A Pathology of Computer Viruses by David FerbracheA Pathology of Computer Viruses by David Ferbrache

A Pathology of Computer Viruses

byDavid Ferbrache

Paperback | November 11, 1991

Pricing and Purchase Info

$128.95

Earn 645 plum® points

Prices and offers may vary in store

Quantity:

In stock online

Ships free on orders over $25

Not available in stores

about

The 1980's saw the advent of widespread (and potentially damaging) computer virus infection of both personal computer and mainframe systems. The computer security field has been comparatively slow to react to this emerging situation. It is only over the last two years that a significant body of knowledge on the operation, likely evolution and prevention of computer viruses has developed. A Pathology of Computer Viruses gives a detailed overview of the history of the computer virus and an in-depth technical review of the principles of computer virus and worm operation under DOS, Mac, UNIX and DEC operating systems. David Ferbrache considers the possible extension of the threat to the mainframe systems environment and suggests how the threat can be effectively combatted using an antiviral management plan. The author addresses the latest developments in "stealth" virus operations, specifically the trend for virus authors to adopt extensive camouflage and concealment techniques, which allow viruses to evade both existing anti-viral software and to avoid detection by direct observation of machine behaviour. A Pathology of Computer Viruses addresses a distinct need - that of the computer specialist and professional who needs a source reference work detailing all aspects of the computer virus threat.
Title:A Pathology of Computer VirusesFormat:PaperbackPublished:November 11, 1991Publisher:Springer LondonLanguage:English

The following ISBNs are associated with this title:

ISBN - 10:3540196102

ISBN - 13:9783540196105

Look for similar items by category:

Reviews

Table of Contents

1 Introduction.- 1.1 Preamble.- 1.2 What is a Computer Virus?.- 1.3 Worms: Networked Viruses.- 1.4 Terminology.- 2 Historical Perspectives.- 2.1 Introduction.- 2.2 1960s: Early Rabbits.- 2.3 1970s: Fiction and the Worm.- 2.4 1980-1983: Genesis.- 2.5 1984-1986: Exodus.- 2.6 1987: Mac, Atari and Amiga Next.- 2.7 1988: Proliferation and Disbelief.- 2.7.1 January-March.- 2.7.2 April-September.- 2.7.3 October-December.- 2.8 1989: Reaction by the Community.- 2.8.1 January-March.- 2.8.2 April-June.- 2.8.3 July-September.- 2.8.4 October-December.- 2.9 1990: Organisation and Litigation.- 2.9.1 January-April.- 2.9.2 May-September.- 2.9.3 October-December.- 2.10 Summary.- 3 Theory of Viruses.- 3.1 Introduction.- 3.2 Addition of Viral Code.- 3.3 Detection of Viruses.- 3.4 Classes of Viruses.- 3.5 Thompson: and Trusting Trust.- 3.6 Biological Analogies.- 3.6.1 Biological Viruses.- 3.6.2 Parallels Between Low Level Operation.- 3.6.3 High Level Parallels.- 3.7 Quest for Life.- 3.8 Evolution: Genetic Algorithms.- 3.8.1 Random Mutation.- 3.8.2 Programmed Mutation.- 3.8.3 Genetic Algorithms.- 3.8.4 Growth and Death.- 4 Operation of PC Viruses.- 4.1 Introduction.- 4.2 PC Boot Sequence: Initialisation.- 4.3 BIOS and DOS.- 4.4 Master Boot Record.- 4.5 DOS Boot Sector.- 4.6 System Initialisation.- 4.7 Batch Processing Viruses.- 4.8 COM and EXE Viruses.- 4.8.1 Non-overwriting Prepending COM Infectors.- 4.8.2 Overwriting COM Infectors.- 4.8.3 Non-overwriting Appending COM Infectors.- 4.8.4 EXE Viruses.- 4.9 Resident and Transient Viruses.- 4.10 Manipulation by Viral Code.- 4.11 Activation Criteria.- 4.12 Camouflage.- 4.12.1 Concealment in Infected Files.- 4.12.2 Encryption of Viral Code.- 4.12.3 Hiding of Viral Code.- 4.12.4 Checksum Calculation.- 4.12.5 Prevention of Alteration Detection.- 4.12.6 Concealment of Viral Code in Memory.- 4.12.7 Concealment of Viral Activity.- 4.12.8 Concealing Disk Activity.- 4.12.9 Concealing System Slowdown.- 4.13 Replication.- 4.13.1 Locating a Host.- 4.13.2 Signatures.- 4.13.3 Miscellaneous Topics.- 4.13.3.1 Corresponding File Virus.- 4.13.3.2 SYS Virus.- 4.13.3.3 Multi-vector Viruses.- 4.13.3.4 Multi-architecture Viruses.- 4.13.3.5 Architecture Dependent Viruses.- 5 Management of PC Viruses.- 5.1 Perspective on Security.- 5.2 Components of a Virus Control Scheme.- 5.3 Prevention of Virus Attack.- 5.3.1 Physical Access Constraints.- 5.3.2 Electronic Measures.- 5.3.2.1 Physical Feature Verification.- 5.3.2.2 Knowledge Verification.- 5.3.2.2.1 Passwords.- 5.3.2.2.2 Background Verification.- 5.3.2.2.3 Other Techniques.- 5.3.2.3 Possession Verification.- 5.3.3 Media Access Controls.- 5.3.4 Network Access Controls.- 5.3.4.1 Identification of Access Controls.- 5.3.4.1.1 Centralised Network File Servers.- 5.3.4.1.2 Distributed Trust.- 5.3.4.1.3 Network Transport by Public Carrier or Accessible Media.- 5.3.5 Ideological Controls.- 5.3.5.1 User Education.- 5.3.6 Management Policies.- 5.3.6.1 Training of Employees.- 5.3.6.2 Use of Anti-viral Measures.- 5.3.6.3 Compartmentalisation.- 5.3.6.4 Centralisation.- 5.3.6.5 Personnel Policies.- 5.3.7 Vaccination and Inoculation.- 5.4 Detection of Viral Code.- 5.4.1 Monitoring and Logging.- 5.4.2 Signature Recognition.- 5.4.3 Generic Code Recognition.- 5.4.4 Sacrificial Lamb.- 5.4.5 Auditing.- 5.4.6 Use of Expert Systems to Analyse Viral Behaviour.- 5.4.7 Fighting Fire with Fire.- 5.5 Containment of Viral Code.- 5.5.1 Hardware Compartmentalisation.- 5.5.1.1 Virtual Machine.- 5.5.1.1.1 80386 Task Switching Support.- 5.5.1.1.2 80386 Paged Segmented Memory.- 5.5.1.1.3 Accessing OS Code.- 5.5.1.1.4 Segment Permissions.- 5.5.1.1.5 Paged Memory Operation.- 5.5.1.1.6 Input/Output Operations.- 5.5.1.1.7 Virtual Machine in Software.- 5.5.1.2 Automatic Flow Verification.- 5.5.1.3 Software Distribution: Ensuring Trust.- 5.5.2 Software Compartmentalisation.- 5.5.2.1 Interrupt Trapping Code.- 5.5.2.1.1 Configurable Monitors.- 5.5.2.1.2 Operation of a Monitor.- 5.5.2.1.3 Extensions to Real Time Monitoring.- 5.5.2.2 OS Support.- 5.5.3 Network Compartmentalisation.- 5.5.4 Investigation and Response.- 5.5.4.1 What is the Infection?.- 5.5.4.1.1 Acquisition.- 5.5.4.1.2 Logging of Relevant Information.- 5.5.4.1.3 Disassembly.- 5.5.4.2 Dissemination of Information.- 5.5.4.3 General Containment.- 5.5.4.4 Tracing of Infection Source.- 5.5.5 Disinfection of Viral Code.- 5.5.5.1 Re-installation.- 5.5.5.2 Recompilation from Source.- 5.5.6 Checking for Re-infection.- 5.5.7 Disinfection Utilities.- 5.6 Recovery from Viral Infection.- 5.6.1 Backup Procedures.- 5.7 Contingency Planning.- 5.7.1 Redundancy.- 5.7.2 Insurance.- 5.7.3 Public Relations.- 5.8 Remedial Action.- 6 Apple Macintosh Viruses.- 6.1 Introduction.- 6.2 Macintosh: The Abstract Operating System.- 6.2.1 Initialisation.- 6.2.2 Resources.- 6.2.3 Trap Dispatch Table Structure.- 6.2.4 Non-link Viruses.- 6.2.5 Link Viruses.- 6.2.6 Notes on Keyboard Sequences.- 6.2.7 Summary of Mac Protection.- 7 Mainframe Systems: The Growing Threat.- 7.1 Introduction.- 7.2 Hardware Architectures.- 7.3 Software Architecture.- 7.3.1 Discretionary Access Controls.- 7.3.2 Integrity versus Confidentiality.- 7.3.3 Mandatory Access Controls.- 7.3.4 Commentary on Security Standardisation.- 7.4 UNIX: A Viral Risk Assessment.- 7.4.1 System Startup.- 7.4.2 Login and User Commands.- 7.4.3 Bugs and Loopholes.- 7.4.4 Mechanics of UNIX Viruses.- 7.4.4.1 Batch Viruses.- 7.4.4.2 Link Viruses.- 7.4.4.3 Dynamic Loading.- 7.4.4.4 Other Considerations.- 7.4.4.5 Protecting Against UNIX Viruses.- 7.4.4.6 Cohen: Early UNIX Viruses.- 8 Network Viruses: The Worms.- 8.1 Introduction.- 8.2 Standardisation.- 8.3 History of Network Pests.- 8.3.1 Early Work: Pre-1980.- 8.3.2 Recent Benign and Malicious Worms.- 8.3.3 CHRISTMA EXEC Chain Letter.- 8.3.4 Chain Letters on UNIX.- 8.4 Internet Protocols.- 8.4.1 Architecture.- 8.4.2 Peer Authentication.- 8.4.3 Access Controls.- 8.4.4 Data Stream Integrity.- 8.4.5 Daemons and Servers.- 8.4.6 Distributed Trust.- 8.4.7 Trusted Ports.- 8.4.8 Problems and Solutions.- 8.4.9 Internet Worm: Black Thursday - 3 November 1988.- 8.4.9.1 Internals.- 8.4.9.2 Action and Reaction.- 8.4.9.3 The Aftermath.- 8.4.10 DISNET: A Child of the Internet.- 8.5 OSI: Security in the Making.- 8.6 DECNET: Insecurity Through Default.- 8.6.1 HI.COM: The Christmas Worm.- 8.6.1.1 Reaction of the DECNET Community.- 8.6.1.2 Worms Against Nuclear Killers.- 9 Reactions of the IT Community.- 9.1 Discussion and Advice.- 9.1.1 Bulletin Board and Casual Users.- 9.1.2 Academic Establishments.- 9.1.2.1 CREN/CSNET.- 9.1.2.2 NSFNET.- 9.1.2.3 HEPNET/SPAN.- 9.1.2.4 General Community Responses.- 9.1.3 Government Research Organisations.- 9.1.4 Military Organisations.- 9.1.5 Commercial Organisations.- 9.1.6 Criminal Investigation Organisations.- 9.1.7 Professional Organisations.- 9.2 Legislative Issues.- 9.2.1 Scottish Law Commission.- 9.2.2 English Law Commission.- 9.2.3 Computer Misuse Act.- 9.2.4 Summary of Legislation.- 9.3 Professionalism and Software Development.- 10 Conclusions: The Future Ahead.- Appendices.- 1 DOS Filestore Structure.- 1.1 Introduction.- 1.2 Master Boot Record.- 1.3 DOS Boot Sector.- 1.4 File Allocation Table.- 1.5 Root Directory.- 2 Low Level Disk Layout.- 3 EXE File Format.- 4 Mac Filestore Structure.- 5 PC Virus Relationship Chart.- 6 Macintosh Virus Relationship Chart.- 7 PC Boot Sequence.- 8 AIDS Trojan: Accompanying Licence.- 9 Software Infected at Source.- 10 Nomenclature.- 10.1 Types of Virus.- 10.1.1 Master Boot Sector Viruses.- 10.1.2 DOS Boot Sector Viruses.- 10.1.3 Executable COM/EXE Viruses.- 10.1.4 Memory Resident Viruses.- 10.1.5 Overwriting Viruses.- 10.1.6 Prepending Viruses.- 10.1.7 Appending Viruses.- 10.2 Generations of Virus.- 10.3 Classes of Anti-virus Product.- 11 UNIX Boot Sequence.- 12 CERT Press Release.- 13 CERT/CIAC Advisories.- 14 Contact Points.- 15 Abbreviations.- 16 Further Reading.- 17 Virus-1 Archive Sites.- 18 Relative Frequencies of IBM Viruses.