Virus Antivirus - Ingles

8/22/2019 Virus Antivirus - Ingles

1/44

Computer

Worms & Viruses

ERICA SANTIAGO

ASHLEY GUY

DAVID HOLLAND

ASHLEY WHITE

JESSICA PUETTNER


2/44

Viruses

By: Erica Santiago


3/44

What is a Virus?

a virus is software that spreads from

program to program, or from disk todisk, and uses each infected program ordisk to make copies of itself. basically

computer sabotage.


4/44

The History of the Virus

the term comes from biology. acomputer virus reproduces by making,possibly modified, copies of itself in thecomputers memory, storage, or over anetwork. similar to the way a biological

virus would work. the very first virus to be created outsidethe single computer or lab was theprogram called "Elk Cloner. it waswritten by Rich Skrenta in 1982. thevirus attached itself to the Apple DOS3.3 operating system and spreadthrough floppy disk. the virus wasoriginally a joke, created by a highschool student and put onto a game.the 50th time someone played thegame, the virus would be released. soinstead of playing the game, the user

saw a blank screen that read a poemabout the virus named Elk Cloner.


5/44

How does aVirusSpread?

first a programmer writes the virus most oftenbeing attached to a normal program;

unknown to the user, the virus spreads toother software. then the virus is passed bydisk or network to other users who use othercomputers. the virus then remains dormant

as it is passed on.The Internet


6/44

The types of Viruses

the way viruses are usually categorized is bywhat they do.

the boot virus which infects the boot sector of disk storage

the program virus which infects the executable programs the multipartite virus which is a combination of the boot and

program virus the stealth virus which is able avoid detection by a variety of

means such as removing itself from the system registry, ormasquerading as a system file

the parasitic virus which embeds itself into another file orprogram such that the original file is still viable

the polymorphic virus which changes its code structure to avoiddetection and removal

the macro virus which exploits the macro language of a programlike Microsoft Word or Excel.


7/44

Protect Yourselves run a more secure operating

system like UNIX, anothercomputer operating system inwhich you never hear aboutviruses on these operatingsystems because the of the

security features if you are using an unsecured

operating system, you can buyvirus protection software likeMcAfee or Norton AntiVirus

to help avoid viruses, its very

important that your computer iscurrent with the latest updateand antivirus tools, try to stayinformed with recent threatsabout viruses and that you becareful when surfing the Internet,downloading files and openingattachments


8/44

Worms

By: Ashley Guy


9/44

Worms 101 worms have been around since 1988. a computer worm is very similar to that of a normal

computer virus. unlike a virus though, the worm is a program that can

copy itself across a network and it can run on itself. a worm also has a unique feature in the sense itdoesnt have to have a host program in order to run.

a worm works by copying itself into nodes or networkterminals which does not require any intervention

from the user itself worms began to take off in the late 90s and early2000s.

these modern worms ran themselves through theinternet and many file sharing programs such as

KaZaa, a music file-sharing program.


10/44

Types of Worms

the email worm the email worm spreads itself through email

the worm can hide itself in messages as a link or anattachment that will redirect the user to an infected website.

many users become victims to this particular worm due totheir vulnerability and willingness to read and openmessages that they think could be interesting.

the Instant Messaging worm

this worm masks itself in the form of an IM with thecontents of a link that will redirect the user to an infectedwebsite and then try to gain full access of the machine.


11/44

Protect Yourselves

even though it seems impossible to not catch aworm, its not.

one of the best things a computer owner can do is

install and run anti-virus software, especially the kindthat updates automatically. anti-virus software will notify the user when a virus or worm

is found and prevent it from running and/or copying itself.

other precautions:

choosing secure passwords and changing them regularly not opening unfamiliar emails or attachments and most

importantly not running or copying software from anunsecured website.


12/44

Virusesvs.Worms

spreads from programto program, or from diskto disk

uses each infectedprogram or disk to makecopies of itself

computer sabotage

destroys data or erasesdisks

operating systemspecific

uses computer hosts toreproduce themselves

travel independently

over computer networks

software sabotage

resides in memoryrather on disk

puts computers at astandstill


13/44

AntiVirus Software

By: David Holland


14/44

What is AntiVirus Software?

computer programs intended to identify

and eliminate computer viruses.


15/44

The Best Defense

this years best defense against computer viruses, spyware,hackers and spam is an antivirus program called BitDefender.

has a user-friendly interface that scans all existing files on yourcomputer, all incoming and outgoing emails, and even IMtransfers.

features include privacy protection and web scanning forinternet use. a years subscription is about $24.99.


16/44

NAV

the most widely used software is the Norton AntiVirus. (NAV) since its release in 1990, over 100 million people around the

world have used it.

its a free program but in order to receive live updates, a validsubscription is needed.

a yearly subscription is only $29.99.


17/44

McAfee

McAfee VirusScan is another popular antivirus program.

its designed for home and home-office use.

its used specifically on a Microsoft Windows platform. the 2007 edition includes a number of features including on

access file sharing, inbound and outbound firewall protection,and daily definition updates.


18/44

Sophos

Sophos AntiVirus is an antivirus and anti-spyware program thatis primarily aimed at corporate environments or businesses.

includes a number of security tools and advice.

also includes 24/7 support including upgrade alerts.


19/44

Kasperski

for the average home user and advanced users the Kasperskiantivirus software has an easy to use interface.

the program uses 3 tabs for protection, settings and support.

it updates itself on an hourly basis and is one of the fastestantivirus programs available.

however, quality comes at a price and year subscription is$49.99.


20/44

Antivirus software:How it works

By: Ashley White


21/44

Antivirus software is the equivalent to

penicillin of the computer world.

like penicillin, antivirus applications act as aguard over your system, scanning incomingfiles and applications, quarantining or

cleaning up unwanted viruses looking tocause harm to your system

antivirus software is considered to be an aid

that detects, fixes and even prevents virusesand worms from spreading to your computeras well as connecting computers.


22/44

Why is software an issue?

some antivirus software can considerablyreduce performance

there should not be more than one antivirussoftware installed on a single computer at anygiven time

its sometimes necessary to temporarily

disable virus protection when installing majorupdates

some argue that antivirus software often

delivers more pain than value to end users


23/44

Two main types

there are different types of antivirussoftware for different computers

some are designed for personalcomputers

some are for servers and others forenterprises

there are mainly two types of antivirussoftware: specific and generic


24/44

Specific Scanning

specific scanning or signature detection

the application scans files to look for knownviruses matching definitions in a virusdictionary

when the antivirus looks at a file it refers to adictionary of known viruses and matches apiece of code (specific patterns of bytes) fromthe new file to the dictionary.


25/44

Specific scanning cont..

after recognizing the malicious softwarethe antivirus software can take one of

the following actions: (1): attempt to repair the file by

removing the virus itself from the file

(2): quarantine the file (3): or delete the file completely


26/44

Specific Scanning cont

however, specific scanning is not always

reliable because virus authors are creatingnew ways of disguising their viruses so theantivirus software does not match the virus

signature to the virus dictionary.


27/44

Generic Scanning

generic scanning is also referred to asthe suspicious behavior approach.

generic Scanning is used when newviruses appear.

in this method the software does not

look for a specific signature but insteadmonitors the behavior of all applications.


28/44

Generic Scanning cont

if anything questionable is found by thesoftware the application is quarantined

and a warning is broadcasted to theuser about what the program may betrying to do.

if the software is found to be a virus theuser can send it to a virus vendor.


29/44

Generic Scanning cont

there, researchers examine it,determine its signature, name and

catalogue it and release antivirussoftware to stop its spread.

if the virus never reappears the vendors

categorize the virus as dormant.


30/44

Two other approaches

heuristic analysis

another form of generic scanning

the sandbox method


31/44

Another Approach heuristic analysis

in the heuristic method the software, for example, could try toemulate the beginning of the code of each new executable thatthe system invokes before transferring control to that executable.if the program attempts to use self-modifying code or appears tobe a virus, its assumed that the virus has infected the

executable. in this method there are a lot of false positives.

sandbox method when an antivirus program will take suspicious code and run it in

a virtual machine to see the purpose of the code and exactlyhow the code works. after the program has terminated, thesoftware analyzes the sandbox for any changes, which couldindicate a virus.


32/44

Heuristic Analysis

software tries to emulate the beginning of thecode of each new executable that the systeminvokes before transferring control to thatexecutable.

if the program attempts to use self-modifyingcode or appears to be a virus, its assumed

the virus has infected the executable. there are many false positives in this

approach.


33/44

Sandboxing

in this approach an antivirus programwill take suspicious code and run it in a

virtual machine to see the purpose ofthe code and exactly how the codeworks.

after the program is terminated thesoftware analyzes the sandbox for anychanges, which might indicate a virus.


34/44

Specific worms & virus attacks

By: Jessica Puettner


35/44

The Macro Virus

one of the most common viruses is a macro virus,which is usually contracted through emails.

macro viruses attach themselves to a document

usually created in one of the applications in MicrosoftOffice.

when one of these infected documents is sentthrough an email.

it infects the computer by getting into an email

account and reproducing itself by sending it to all thepeople in that persons email address list.


36/44

The Melissa Virus

one of the biggest virus incidents was the Melissavirus in 1999.

this was a macro virus that was built into a MicrosoftWord document and in it was a list of different

pornography websites. what the user did not know was the fact that when he

or she opened the document the virus went straightto Microsoft Outlook and sent the same email to thefirst 50 addresses in their address book.

it was not a destructive virus and there was not reallyany damage done to any computers. the man whocreated the virus got fined $5,000 and got sentencedto 20 months in prison.


37/44

The Aftermath

after the Melissa virus, the door for many wasopened to new viruses.

one of them was Chernobyl. Unlike Melissa,

this one was destructive and infected over600,000 computers all over the world. Chernobyl infected 300,000 computers in

South Korea and it cost about $250 million indamages.

in the Philippines, a virus now known as theLove Bug infected their computer systemsand cost them billions of dollars in damages


38/44

The Boot Virus

boot viruses are viruses that infect either the floppydisk boot records or the master boot records in harddisks.

most of the time what happens is the virus overwrites

the boot record program and this is a problembecause the boot record program is what loads theoperating system.

boot viruses often load into the memory of thecomputer while the disk is in use because the virus is

there instead of the operating systems program. some examples of these types of viruses would be

Disk Killer or Stone virus.


39/44

The Program Virus

program viruses are viruses that attack theexecutable program files.

the files it infects are .bin, .com, .exe, .ovl,

.drv, or .sys. these kinds of viruses are loaded onto the

computer when the file is being downloaded. once the infected program is loaded then the

virus starts making copies of itself. examples of these would be Sunday orCascade.


40/44

The Stealth Virus

stealth viruses are very tricky viruses.

they usually are very hard to detect

because they take up exactly theamount of space as the program shouldso it is very hard to discover the virusbecause it is so well hidden.

an example of this kind of virus wouldbe the Whale virus.


41/44

The Polymorphic Virus

polymorphic viruses are also very hardto detect.

this virus can actually use an encryptedcode so it looks like a different virusevery time.

different examples of this type of viruswould be Stimulate or Phoenix.


42/44

Worms Attack

the first major worm was in 1988 when a student atCornell made an experiment that accidentally gotonto the Internet.

this worm caused 6,000 computers all over the

United States to freeze. all the infected computershad to be shut off and the worm had to beterminated.

there was no really money damage but there was alot of lost time at different research institutions.

one of the most damaging worms in history is namedCode Red in 2001.

more than 359,000 computers all over the world wereinfected with this worm in less than 14 hours.

the estimate cost of damages due to the worm was

about $2.6 billion.


43/44

Types of Worms

a few different types of worms are emailing worms, instantmessaging worms, internet worms and file-sharing networksworms. emailing worms are those in the attachments that are

sometimes sent with emails. instant messaging worms usually infect a computer when an

infected link is sent to a person and they open it. these alsoget into computers and automatically send to most if not allof the people on your buddy list.

internet worms usually scan different computers and try toget into their systems. a lot of times they will try and be

downloaded onto the computer by sending a request to bedownloaded.

file-sharing networks worms usually copy itself in a sharedfile under a name that is not suspicious and will start to infectthe computer as well as those in the same network.


44/44

Conclusion

Computer viruses and worms can so easilybe placed into your work station so you mustbe careful when going on the internet,opening emails from unknown users, makesure you have some kind of anti-virussoftware and always get updates so that you

arent helping to spread viruses and worms toother people as well as harming yourself andyour pocket.

Documents

Virus Antivirus - Ingles