BUSINESS COMMUNICATION

AND
SOFT SKILL
PRESENTATION ON

VIRUS
&
ANTIVIRUS
Presented
By,
NITIN PATIL.
Roll No.- 37
Virus
Virus vs. Anti-Virus:
The Arms Race

by---------------------Nitin patil
Outline
 Viruses
 Anti-Viruses
 Discussion
 Viruses
 A virus is “a program that can ‘infect other programs by
modifying them to include a possibly evolved copy of
itself.” - Fred Cohen
 Fred Cohen seems to have been the first to define the
term virus, but the concept had been discussed earlier
and there were some viruses out in the wild before he
began his research.
How does a computer virus identical with a
biological virus?
------------Just as a biological virus injects its own
genetic information into a cell and interferes with
the body’s normal operations, a computer virus is a
program written to interfere with the proper
functioning of a computer. It may damage
programs, delete files, reformat hard disks and
perform other forms of destructive acts.
Viruses example
 The WM.Nuclear Microsoft Word macro virus infects Word documents during
opening, saving, and printing by adding a set of macros to them. On April 5th it
attempts to overwrite critical system files, and it occasionally adds the text "STOP
ALL FRENCH NUCLEAR TESTING IN THE PACIFIC!" to the current document.
(Information from Symantec’s security bulletin.)

 Worms are not viruses-

 The VBS.SST@mm “Anna Kournikova” malware is a worm, not a virus, because
it e-mails copies of itself but does not infect any other documents. (Information about
VBS.SST@mm from Symantec’s security bulletin.)
 ----------------------------------------------------------------------------------------------------------------
 Over 85% of all the known viruses are for Microsoft
platforms (nearly all the self-propagating worms are as
well)
Malware terminology
 a web site listing 56 different terms related to viruses and malware, including:
 backdoor
 boot sector viruses
 Encrypted virus
 Hoax
 Micro virus
 More statistics from the web-site
 A few hundred are for Javascript, Hypercard, Perl, and other scripting languages.
Few of these can spread beyond a few machines without active support of the
users
 150 are for the Atari
 31 are native to the Macintosh, and only two of them are known to exist anymore
 2 or 3 are viruses native to OS/2
 More statistics from the web-site
 About 5 are for Linux/Unix/etc, but none have been found in quantity "in the wild", nor would
they be likely to spread very far if they were "loose"
 None are for BeOS, ErOS, or other small-population systems.
 Question: can we reduce the risk of getting a virus infection by not using
Microsoft products?
Example virus
 Fred Cohen’s example virus:
program virus := { 1234567;
subroutine infect-executable := {
loop:file = get-random-executable-file;
if first-line-of-file = 1234567 then goto loop;
prepend virus to file; }
subroutine do-damage := { whatever damage is to be done }
subroutine trigger-pulled := { return true if some condition holds }
main-program := {
infect-executable;
if trigger-pulled then do-damage;
goto next;}
next:
}
More about viruses
 Viruses aren’t necessarily hard to write
 Cohen reports that his first virus took only 8 hours for an experienced

programmer to write.
 Viruses aren’t necessarily big
 Cohen reports on a UNIX shell script virus that was only 7 lines long

 Viruses aren’t necessarily malware- Cohen describes a

hypothetical virus that compresses executables to conserve disk space.
 Viruses can be malicious in many ways-
 Virus action or infection:
 Carry bad service attack

 Crash the machine

 Randomly destroy data

 Install a Trojan horse program

 Perform password cracking

 … and basically any other nasty thing you can not think of.
Isolation
 One way to protect against infection is to isolate systems, users, and/or
information to make it difficult or impossible for a virus to spread widely.
 Total isolation is a sure cure.
 Total isolation probably isn't practical for most users…

 Partitioning (controlling or preventing)

 If we can’t isolate systems and users from each other completely, maybe we
can erect partitions to limit the spread of malware.
 It was thought that the Bell-LaPadula model might help limit the spread of
viruses, but Cohen reports that “viruses demonstrated the ability to cross
users boundaries and move from a given security level to a higher security
level.”
 Detection-If we can’t limit the spread of a virus, maybe we can find it and
quarantine infected files…
 Unfortunately, no general algorithm for detecting virus behavior is

possible.
 Cohen argues this by proposing a virus that infects only when the
detection algorithm thinks it isn’t a virus.
 Anti-virus programs must make do with more limited solutions, such
as scanning for a virus signature.
Virus detection problems
 According to Cohen, the following are undecidable:
 Detection of a virus by its appearance
 Detection of a virus by its behavior
 Detection of an evolution of a known virus
 Detection of a triggering mechanism by its appearance
 Detection of a triggering mechanism by its behavior
 Detection of an evolution of a known triggering mechanism
 Detection of a virus detector by its appearance
 Detection of a virus detector by its behavior
 Detection of an evolution of a known viral detector
Known clean system
 Some virus detection techniques require you to start from a clean system.
 DOS users used clean boot disks to defeat stealth viruses…

 But is it always possible to get to a known clean state?

 What if every UNIX vendor had been infected with Ken Thompson’s
C compiler virus? Even their “clean” distribution media would be
infected…

 ‘Now for some good news

“This arms race is usually in favor of the de-obfuscator. The obfuscator
has to devise techniques that transform the program without seriously
impacting the run-time performance or increasing the binary's size or
memory footprint while there are no
such constraints for the de-obfuscator.”
- Kruegel et al
Que???????????stion
 is it possible that there are viruses in the wild today that have
infected large numbers of systems but have gone unnoticed
because they have few if any side effects and have not yet triggered
their destructive payloads?

 Discussion-


Anti-virus can win in the
future?
 Thanks
You……………………………………