Essay/Term paper: Polymorphic & cloning computer viruses
Essay, term paper, research paper: Internet
Free essays available online are good but they will not follow the guidelines of your particular writing assignment. If you need a custom term paper on Internet: Polymorphic & Cloning Computer Viruses, you can hire a professional writer here to write you a high quality authentic essay. While free essays can be traced by Turnitin (plagiarism detection program), our custom written essays will pass any plagiarism test. Our writing service will save you time and grade.
Polymorphic & Cloning Computer Viruses
The generation of today is growing up in a fast-growing, high-tech world
which allows us to do the impossibilities of yesterday. With the help of modern
telecommunications and the rapid growth of the personal computer in the average
household we are able to talk to and share information with people from all
sides of the globe. However, this vast amount of information transport has
opened the doors for the computer "virus" of the future to flourish. As time
passes on, so-called "viruses" are becoming more and more adaptive and dangerous.
No longer are viruses merely a rarity among computer users and no longer are
they mere nuisances. Since many people depend on the data in their computer
every day to make a living, the risk of catastrophe has increased tenfold. The
people who create computer viruses are now becoming much more adept at making
them harder to detect and eliminate. These so-called "polymorphic" viruses are
able to clone themselves and change themselves as they need to avoid detection.
This form of "smart viruses" allows the virus to have a form of artificial
intelligence. To understand the way a computer virus works and spreads, first
one must understand some basics about computers, specifically pertaining to the
way it stores data. Because of the severity of the damage that these viruses may
cause, it is important to understand how anti-virus programs go about detecting
them and how the virus itself adapts to meet the ever changing conditions of a
computer. In much the same way as animals, computer viruses live in complex
environments. In this case, the computer acts as a form of ecosystem in which
the virus functions. In order for someone to adequately understand how and why
the virus adapts itself, it must first be shown how the environment is
constantly changing and how the virus can interact and deal with these changes.
There are many forms of computers in the world; however, for simplicity's sake,
this paper will focus on the most common form of personal computers, the 80x86,
better known as an IBM compatible machine. The computer itself is run by a
special piece of electronics known as a microprocessor. This acts as the brains
of the computer ecosystem and could be said to be at the top of the food chain.
A computer's primary function is to hold and manipulate data and that is where a
virus comes into play. Data itself is stored in the computer via memory. There
are two general categories for all memory: random access memory (RAM) and
physical memory (hard and floppy diskettes). In either of those types of memory
can a virus reside. RAM is by nature temporary; every time the computer is reset
the RAM is erased. Physical memory, however, is fairly permanent. A piece of
information, data, file, program, or virus placed here will still be around in
the event that the computer is turned off.
Within this complex environment, exists computer viruses. There is no
exact and concrete definition for a computer virus, but over time some commonly
accepted facts have been related to them. All viruses are programs or pieces of
programs that reside in some form of memory. They all were created by a person
with the explicit intent of being a virus. For example, a bug (or error) in a
program, while perhaps dangerous, is not considered a computer virus due to the
fact that it was created on accident by the programmers of the software.
Therefore, viruses are not created by accident. They can, however, be contracted
and passed along by accident. In fact it may be weeks until a person even is
aware that their computer has a virus. All viruses try to spread themselves in
some way. Some viruses simply copy clones of themselves all over the hard drive.
These are referred to as cloning viruses. They can be very destructive and
spread fast and easily throughout the computer system.
To illustrate the way a standard cloning virus would adapt to its
surroundings a theoretical example will be used. One day a teacher decides to
use his/her classroom Macintosh's Netscape to download some material on
photosynthesis. Included in that material is a movie file which illustrates the
process. However, the teacher is not aware that the movie file is infected with
a computer virus. The virus is a section of binary code attached to the end of
the movie file that will execute its programmed operations whenever the file is
accessed. Then, the teacher plays the movie. As the movie is being played the
virus makes a clone of itself in every file inside the system folder of that
computer. The teacher shuts down the computer normally, but the next day when it
is booted up all of the colors are changed to black and white. The explanation
is that the virus has been programmed to copy itself into all of the files that
the computer accesses in a day. Thus, when the computer reboots, the Macintosh
operating system looks into the system folder at a file to see how many colors
to use. The virus notices it access this file and immediately copies it self
into it and changes the number of colors to two. Thus the virus has detected a
change in the files that are opened in the computer and adapted itself by
placing a clone of itself into the color configuration files.
Another prime way that viruses are spread throughout computers extremely
rapidly is via LANs (Local Area Networks) such as the one setup at Lincoln that
connects all of the classroom Macs together. A LAN is a group of computers
linked together with very fast and high capacity cables. Below is an illustrated
example of a network of computers:
Since all of the computers on a network are connected together already,
the transportation of a virus is made even easier. When the "color" virus from
the above example detects that the computer is using the network to copy files
across the school, it automatically clones a copy of itself into every file that
is transported across the network. When it reaches the new computer it waits
until it has been shut off then turned back on again to copy itself into the
color configuration files and change the display to black and white. If this
computer should then log on to the network, the virus will transport again. In
this manner network capable viruses can very quickly adapt and cripple an entire
corporation or office building.
Do to the severity of some viruses, people have devised methods of
detecting and eradicating them. The anti-viral programs will scan the entire
hard drive looking for evidence that viruses may have infected it. These
programs must be told very specifically what to look for on the hard drive.
There are two main methods of detecting viruses on a computer. The first is to
compare all of the viruses on the hard disk to known types of viruses. While
this method is very precise, it can be rendered totally useless when dealing
with a new and previously unknown virus. The other method deals with the way in
which a common cloning virus adapts. All that a cloning virus really does is
look at what operations the computer is executing and react and adapt to them by
making more copies of itself. This is the serious flaw with cloning viruses: all
the copies of itself look the same. Basically all data in a computer is stored
in a byte structure format. These bytes, which are analogous to symbols, occur
in specific orders and lengths. Each of the cloned viruses has the same order
and length of the byte structure. All that the anti-virus program has to do is
scan the hard drive for byte structures that are duplicated several times and
delete them. This method is an excellent way of dealing with the adaptive and
reproducing format of cloning viruses. The disadvantage is that it can produce a
number of false alarms such as when a user has two copies of the same file.
Thereby, a simple cloning viruses' main flaw is exposed. However, the
(sick minded) people who create these viruses have founded a way to get around
this by creating a new and even more adaptive virus called the polymorphic virus.
Polymorphic viruses were created with the explicit intent of being able to adapt
and reproduce in ways other than simple cloning. These viruses contain a form of
artificial intelligence. While this makes them by no means as smart or adaptive
as a human being, it does allow them to avoid conventional means of detection. A
conventional anti-virus program searching for cloned viruses will not think
files with different byte-structures as are viruses. A good analogy for a
polymorphic virus would be a chameleon. The chameleon is able to change its
outward appearance but not the fact that it is a chameleon. A polymorphic
virus's main goal is just like that of any other virus: to reproduce itself and
complete some programmed task (like deleting files or changing the colors of the
monitor); this fact is never changed. However, it is the way in which they
reproduce that makes them different. A polymorphic virus does more to adapt than
just make copies of itself into other files. In fact, it does not really even
clone its physical byte structure. Instead it creates other programs with
different byte structures that are attempting to perform the same task. In a
sense, polymorphic viruses are smart enough to evolve itself by writing new
programs on the fly. Because of the fact that they all have different byte
structures, they pass undetected through conventional byte comparison anti-viral
techniques. Not only are polymorphic viruses smart enough to react to their
environment by adaptation, but they are able to do it in a systematic way that
will prevent their future detection and allow them to take on a new life of
their own.
Computer viruses are extremely dangerous programs that will adapt
themselves to the ever changing environment of memory by making copies of
themselves. Cloning viruses create exact copies of themselves and attach to
other files on the hard drive in an attempt to survive detection. Polymorphic
viruses are able to change their actual appearance in memory and copy themselves
in much the same way that a chameleon can change colors to avoid a predator. It
is not only the destructive nature of computer viruses that make them so
dangerous in today's society of telecommunications, but also their ability to
adapt themselves to their surroundings and react in ways that allow them to
proceed undetected to wreck more havoc on personal computer users across the
globe.
Bibliography
Rizzello, Michael. Computer Viruses. Internet. http://business.yorku.ca
/mgts4710/rizello/viruses.htm
Solomon, Dr. Alan. A Guide to Viruses. Internet. http://dbweb.agora.stm.it/
webforum/virus/viruinfo.htm
Tippett, Peter S. Alive! Internet. http://www.bocklabs.wisc.edu/~
janda/alive10.html. 1995.
"Virus (computer)," Microsoft (R) Encarta. Copyright (c) 1993 Microsoft
Corporation.
Copyright (c) 1993 Funk & Wagnall's Corporation
Yetiser, Tarkan. Polymorphic Viruses. VDS Advanced Research Group. Baltimore,
1993.