06-01-2014, 03:48 PM
Computer Viruses in UNIX Environment: Case Study
Computer Viruses.pdf (Size: 223.34 KB / Downloads: 35)
Abstract
All of people who don’t know how to use a computer have heard a
bout viruses through programs such as hackers and some means like that. There
is no doubt that our culture is fascinated by the potential danger of these
viruses. Computer virus have become threat to computer users and almost every
field in the advance technology industrial nowadays. Know about virus is very
necessary for anti-virus researchers as well as operating systems makers. With
the development of the open source systems today, computer viruses on these
systems should be considered strictly. The goal of this paper is to present my
concept of classification virus computer in UNIX environment. This paper
provides some subjective comments on some of the most widely known
environment and some methods available to protect UNIX today. propose
some viruses that can work on this environment and suggest some methods to
prevent as well as restrain damages of these viruses.
Introduction
The term computer virus as a program that can infect other programs by modifying
them to include a possibly evolved copy of itself. With the infection property, a virus
can spread throughout a computer system or network using the authorizations of
every user using it to infect their programs. Every program that gets infected may also
act as a virus and thus the infection grows [1].
Anti-virus approaches
The ideal solution to the threat of viruses is prevention[10]: do not allow a virus to get
in to the system in the first place. This goal is, in general, impossible to achieve,
although prevention can reduce the number of successful viral attacks.
Integrity Checker
An integrity checker basically generates a checksum for files, sectors(i.e. boot sector)
and the macros, stored in e.g. an office document. The checksums and being stored in
a kind of database and later being compared. If a checksum does not match, a file has
been modified (which could be caused due to a virus infection ). Obviously, when
generating the checksum, it must be assured the file is clean[12][14].
Behaviour Blocker
A behaviour blocker runs inthe background and monitors the execution of the
currently running programs on the computer[12]. If a program tries to do a suspicious
action(e.g. open a file and appending code or formatting hard disc), this will be
intercepted. The behaviour blocker may then terminated this program or ask the user
which action should be taken(e.g. allow, do not allow move program into quarantine).
But for most users this decision is a "tough choice" and behaviour blocking may
generate a high level of false positives, although some techniques are possible to
reduce the likelihood of false positives. Although some techniques are possible to
reduce the likehood of false positives.
UNIX Operating System
The UNIX system was originally developed by expert programmers for their own
use[10][15]. Speed and accuracy are not normally the favored needs of beginners and
as a result there was a general opinion that UNIX operating system was more
programmer friendly. This was compounded by the earlier lack of proper
documentation, the smooth/concise syntax and the complexity of administering the
system[10]. Unix operating system is a powerful and complex one, it has become
more regular, controllable and user friendly. It is a tribute to UNIX that so many
people have found it easily adaptable to their needs. Its user interfaces, though
imperfect, can be replaced, there is every reason to believe that UNIX will continue to
be used far more widely.
Viruses On UNIX Operating System
virus works by replicating inside programs. Each infected program then viruses can
be used to spread an attack throughout a system or network. A spreads the virus
further. The UNIX protection mechanisms are inadequate for virus defense. Unix has
the reputation of being " not so buggy", and of being a good maintainer of system
sanctity via good protection mechanisms. A few years ago tom duff created a very
persistent UNIX virus. the virus lived in the slack space at the end of the executable,
and changed the entry point to itself. When the program was executed, it searched the
current directory, subdirectories , /bin/usr/bin for writable, uninfected files and then
infected them if there was enough space. A channel(or a mechanism) used by virus to
spread is called a vector. There is no dearth of potential vectors on UNIX(for
example, buffer overflow vulnerabilities).