Upload
ilakia
View
735
Download
2
Tags:
Embed Size (px)
Citation preview
ANTIVIRUS PROGRAMS
PRESENTED
BY
ILAKIA
INTRODUCTION
One of the most high profile threats to information integrity is
Network viruses. Network viruses are software that behaves like
biological viruses—they attach themselves to a host and replicate,
spreading the infection. For a computer program to be classified as
a virus, it simply must replicate itself. In this paper (Antivirus
programs and Security Terms), I am presenting what are terms and
viruses, worms, security terms which are provide in
E-Commerce website to from hackers.
VIRUS
A self-replicating program.
A piece of software code that inserts itself into a
host, including the operating systems, in order
to propagate; it requires that its host program
be run to activate it
Often Viruses require a host, and their goal is to
infect other files so that the virus can live longer.
WORMS
A software program that runs independently,
consuming the resources of its host in order to
maintain itself, that is capable of propagating a
complete working version of itself onto another
machine.
Worms are insidious because they rely less (or
not at all) upon human behavior in order to
spread themselves from one computer to
others.
Especially JAVA – BASED applets found on web
sites could easily contain viruses.
TORJAN HORSE
A program that appears to have a useful
function but that contains a hidden function
that presents a security risk.
A new variant of a Trojan program that stole tens of
thousands of stolen identities from 125 countries
that the victims believed were collected by a
legitimate company
THE NATURE OF VIRUSES
A computer virus carries in its instructional code the
capability for making copies of itself.
The typical virus takes temporary control of a
computer’s disk OS.
Whenever the infected computer comes into contact
with an uninfected piece of software, a fresh copy of
the virus passes into the new program.
The infection can be spread from computer to
computer by unsuspecting user, who access the
website and send programs on a network.
The virus can do anything that other program do;
The only difference is that it attaches itself to another program
and executes secretly every time when the host program is
run.
Unfortunately, after a virus is executing, it can perform any
function, such as erasing files and programs.
The simple virus only infect the programs might work
something like this:
Find the first program instruction.
Replace it with a jump to the memory
location following the last instruction in
program.
Insert a copy of the virus code at that
location.
Have the virus simulate the instruction
replace by jump.
Jump back to the second instruction of the
host program.
Finish executing the host program.
COUNTERING THE THREAT OF VIRUS
The basic solution for the thread of viruses is prevention:
do not allow a virus to get into the system in the first
place.
This goal is impossible to achieve, although prevention
can
reduce the number of successful viral attacks.
The next best approach is to do following:
DETECTION
After the infection has occurred,
determine that it has occurred and
locate the virus.
PURGING
Remove the virus from all infected
systems so that the disease cannot
spread further.
RECOVERY
Recover any lost data or programs
from the user host system
SECURITY TEAMS
The issue of network and internet security have
become increasingly more important as more and
more businesses and people go on-line.
Teams of people have formed to assist on solving
hacker attacks and to disseminate information on
security attacks and how to prevent them.
Two such teams are
Computer Emergency Response Team
(CERT)
Forum of Incident Response and
Security Teams (FIRST)
COMPUTER EMERGENCY RESPONSE TEAM (CERT)
The Computer Emergency Response Team
(CERT) exists as a point of contact for suspect
security problems related to the Internet.
CERT can help determine the scope of the
threat and recommend and appropriate response.
A World Wide Web page supplied by the
Software Engineering Institute Posts CERT
advisories.
The Web Page is located at
http://www.sei.cmu.edu.
CERT can also be accessed via anonymous FTP
from info.cert.org.
If you choose, you can also be added to Cert’s
mailing list; send mail to cert-advisory-
FORUM OF INCIDENT RESPONSE AND SECURITY TEAMS (FIRST)
Security threats are problem that affect computers and
networks around the world.
FIRST is made up of a variety of Computer Emergency
Response Teams including teams from government, business
and academic sectors.
FIRST plan to cultivate cooperation and coordination
between teams in a attempt to decrease reaction time to
security incidents and promote information sharing among
team members.
The FIRST is made up of the following teams.
CERT-NT SURFnet Response Team
Netherlands
AUSCERT Australian Computer Emergency Response Team
Australia
DFN-CERT German Federal Networks CERT
USA
CIAC DOE Computer Incident Advisory Capability
USA
NASIRC NASA Automated Systems Incident Response Capability
USA
VA U.S. Veterans Health Administration
USA
SWITCH-CERT Swiss Academic and Research Network CERT
Switzerland
SUNSeT Stanford University Security Team
USA
PCERT Purdue University Computer Emergency Response Team
USA
CERT Coordination Center
CERT Coordination Center
USA
SECURITY TIPS
Use protection software "anti-virus software" and keep it up to
date.
Don't open email from unknown sources.
Use hard-to-guess passwords.
Protect your computer from Internet intruders -- use "firewalls".
Don't share access to your computers with strangers. Learn
about file
sharing risks.
Back up your computer data.
Thank you