systems will continue to be vulnerable to external threats. In addition, system controls often do not align with an organization's security policies, enabling users to frequently bypass these policies. Weak access controls make

it difficult for administrators to enforce policy, while weak audit mechanisms pose challenges in detecting policy violations. Even if audit mechanisms are implemented, the large amount of data generated makes it unlikely for administrators to identify violations. Ongoing research in integrity and intrusion detection aims to address this issue; however, until these research projects become products, systems will remain susceptible to internal threats.

The organization FIRST plays a crucial role in disseminating valuable security information. Comprised of voluntary members who collaborate on addressing computer security problems and prevention efforts, FIRST allows system administrators to receive timely security bug fix information. While the current percentage of administrators receiving this information is low, it is steadily improving each day. On the other hand, hackers effectively utilize information channels provided by publications such as "Phrack" and "2600" within the hacking community. The dissemination of virus code, hacking information, and hacking tools also occurs through bulletin boards and Internet archive sitesIn conclusion, systems are vulnerable to attack due to poor administrative practices, lack of education, tools, and controls. Research can help address the lack of tools and controls, but these are often add-on controls. Instead, there is a need for secure systems to be delivered rather than built from parts. Unfortunately, many administrators lack the knowledge and motivation to make necessary modifications. This allows hackers and malicious users to exploit vulnerable systems, especially with increased connectivity. Network security will continue to be handled on a system-by-system basis until widely adopted standards are in place. Without appropriate security capabilities, the problem will only worsen.

To combat this issue effectively, continuous education for system users and administrators is crucial in countering threats posed

by hackers and electronic criminals. Society must stay updated on preventive measures against such activities in order to protect itself. Federal funding is supporting state educational institutions in promoting computer and network understanding, with the responsibility of disseminating this education falling on schools and communities.

Considering that computers have the potential to control various aspects of our lives, it is essential to prioritize their protection through proper education and security measures.Expanding awareness of computer science is crucial for avoiding electronic attacks. The report's objective is to provide insights into the future and necessary measures to maintain integrity. At the 14th Department of Energy Computer Security Group Conference in 1991, Benjamin Hsaio and W. Timothy Polk led a discussion on computer-assisted audit techniques for Unix. In January 1985, Theresa Lunt et al. published RFC 931, an Authentication server. John Quarterman described a real-time Intrusion-Detection Expert System (IDES) in SRI International's Final Technical Report for SRI Project 6784 in 1992. Eugene Spafford et al., under the ADAPSO organization, released a book titled "Computer Viruses: Dealing with Electronic Vandalism and Programmed Threats" in 1989. Meanwhile, Steven R. Snapp et al developed the Distributed Intrusion Detection System (DIDS), which gained attention through various publications.

Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New