A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. Computer programs (also software programs, or just programs) are instructions for a Computer. The term "virus" is also commonly used, albeit erroneously, to refer to many different types of malware and adware programs. Malware, a Portmanteau word from the words '''mal'''icious and soft'''ware''', is software designed to infiltrate or damage a computer system without Adware or advertising-supported software is any software package which automatically plays displays or downloads advertisements The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. In Computer virus terms metamorphic code is code that can reprogram itself A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. A floppy disk is an increasingly Obsolete data storage medium that is composed of a disk of thin flexible ("floppy" Magnetic storage medium encased A Compact Disc (also known as a CD) is an Optical disc used to store digital data, originally developed for storing digital audio Meanwhile viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. A network file system is any computer File system that supports sharing of files, printers and other resources as Persistent storage over Viruses are sometimes confused with computer worms and Trojan horses. A computer worm is a self-replicating Computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network and it may do so without This article refers to a form of Malware in computing terminology A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless. Worms and Trojans may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when executed. In general, a worm does not actually harm either the system's hardware or software, while at least in theory, a Trojan's payload may be capable of almost any type of harm if executed. Some can't be seen when the program is not running, but as soon as the infected code is run, the Trojan horse kicks in. That is why it is so hard for people to find viruses and other malware themselves and why they have to use spyware programs and registry processors.

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging and file sharing systems to spread, blurring the line between viruses and worms. The World Wide Web (commonly shortened to the Web) is a system of interlinked Hypertext documents accessed via the Internet. Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving See Shared resource for the conventional meaning of file sharing File sharing refers to the providing and receiving of digital files over a Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware. Malware, a Portmanteau word from the words '''mal'''icious and soft'''ware''', is software designed to infiltrate or damage a computer system without

Some malware is programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Other malware programs are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these less sinister malware programs can create problems for the computer user. Users in a Computing context refers to one who uses a computer system They typically take up computer memory used by legitimate programs. Computer data storage, often called storage or memory, refers to Computer components devices and recording media that retain digital As a result, they often cause erratic behavior and can result in system crashes. In addition, much malware is bug-ridden, and these bugs may lead to system crashes and data loss. A software bug (or just “bug” is an error flaw mistake Failure, fault or “undocumented feature” in a Computer program that prevents it In the field of Information technology, data loss refers to the unforeseen loss of data or information Many CiD programs are programs that have been downloaded by the user and pop up every so often. This results in slowing down of the computer, but it is also very difficult to find and stop the problem.

Contents 1 History 2 Infection strategies 2.1 Nonresident viruses 2.2 Resident viruses 3 Vectors and hosts 4 Methods to avoid detection 4.1 Avoiding bait files and other undesirable hosts 4.2 Stealth 4.2.1 Self-modification 4.2.2 Encryption with a variable key 4.2.3 Polymorphic code 4.2.4 Metamorphic code 5 Vulnerability and countermeasures 5.1 The vulnerability of operating systems to viruses 5.2 The role of software development 5.3 Anti-virus software and other preventive measures 5.4 Recovery methods 5.4.1 Virus removal 5.4.2 Operating system reinstallation 6 See also 7 References 8 External links 8.1 Other texts

History

The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s. ^[1] It propagated via the TENEX operating system and could make use of any connected modem to dial out to remote computers and infect them. The TOPS-20 Operating system by Digital Equipment Corporation (DEC was the second proprietary OS for the PDP-10. It would display the message "I'M THE CREEPER : CATCH ME IF YOU CAN. ". It is rumored that the Reaper program, which appeared shortly after and sought out copies of the Creeper and deleted them, may have been written by the creator of the Creeper in a fit of regret.

A common misconception is that a program called "Rother J" was the first computer virus to appear "in the wild" — that is, outside the single computer or lab where it was created, but that claim is false. See the Timeline of notable computer viruses and worms for other earlier viruses. This is a Timeline of noteworthy Computer viruses and worms 1970-1979 Early 1970s Creeper virus was detected on ARPANET It was however the first virus to infect computers "in the home". Written in 1982 by Richard Skrenta, it attached itself to the Apple DOS 3. Richard "Rich" Skrenta (b1967 in Pittsburgh, Pennsylvania) is a computer programmer and Silicon Valley entrepreneur Apple DOS refers to Operating systems for the Apple II series of microcomputers from 1979 through early 1983 3 operating system and spread by floppy disk. A floppy disk is an increasingly Obsolete data storage medium that is composed of a disk of thin flexible ("floppy" Magnetic storage medium encased ^[2] This virus was originally a joke, created by a high school student and put onto a game. The disk could only be used 49 times. The game was set to play, but release the virus on the 50th time of starting the game. Only this time, instead of playing the game, it would change to a blank screen that read a message about the virus named Elk Cloner. The message that showed up on the screen is as follows:

"Elk Cloner: The program with a personality 
It will get on all your disks
It will infiltrate your chips
Yes it's Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!"

The computer would then be infected.

The first PC virus in the wild was a boot sector virus called (c)Brain^[3], created in 1986 by the Farooq Alvi Brothers, operating out of Lahore, Pakistan. Basit Farooq Alvi along with his brother Amjad Farooq Alvi are known for having developed the Personal Computer virus known as (cBrain. ( lahor is the capital of the Pakistani province of Punjab and is the second largest city in Pakistan after Karachi. The brothers reportedly created the virus to deter pirated copies of software they had written. However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus.

Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In Computer storage, removable media refers to storage media which can be removed from its reader device conferring portability on the data it carries A floppy disk is an increasingly Obsolete data storage medium that is composed of a disk of thin flexible ("floppy" Magnetic storage medium encased In the early days of the personal computer, many users regularly exchanged information and programs on floppies. A personal computer ( PC) is any Computer whose original sales price size and capabilities make it useful for individuals and which is intended to be operated Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk. A boot sector (sometimes called a bootblock) is a sector of a Hard disk, Floppy disk, or similar Data storage device that contains

Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS and modem use, and software sharing. A Bulletin Board System, or BBS, is a Computer system running software that allows users to connect and login to Modem (from mo dulator- dem odulator is a device that modulates an analog carrier signal to encode Digital information Bulletin board driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software. A bulletin board ( pinboard, pin board or notice board in British English is a place where people can leave public Messages for example to advertise Shareware and bootleg software were equally common vectors for viruses on BBS's. The term shareware, popularized by Bob Wallace, refers to Copyrighted commercial Software that is Distributed without payment on a trial 'Copyright infringement' (or copyright violation) is the unauthorized use of material that is covered by Copyright law in a manner that violates A vector in Computing, specifically when talking about malicious code such as Viruses or worms, is the method that this code uses to propagate Within the "pirate scene" of hobbyists trading illicit copies of retail software, traders in a hurry to obtain the latest applications and games were easy targets for viruses. Retail software is Computer software sold to End consumers usually under restricted licenses

Since the mid-1990s, macro viruses have become common. In Computing terminology a macro virus is a virus that is written in a macro language: that is to say a language built into a software application Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. Microsoft Word is Microsoft 's flagship word processing software. In Computing, Microsoft Excel (full name Microsoft Office Excel) consists of a proprietary Spreadsheet -application written and distributed These viruses spread in Microsoft Office by infecting documents and spreadsheets. Microsoft Office is a set of interrelated desktop applications servers and services collectively referred to as an Office suite, for the Microsoft Windows and Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Mac OS is the trademarked name for a series of Graphical user interface -based Operating systems developed by Apple Inc Macintosh, commonly nicknamed Mac is a Brand name which covers several lines of Personal computers designed developed and marketed by Apple Inc Most of these viruses did not have the ability to send infected e-mail. Electronic mail, often abbreviated to e-mail, email, or originally eMail, is a Store-and-forward method of writing sending receiving Those viruses which did spread through e-mail took advantage of the Microsoft Outlook COM interface. Microsoft Outlook or Outlook (full name Microsoft Office Outlook since Outlook 2003 is a Personal information manager from Microsoft, and is Component Object Model ( COM) is an interface standard for Software componentry introduced by Microsoft in 1993

Macro viruses pose unique problems for detection software. For example, some versions of Microsoft Word allowed macros to replicate themselves with additional blank lines. The virus behaved identically but would be misidentified as a new virus. In another example, if two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a "mating" of the two and would likely be detected as a virus unique from the "parents". ^[4]

A virus may also send a web address link as an instant message to all the contacts on an infected machine. Uniform Resource Locator is an URI which also specifies where the identified resource is available and the protocol for retrieving it If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.

The newest species of the virus family is the cross-site scripting virus. The virus emerged from research and was academically demonstrated in 2005. ^[5] This virus utilizes cross-site scripting vulnerabilities to propagate. Cross-site scripting ( XSS) is a type of computer security vulnerability typically found in Web applications which allow Code injection Since 2005 there have been multiple instances of the cross-site scripting viruses in the wild, most notable sites affected have been MySpace and Yahoo. Samy (also known as JSSpacehero) was an XSS Worm developed to propagate across the MySpace social-networking site

Infection strategies

In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Application software is a subclass of Computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

Nonresident viruses

Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.

Resident viruses

Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.

Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach does not seem very successful, however.

Vectors and hosts

Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:

• Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)
• Volume Boot Records of floppy disks and hard disk partitions
• The master boot record (MBR) of a hard disk
• General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms). In Computing, an executable (file causes a computer "to perform indicated tasks according to encoded instructions," as opposed to a file that only contains EXE is the common Filename extension denoting an Executable file (a program) in the DOS, OpenVMS, Microsoft Windows, MS-DOS (short for M icro' s' oft D isk O perating S ystem is an Operating system commercialized by Microsoft. The Portable Executable (PE format is a File format for Executables object code, and DLLs used in 32-bit and 64-bit versions of Windows Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. In Computing, the Executable and Linking Format ( ELF, formerly called Extensible Linking Format) is a common standard File format for Executables Linux (commonly pronounced ˈlɪnəks A Volume Boot Record (also known as a volume boot sector or a partition boot sector, although the latter is not strictly correct is a type of Boot sector A floppy disk is an increasingly Obsolete data storage medium that is composed of a disk of thin flexible ("floppy" Magnetic storage medium encased MBRs and disk partitioning MBRs and system bootstrapping On IA-32 IBM PC compatible machines using the MBR Partition Table scheme the bootstrapping "Scripting" redirects here For other uses see Script. In DOS, OS/2, and Microsoft Windows, a batch file is a Text file containing a series of commands intended to be executed by the MS-DOS (short for M icro' s' oft D isk O perating S ystem is an Operating system commercialized by Microsoft. Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. VBScript (short for Visual Basic Scripting Edition) is an Active Scripting language developed by Microsoft. A shell script is a script written for the shell, or Command line interpreter, of an Operating system. A Unix-like (sometimes shortened to *nix) Operating system is one that behaves in a manner similar to a Unix system while not necessarily conforming
• Application-specific script files (such as Telix-scripts)
• Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)
• Cross-site scripting vulnerabilities in web applications
• Arbitrary computer files. Telix is a Telecommunications program originally written for DOS by Colin Sampaleanu and released in 1986 A macro (from the Greek 'μάκρο' for long or far in Computer science is a rule or Pattern that specifies how a certain input sequence (often a sequence Microsoft Word is Microsoft 's flagship word processing software. In Computing, Microsoft Excel (full name Microsoft Office Excel) consists of a proprietary Spreadsheet -application written and distributed Lotus Word Pro is Word processor software produced by IBM 's Lotus Software group for use on Microsoft Windows -compatible Computers Microsoft Office Access, previously known as Microsoft Access, is a Relational database management system from Microsoft that combines the relational Cross-site scripting ( XSS) is a type of computer security vulnerability typically found in Web applications which allow Code injection An exploitable buffer overflow, format string, race condition or other exploitable bug in a program which reads the file could be used to trigger the execution of code hidden within it. In Computer security and programming, a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to The class of printf functions (which stands for " print f ormatted" is a class of functions, typically associated with Curly bracket programming A race condition or race hazard is a flaw in a System or process whereby the output and/or result of the process is unexpectedly and critically dependent Most bugs of this type can be made more difficult to exploit in computer architectures with protection features such as an execute disable bit and/or address space layout randomization. In Computer engineering, computer architecture is the conceptual design and fundamental operational structure of a Computer system The NX bit, which stands for No eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (or code

PDFs, like HTML, may link to malicious code. HTML, an initialism of HyperText Markup Language, is the predominant Markup language for Web pages It provides a means to describe the structure

It is worth noting that some virus authors have written an . EXE extension on the end of . PNG (for example), hoping that users would stop at the trusted file type without noticing that the computer would start with the final type of file. (Many operating systems hide the extensions of known file types by default, so for example a filename ending in ". png. exe" would be shown ending in ". png". ) See Trojan horse (computing). This article refers to a form of Malware in computing terminology

Methods to avoid detection

In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however, especially that which maintains and dates Cyclic redundancy check on file changes. A cyclic redundancy check (CRC is a type of function that takes as input a data stream of any length and produces as output a value of a certain space commonly a 32-bit integer

Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. CIH, also known as Chernobyl or Spacefiller, is a Computer virus written by Chen Ing Hau (陳盈豪 / Chen YingHao of Taiwan. CIH, also known as Chernobyl or Spacefiller, is a Computer virus written by Chen Ing Hau (陳盈豪 / Chen YingHao of Taiwan. The Portable Executable (PE format is a File format for Executables object code, and DLLs used in 32-bit and 64-bit versions of Windows Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file. A kilobyte (derived from the SI prefix Kilo -, meaning 1000 is a unit of Information or Computer storage equal to either 1024

Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.

As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.

Avoiding bait files and other undesirable hosts

A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:

• Anti-virus professionals can use bait files to take a sample of a virus (i. e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.
• Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In computer terminology polymorphic code is code that mutates while keeping the original Algorithm intact In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
• Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system.

Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.

A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.

Stealth

Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.

Self-modification

Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.

Encryption with a variable key

A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.

An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.

Polymorphic code

Polymorphic code was the first technique that posed a serious threat to virus scanners. In computer terminology polymorphic code is code that mutates while keeping the original Algorithm intact Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operate. In computer terminology polymorphic code is code that mutates while keeping the original Algorithm intact

Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.

Metamorphic code

To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. In Computer virus terms metamorphic code is code that can reprogram itself To enable metamorphism, a metamorphic engine is needed. In Computer virus terms metamorphic code is code that can reprogram itself A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of which is part of the metamorphic engine. Win32/Simile (also known as Etap is a metamorphic Computer virus written in Assembly language for Microsoft Windows. See the terminology section below for information regarding inconsistent use of the terms assembly and assembler ^[6]

Vulnerability and countermeasures

The vulnerability of operating systems to viruses

Just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses. Genetic diversity is a level of Biodiversity that refers to the total number of genetic characteristics in the genetic makeup of a species

This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. Microsoft Corporation is an American multinational Computer technology Corporation, which rose to dominate the Home computer In Computing, an office suite, sometimes called an office software suite or productivity suite is a Software suite intended to be used by typical The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. Microsoft Outlook or Outlook (full name Microsoft Office Outlook since Outlook 2003 is a Personal information manager from Microsoft, and is Windows Internet Explorer (formerly Microsoft Internet Explorer abbreviated MSIE) commonly abbreviated to IE, is a series of graphical Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit. Integrated and non-integrated Microsoft appications (such as Microsoft Office) and applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable. Microsoft Office is a set of interrelated desktop applications servers and services collectively referred to as an Office suite, for the Microsoft Windows and VBScript (short for Visual Basic Scripting Edition) is an Active Scripting language developed by Microsoft.

Although Windows is by far the most popular operating system for virus writers, some viruses also exist on other platforms. Any operating system that allows third-party programs to run can theoretically run viruses. Some operating systems are less secure than others. Unix-based OS's (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories.

An Internet based research revealed that there were cases when people willingly pressed a particular button to download a virus. A security firm F-Secure ran a half year advertising campaign on Google AdWords which said "Is your PC virus-free? Get it infected here!". AdWords is Google 's flagship advertising product and main source of revenue ($16 The result was 409 clicks. ^[7]

As of 2006, there are relatively few security exploits^[8] targeting Mac OS X (with a Unix-based file system and kernel). Year 2006 ( MMVI) was a Common year starting on Sunday of the Gregorian calendar. Mac OS X (mæk oʊ ɛs tɛn is a line of computer Operating systems developed marketed and sold by Apple Inc, the latest of which is pre-loaded on all currently In Computer science, the kernel is the central component of most computer Operating systems (OS The number of viruses for the older Apple operating systems, known as Mac OS Classic, varies greatly from source to source, with Apple stating that there are only four known viruses, and independent sources stating there are as many as 63 viruses. Independent sources, in Journalism, Criminal justice and general Research, represent two or more People or Organizations which attest It is safe to say that Macs are less likely to be targeted because of low market share and thus a Mac-specific virus could only infect a small proportion of computers (making the effort less desirable). Virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising. Apple Inc, ( formerly Apple Computer Inc, is an American Multinational corporation with a focus on designing and manufacturing Consumer electronics ^[9] That said, Macs have also had security issues just as Microsoft Windows has, though none have ever been fully taken advantage of successfully in the wild.

Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, older copies of Windows such as Windows 95 and 98 do not. In 1997, when a virus for Linux was released – known as "Bliss" – leading antivirus vendors issued warnings that Unix-like systems could fall prey to viruses just like Windows. Bliss is a Computer virus that infects Linux systems Design When executed it attempts to attach itself to Linux Executable files A Unix-like (sometimes shortened to *nix) Operating system is one that behaves in a manner similar to a Unix system while not necessarily conforming ^[10] The Bliss virus may be considered characteristic of viruses – as opposed to worms – on Unix systems. Bliss requires that the user run it explicitly (so it is a trojan), and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked. ^[11]

The role of software development

Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. A software bug (or just “bug” is an error flaw mistake Failure, fault or “undocumented feature” in a Computer program that prevents it Software development strategies that produce large numbers of bugs will generally also produce potential exploits. Software engineering is the application of a systematic disciplined quantifiable approach to the development operation and maintenance of Software.

Anti-virus software and other preventive measures

Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. To download is to receive data from a remote or central system such as a Webserver, FTP server, mail server or other similar systems There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. A computer virus is a Computer program that can copy itself and infect a computer without permission or knowledge of the user This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". A boot sector (sometimes called a bootblock) is a sector of a Hard disk, Floppy disk, or similar Data storage device that contains A Computer Database is a structured collection of records or data that is stored in a computer system The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. In Computer science, a heuristic algorithm or simply a Heuristic is an Algorithm that ignores whether the solution to the problem can be proven This method has the ability to detect viruses that anti-virus security firms have yet to create a signature for.

Some anti-virus programs are able to scan opened files in addition to sent and received e-mails 'on the fly' in a similar manner. This practice is known as "on-access scanning. " Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to prevent the latest threats.

One may also minimise the damage done by viruses by making regular backups of data (and the Operating Systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. In Information technology, backup refers to making copies of Data so that these additional copies may be used to restore the original after a In Computing, a file system (often also written as filesystem) is a method for storing and organizing Computer files and the data they contain to make This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus. A Compact Disc (also known as a CD) is an Optical disc used to store digital data, originally developed for storing digital audio DVD (also known as " Digital Versatile Disc " or " Digital Video Disc " - see Etymology)is Likewise, an Operating System on a bootable can be used to start the computer if the installed Operating Systems become unusable. In Computing, booting ( booting up) is a bootstrapping process that starts Operating systems when the user turns on a Computer system Another method is to use different Operating Systems on different file systems. A virus is not likely to affect both. Data backups can also be put on different file systems. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition, the backup should remain safe from any Linux viruses. NTFS (New Technology File System Is the standard File system of Windows NT, including its later versions Windows 2000, Windows XP, Windows Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation. The ext3 or third extended filesystem is a journaled file system that is commonly used by the Linux Operating system.

Recovery methods

Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system. However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of virus.

Virus removal

One possibility on Windows Me, Windows XP and Windows Vista is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint. Windows Millennium Edition, or Windows Me (IPA pronunciation, iː is a hybrid 16-bit / 32-bit graphical Operating system released on 14 September Windows XP is a family of 32-bit and 64-bit Operating systems produced by Microsoft for use on Personal computers including home and Windows Vista (ˈvɪstə is a line of Operating systems developed by Microsoft for use on Personal computers including home and business desktops System Restore is a component of Microsoft 's Windows Me, Windows XP and Windows Vista Operating systems that allows for the rolling Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files. Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt. An example of a virus that does this is CiaDoor.

Administrators have the option to disable such tools from limited users for various reasons. The virus modifies the registry to do the same, except, when the Administrator is controlling the computer, it blocks all users from accessing the tools. When an infected tool activates it gives the message "Task Manager has been disabled by your administrator. ", even if the user trying to open the program is the administrator.

Users running a Microsoft operating system can go to Microsoft's website to run a free scan, if they have their 20-digit registration number.

Operating system reinstallation

Reinstalling the operating system is another approach to virus removal. It involves simply reformatting the OS partition and installing the OS from its original media, or imaging the partition with a clean backup image (taken with Ghost or Acronis for example). Disk cloning is a category of Software which copies the contents of one computer Hard disk to another or into an "image" (a file Ghost is a Disk cloning program originally produced by Binary Research, but purchased by Symantec in 1998 Acronis Inc a company incorporated in Delaware, produces hard disk utility software including disk-imaging backup and recovery partition management, boot

This method has the benefits of being simple to do, can be faster than running multiple anti-virus scans, and is guaranteed to remove any malware. Downsides include having to reinstall all other software as well as the operating system. User data can be backed up by booting off of a Live CD or putting the hard drive into another computer and booting from the other computer's operating system. A live CD or live distro is a computer Operating system that is executed upon boot, without installation to a Hard disk drive.

See also

• Adware
• Antivirus software
• Attack tree
• Black hat
• Computer insecurity
• Computer worm
• Cryptovirology
• Keystroke logging
• List of computer viruses
• List of computer virus hoaxes
• Linux malware
• Malware
• Mobile viruses
• Multipartite virus
• Palm OS Viruses
• Security through obscurity
• Spam
• Spyware
• Timeline of notable computer viruses and worms
• Trojan horse (computing)
• Virus hoax
• Eicar test file

References

• Mark Russinovich, Advanced Malware Cleaning video, Microsoft TechEd: IT Forum, November 2006

• Szor, Peter (2005). The Art of Computer Virus Research and Defense. Boston: Addison-Wesley. ISBN 0321304543.  

External links

• Viruses at the Open Directory Project
• US Govt CERT (Computer Emergency Readiness Team) site

Other texts

• Video: "Microsoft conferences about IT Security - videos on demand"
• Article: "'Computer Viruses - Theory and Experiments' - The original paper published on the topic"
• Article: "How Computer Viruses Work"
• Article: "Are 'Good' Computer Viruses Still a Bad Idea?"
• Article: "Protecting your Email from Viruses and Other MalWare"
• Article: "Hacking Away at the Counterculture" by Andrew Ross
• Article: "A Virus in Info-Space" by Tony Sampson
• Article: "Dr Aycock's Bad Idea" by Tony Sampson
• Article: "Digital Monsters, Binary Aliens" by Jussi Parikka
• Article: "The Universal Viral Machine" by Jussi Parikka
• Article: "Hypervirus: A Clinical Report" by Thierry Bardini
• Article: "The Cross-site Scripting Virus"
• RFC 1135 The Helminthiasis of the Internet
• Article: "The Virus Underground"

The Open Directory Project ( ODP) also known as dmoz (from directory Andrew Ross (born 1956 is the chair of the Department of Social and Cultural Analysis at New York University. Thierry Bardini is a French Sociologist who did all his academic career outside France

© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic