Spyware Software a Critical Threat to Computer System
Spyware is any program employed or installed without the consent of the user. Spyware channels personal information to a third party. It can badly damaged computers and should be eliminated out of the system.
Spyware is a program subtly installed by spyware developers on computer systems without arising suspicions from the user. Spyware is malicious software designed to manipulate the computer by intercepting or interfering with the user’s control and interaction. The purpose of spyware simply surpassed unauthorized monitoring of user’s computing behavior. Spyware can be compared with viruses because they are harmful in nature.
Spyware programs are secretly employed to watch the user’s activity. It records and accounts on that victim’s online movement. They can trail all information related to the user such as personal, psychosocial and demographic details. Spyware also reports on specific website the number of times a user visit that particular site. The information is then used to gather ad impressions target.
Aside from collecting personal inputs on user’s Internet browsing habit and websites that been accessed, spyware can intervene with the computer control such as installing other software, rerouting web browser activity, diverting income from advertisements usually to the spyware’s author, and blindly and randomly accessing malicious websites.
Spyware can easily change a user’s personal settings of a computer leading to slow internet connection speed, various home pages and worse, loss of internet access or other applications. It weakens the computer’s defense making the system vulnerable to attacks of viruses, Trojans and other dangerous threats.
They can be unknowingly downloaded from websites, instant messages, email attachments or messages, and file-sharing networks. Spyware can be inadvertently got by accepting a EULA or End User License Agreement from a legitimate software manufacturer.
The term spyware according to record was used on 16th of October 1995. Spyware then meant a hardware used for spying. Nevertheless, during the early part of the year 2000 Gregor Freund of Zone Labs used the term spyware in a press release to denote a rogue application. Since that time, the definition changed.
A survey conducted by the National Cyber-Security Alliance and America Online in 2005 brought about some important figures to the fore.
First to note is that 61% of surveyed computers had spyware. Also, 92% of surveyed users convey they were unaware of the spyware in their computers. And last, 91% accounted that no permission were granted for the installation of the spyware.
Spyware has been one of the leading menaces to computer systems on Windows operating system as of 2006. Computer whose main browser is Internet Explorer are at great risk for its tight consolidation with Windows permits spyware to invade all important components of the operating system. It is also the OS of choice for majority of users.
Users’ naiveté about malware and the Internet Explorer’s presumption that all ActiveX parts are safe contributed to the widespread of spyware. Prior to the release of Internet Explorer 7, the browser would always display a window for installing any ActiveX component that a site required to install. Spyware also targets the defects in Internet Explorer, Windows and Javascipt to install secretively.
Spyware does not reduplicate or spread like computer worms or viruses do. A computer infected by spyware does not transfer the infection to other; however it breaks through a system by deceiving the user or taking advantage of software glitches. Spyware delude victims by piggybacking on good software or by camouflaging as anti-spyware software or security program, tricking the user to install them.
Spyware by nature uses affected computers for financial profit. Usual tricks to meet this purpose are delivery of unwanted pop-up advertisement; stealing financial information particularly credit card number; tracking of Internet surfing activity for advertising purposes; or directly routing of requests of HTTP to advertising websites. Its distributor normally offers the application as an important utility-like for example as a “Web accelerator” or a useful software agent.
For more information on Guide to AVG Anti-Spyware and Spyware Guardplease visit our website.
CIH (computer virus)
I want to introduct something about T611 fabric sofa. SPECIFICATION 1) : high quality fabric ,sponge and wood frame . we supply wood frame by ourself then we can deliver our good in time .you can find little factory which produce wood frame by themself .2)various fabric and colors available .3)packing: plastic bag, foam, carton board, woven bag, more sponge for corner and legs protection or according to customers’ requirements 4) size:1.one seater:120*100*105cm 3.three seater:220*100*105cm we can provide different sizes
(Redirected from CIH virus)
CIH, also known as Chernobyl or Spacefiller, is a computer virus written by Chen Ing Hau (??? / Chan YingHao) of Taiwan. It is considered to be one of the most harmful widely circulated viruses, overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system BIOS.
The name “Chernobyl Virus” was coined some time after the virus was already well-known as CIH, and refers to the complete coincidence of the payload trigger date in some variants of the virus (actually the virus writer’s birthday) and the Chernobyl accident, which happened in the Ukrainian SSR on April 26, 1986.
History
In September 1998, Yamaha shipped a firmware update to their CD-R400 Drives that were infected with the virus. In October 1998, a demo version of the Activision game SiN was infected by one of its mirror sites. In March 1999, several thousand IBM Aptivas shipped with the CIH virus, just one month before the virus would trigger.
CIH’s dual payload was delivered for the first time on April 26, 1999, with most of the damage occurring in Asia. CIH filled the first 1024 KB of the host’s boot drive with zeros and then attacked certain types of BIOS. Both of these payloads served to render the host computer inoperable, and for laymen the virus essentially destroyed the PC. Technically, however, it was possible to replace the BIOS chip, and methods for recovering hard disk data emerged later.
Today, CIH is not as widespread as it once was, due to awareness of the threat and the fact it only affects older Windows 9x (95, 98, Me) operating systems.
The virus made another comeback in 2001 when a variant of the LoveLetter Worm in a VBS file that contained a dropper routine for the CIH virus was circulated around the internet, under the guise of a nude picture of Jennifer Lopez.
A modified version of the virus called CIH.1106 was discovered in December 2002, but it is not considered a serious threat.
CIH is considered a threat only if it infects programs used by mass-mailing computer worms, such as Klez, or if the Anjulie Worm comes into play.[clarification needed]
Virus specifics
CIH spreads under the Portable Executable file format under Windows 95, Windows 98, and Windows ME. CIH does not spread under Windows NT, Windows 2000, Windows XP or Windows Vista. Non Microsoft operating systems are not affected. CIH infects Portable Executable files by splitting the bulk of its code into small slivers inserted into the inter-section gaps commonly seen in PE files, and writing a small re-assembly routine and table of its own code segments’ locations into unused space in the tail of the PE header. This earned CIH another name, “Spacefiller”. The size of the virus is around 1 kilobyte, but due to its novel multiple-cavity infection method, infected files do not grow at all. It uses methods of jumping from processor ring 3 to 0 to hook system calls.
The payload, which is considered extremely dangerous, first involves the virus overwriting the first megabyte (1024KB) of the hard drive with zeroes, beginning at sector 0. This deletes the contents of the partition table, and may cause the machine to hang.
The second payload tries to write to the Flash BIOS. Due to what may be an unintended feature of this code, BIOSes that can be successfully written to by the virus have critical boot-time code replaced with junk. This routine only works on some machines. Much emphasis has been put on machines with motherboards based on the Intel 430TX chipset, but by far the most important variable in CIH’s success in writing to a machine’s BIOS is the type of Flash ROM chip in the machine. Different Flash ROM chips (or chip families) have different write-enable routines specific to those chips. CIH makes no attempt to test for the Flash ROM type in its victim machines, and has only one write-enable sequence.
For the first payload, any information that the virus has overwritten with zeros is lost. If the first partition is FAT32, and over about one gigabyte, all that will get overwritten is the MBR, the partition table, the boot sector of the first partition and the first copy of the FAT of the first partition. The MBR and boot sector can simply be replaced with copies of the standard versions, the partition table can be rebuilt by scanning over the entire drive and the first copy of the FAT can be restored from the second copy. This means a complete recovery with no loss of user data can be performed automatically by a tool like Fix CIH.
If the first partition is not FAT32 or is…(and so on) To get More information , you can visit some products about patio teak furniture, rattan arm chair, . The T611 fabric sofa products should be show more here!
himfr can provide you most popular hot products from china!
Checkmating the Top Causes of a Slow Computer
Slow computer problem is the number one PC support complaint received from users and customers by computer technical support units worldwide. To have a view of the prevalence of the problem, one can just run the “Slow Computer” keyword combination search in the hugely popular Google search engine (www.google.com). You would be surprised to be presented with over 95 million results!
Although slow performance from a computer can be attributed to many factors, there are some factors which account for the larger majority of such performance from a computer. These factors, which could readily be termed the top causes of a slow computer are the ones addressed in this article. Addressing all likely causes of a computer responding slowly would be too voluminous to make this article worthwhile. However, if these top causes which account for more than 80% of slow computer problems are checkmated, it would be no mean feat.
Low on disk space
This can be nightmare for your computer. Your computer needs ample amounts of free space to function, particularly those running fairly recent operating systems like Microsoft Windows XP and Microsoft Windows Vista. Everything from your RAM to your CPU thrives on free space. In fact to improve perceived performance, operating systems like Windows XP operate a pre-fetch cache where it stores information about programs often used so that it can load them faster at the final expense of disk space. A computer running low on disk space is like an athlete running a race with little or no space to swing his arms and legs. Some suggested ways to free up disk space include using a registry cleaner, cleaning the windows cache, internet history and temporary files. However, RecoveryMagic with its innovative rollback technology is capable of more effective results than disk cleaner software products. Installing RecoveryMagic when your computer has been freshly formatted with all necessary applications installed and everything is working well ensures that you can easily use RecoveryMagic to rollback to this perfect working condition at anytime, thus effectively clearing your hard disk of all accumulated junk.
Viruses
Viruses are one of the common reasons for a slow computer. Worms, which are a class of viruses, replicate and generate so many copies of themselves that they consume your computer’s speed and resources, making it slow down to a crawl. This problem can be resolved by a very good antivirus program that consumes minimal system resources, such as Eset’s NOD32 which has rave reviews from consumers. Choosing the right antivirus with scanning and operating speed considerations are important because some antivirus programs have been known to slow down system performance by their high level of computer resources utilization. While RecoveryMagic software is not an antivirus, it can effortlessly reverse the effects of viruses on a computer protected by it by simply erasing the viruses and all traces of them from the hard disk and reverting the computer back to a pre-virus infection state all within a matter of seconds or minutes. RecoveryMagic does not require virus signatures to achieve this anti-virus feat, an impressive feature which allows it be effective even against unknown viruses.
Spyware
This can be one of the biggest causes of a slow computer. Spyware mimics programs and processes on your PC, often silently. Spyware can also be used to steal data and personal information. Various spyware removal tools are available, but there are so many spyware masquerading on the internet as spyware removal tools that a mistake in choice could only complicate your situation. So it is advisable to get anti-spyware software from a reliable source. However, while some anti-spyware products are very good, they are not 100% effective in cleaning PCs of spyware and their effects. Some are unable to clean registry entries made by the spyware or even some associated files downloaded and distributed by the spyware. RecoveryMagic provides a better alternative in this regard by possessing the capability to undo all spyware effects, files, downloads and associated data from a computer system effectively protected by RecoveryMagic.
Low Memory
Your computer’s RAM and how you use it very important. However, buying more RAM is not always the best answer. If you are using your PC for surfing the web, downloading videos and such, you may be able to use your current RAM more efficiently by increasing your Virtual Memory. However, if your have new applications such as high end games or graphical software you may need to add more RAM.
With little or no additional explanation, it could be seen that effectively checkmating the top causes of a slow computer is possible with the RecoveryMagic software, which provides a revolution in PC maintenance. It is like a time machine, which by virtue of its capabilities is able to solve a large number of problems afflicting mankind by taking us back effortlessly to the good old days!
Peter Colby is a PC Maintenance Expert with over 7 years experience.
RecoveryMagic is an innovative and revolutionary data recovery and PC maintenance solution that
greatly reduces the cost of technical support for organizations and individuals by providing
functionalities that help them solve more than 80% of their PC problems within a matter of
minutes. For more information and free evaluation of RecoveryMagic, please visit http://www.recoverymagic.net
Advanced Understanding of Computer Software
Call it computer software or just software, the role of software in a computer is crucial. Computer software is a string of instructions which are systematically arranged in an effort to change the state of computer hardware in a precise sequence. It is hard to imagine a computer in the absence of any software. In a computer, software consists of an exceptionally extensive range of products and technologies developed by means of special techniques like programming languages, scripting languages or steady microcode or a FPGA state. Almost all the software functions on basic computer software operating systems like Linux or Microsoft Windows. There are different types of software available like Application software which consists of word processing, which carry out useful tasks for users. System software on the other hand comprises operating systems, which interface with hardware to present the required assistance for application software. Then there are computer softwares related to web page technologies like HTML, Perl, PHP, ASP.NET, and XML etc. There are also programming language applications like C, C++, and Java to name a few.
Today, with the advancement in technology, computer software can be formulated according to the need of an organization. For example, a hospital can have their own software while a retail store has software created according to their needs. All computer software is written in advanced programming languages which are easy to use and are efficient enough to implement in any required platform.
Before being commercialized a computer software is tested and declared fit if it qualifies through a series of tests. This computer software can be tested by an individual or a group of persons for their performance and functionality. Any glitches in the software are rectified before being released.
One of the main challenges being faced by individuals today is the protection of their computer from hackers and unscrupulous elements. It is here Anti-Virus computer software programs play a leading role. They help protect your computer from spyware, different computer worms, trojan horses and any other newly created viruses.
There is also graphic software available which assist in creating colorful brochures, newspapers, magazines, banners and catalogues.
When you are sending and receiving mail or you have a new mail management system in your organization. You are able to achieve the desired results with the assistance of computer software. All in all the role of computer software is to make life easier depending on the individuals needs.
Tips for buying computer software:
Before buying computer software, ensure it is a genuine one. Don’t install pirated software, as they are harmful to your computer system and contains viruses or Trojans. It is also illegal in most countries to do so. Ensure your computer software has a full version and comes with an activation key, check regularly for updates. Remember software piracy is an offence and you may have to face embarrassment or worst imprisonment if caught.
Sophie Milch currently manages purchasing and inventory control for Comnauts.com. Sophie keeps herself busy by making sure our inventory is filled with quality products, the latest and the greatest. Sophie holds a B.Sc. in Mathematics from the University of Waterloo and is frequent contributor to several technology blogs and magazines. When she?s not working; in typical nerd fashion you can catch Sophie twittering friends, beating down Murlocs in World of Warcraft and watching re-runs of the X-files.
Google’s woes in China may aid security firms
Google’s woes in China may aid security firms
BOSTON, USA: Cyber attacks on Google Inc’s China operations could scare businesses and consumers into spending more on protection, benefiting security companies like McAfee Inc, Symantec Corp and Trend Micro.
Read more on CIOL
Google’s Security Woes May Aid Security Firms
Google’s Security Woes May Aid Security Firms
Regardless of the outcome of Google’s stare-down with China, security firms may be the winners in the end.
Read more on InternetNews.com
Cast for Beatles’ ‘Yellow Submarine’ remake reported to be set
Cast for Beatles’ ‘Yellow Submarine’ remake reported to be set
Already remade into video game characters, the Beatles are now one step closer to getting the modern 3-D treatment. Director Robert Zemeckis has reportedly zeroed in on the cast for his computer animated take on the 1968 film “Yellow Submarine.”
Read more on Los Angeles Times
Google’s cyber woes in China may aid security firms
Google’s cyber woes in China may aid security firms
Cyber attacks on Google Inc’s China operations could scare businesses and consumers into spending more on protection, benefiting security companies like McAfee Inc, Symantec Corp and Trend Micro.
Read more on Reuters via Yahoo! News
Slow Computer – Why My Computer is Running So Slow?
This is one question that people often ask. A slow computer will decrease productivity, thus increasing the time needed for a work to be done. There are few reasons why your computer becomes slow and one of it is malicious software. Below are some of the malicious software that can cause you the problem.
1. Adware
Adware is software that displays advertising and consumes your bandwidth. If you’re a broadband user, you will not feel the effect. But if you’re on dial-up, you can feel that it’s sucking your bandwidth. However, even if you’re using broadband, but you have lots of this malicious software inside your PC, it can also cause your computer to become slow.
2. Spyware
Spyware is software that gathers sensitive information from your computer such as username and password. This activity happens in the background and will increase your CPU usage and your computer will not be running smoothly.
3. Keyloggers.
Key logger is also one of the malicious software that causes a slow computer. Just like the spyware, keylogger records every of your keyboard strokes and send it to its creator. It consumes CPU usage and your bandwidth.
4. Computer Worm
A computer worm is malicious software that can infect a computer and send copies of itself to another computer in the network. This causes the infected computer to become a zombie computer and can be controlled by the worm creator. The zombie computer then will be use to perform DDoS attack to another host.
Usually these are the reasons why your computer becomes slow and what you need to do is learn how to remove it. However, removing all of these malicious software is just half the battle, what you need to know is how to prevent you from being infected again.
Azwan Asmat is the author of Chuang Computer Tips – Want to know the secret of securing your PC from dangerous spyware, adware, and malware programs that can ruin your PC, your finances, and your sanity?! Join my 5-days PC Security E-Course for info on virus protection
Computer Security and its role
INTRODUCTION
The paper explores the role of Pass word, Anti virus and data encryption in computer security. It has been discussed that passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Data encryption refers to mathematical calculations and algorithmic schemes that transform plaintext into cyphertext, a form that is non-readable to unauthorized parties. The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt the data, transforming it to the original plaintext version.
Lastly the paper discusses another important computer security software, computer virus which is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive.
MAIN BODY
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (Example: An access code is a type of password). The password must be kept secret from those not allowed access.
The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing programs, databases, networks, web sites, and even reading the morning newspaper online.
Despite the name, there is no need for passwords to be actual words; indeed passwords which are not actual words may be harder to guess, a desirable property. Some passwords are formed from multiple words and may more accurately be called a passphrase. The term passcode is sometimes used when the secret information is purely numeric, such as the personal identification number (PIN) commonly used for ATM access. Passwords are generally short enough to be easily memorized and typed.
For the purposes of more compellingly authenticating the identity of one computing device to another, passwords have significant disadvantages (they may be stolen, spoofed, forgotten, etc.) over authentications systems relying on cryptographic protocols which are more difficult to circumvent. The original password concept has been proven to be insecure. There have been cases where passwords have been compromised without a users knowledge, through coersion, or because they were conned into revealing it. The core problem with legacy passwords is that it is very difficult or impossible for an administrator or a computer system to differentiate between a legitimate user and illegitimate user gaining access through the same password. Because of this inherent flaw in the original password system, Two Factor Authentication was invented.
A password is “something you know.” This information is understood to be known by a single individual. Two-factor authentication systems add in another factor, “something you have”, electronic card key, electronic token, dongle, fob or some other physical item you keep in a secure place when not in use. A common stand in replacement for this second factor when higher levels of security are needed is “something you are”. A biological fingerprint, retina pattern, person’s weight, specific vital signs or a combination of these items is used in place of the electronic device. The biological factor for authentication and authorization has been found to be unreliable, but not in that it permits those that should not be permitted when used properly, but because there is a tendency for it to deny legitimate users access due to sickness, physical body changes, or other physical impairments.
There are two common methods of authentication when users use electronic components for two-factor authentication, response-only, and challenge-response systems.
Response-only systems require a user to present your electronic device to an electronic reading system, or for you to enter data displayed on the electronic device without user input. The user must provide a username or pin that is not known to outsiders, and then enter specific credential data generated by the electronic device when prompted. In many cases, this mechanism returns the user back to a single factor authentication, where the user does not need to know something, but just posseses the item in question. An example of this is the standard electronic card key used to enter a facility or building perimiter. The user need not provide any other factor to prove their identity.
Challenge-response systems require the user to enter a specific passphrase or pin into the electronic device first, before the device responds with the proper access credentials data. This varient is always considered two-factor authentication, since the user must provide both “something they know” (the pin), and use “something they have” (the electronic device).
Both the response-only and challenge-response systems can be defeated if the user both reveals the private information they keep secret, such as their username or pin code, and the attacker takes ownership of the electronic device. Due to this weakness, the bioligcal factor was invented.
Biological factors have been in use for several decades, and have proven to be reliable and secure ways to prevent unauthorized users from gaining access to secure systems or environments, regardless of the privacy of their passwords used. Systems monitor fingerprints, eye retina patterns, weight, ambient temperature, and other biological signs to determine the authenticity of the user requesting access. Movies have been touting methods of defeating these systems by cutting off body parts, using retinal masks, or forcing legitimate users into bypassing the authentication mechanisms for the attacker. These are largely Hollywood schemes and rarely work in the real world. In most cases where this level of security is required, local or remote monitoring of entry points through cameras and security personnell is common. Deadlock portals, remote activated magnetically controlled entranceways, and visual idenfitication are the norm.
Many simple methods have been devised to defeat weakly designed biological factor systems, so be sure you thoroughly test the security measures you plan to put in place before implementation.
The easier a password is for the owner to remember generally means it will be easy for a hacker to guess. Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. “have a mix of uppercase and lowercase letters and digits” or “change it monthly”, the greater the degree to which users will subvert the systemIn Jeff Yan et al. examine the effect of advice given to users about a good choice of password. They find that passwords based on thinking of a phrase and taking the first letter of each word, are just as memorable as naively selected passwords, and just as hard to crack as randomly generated passwords. Combining two unrelated words is another good method. Having a personally designed “algorithm” for generating obscure passwords is another good method.
However, asking users to remember a password consisting of a “mix of uppercase and lowercase characters” is like asking them to remember a sequence of bits: hard to remember, and only a little bit harder to crack (e.g. only 128 times harder to crack for 7-letter passwords, less if the user simply capitalises the first letter). Asking users to use “both letters and digits” will often lead to easy-to-guess substitutions such as ‘E’ –> ‘3′ and ‘I’ –> ‘1′, substitutions which are well known to crackers. Similarly typing the password one keyboard row higher is a common trick known to crackers.
Factors in the security of a password system
The security of a password-protected system depends on several factors. The overall system must, of course, be designed for sound security, with protection against computer viruses, man-in-the-middle attacks and the like. Physical security issues are also a concern, from deterring shoulder surfing to more sophisticated physical threats such as video cameras and keyboard sniffers. And, of course, passwords should be chosen so that they are hard for an attacker to guess and hard for an attacker to discover using any (and all) of the available automatic attack schemes. See password strength, computer security, and computer insecurity.
Effective access control provisions may force extreme measures on criminals seeking to acquire a password or biometric token. Less extreme measures include extortion, rubber hose cryptanalysis, side channel attack,
DATA ENCRYPTION
Data encryption refers to mathematical calculations and algorithmic schemes that transform plaintext into cyphertext, a form that is non-readable to unauthorized parties. The recipient of an encrypted message uses a key which triggers the algorithm mechanism to decrypt the data, transforming it to the original plaintext version.
Before the internet, data encryption was seldom used by the public as it was more of a military security tool. With the prevalence of online shopping, banking and other services, even basic home users are now aware of data encryption.
Today’s web browsers automatically encrypt text when making a connection to a secure server. This prevents intruders from listening in on private communications. Even if they are able to capture the message, encryption allows them to only view scrambled text or what many call unreadable gibberish. Upon arrival, the data is decrypted, allowing the intended recipient to view the message in its original form.
Types of Data Encryption
There are many different types of data encryption, but not all are reliable. In the beginning, 64-bit encryption was thought to be strong, but was proven wrong with the introduction of 128-bit solutions. AES (Advanced Encryption Standard) is the new standard and permits a maximum of 256-bits. In general, the stronger the computer, the better chance it has at breaking a data encryption scheme.
Data encryption schemes generally fall in two categories: symmetric and asymmetric. AES, DES and Blowfish use symmetric key algorithms. Each system uses a key which is shared among the sender and the recipient. This key has the ability to encrypt and decrypt the data. With asymmetric encryption such as Diffie-Hellman and RSA, a pair of keys is created and assigned: a private key and a public key. The public key can be known by anyone and used to encrypt data that will be sent to the owner. Once the message is encrypted, it can only be decrypted by the owner of the private key. Asymmetric encryption is said to be somewhat more secure than symmetric encryption as the private key is not to be shared.
Strong encryption like SSL (Secure Sockets Layer) and TLS (Transport Layer Security) will keep data private, but cannot always ensure security. Websites using this type of data encryption can be verified by checking the digital signature on their certificate, which should be validated by an approved CA (Certificate Authority).
Encryption with a variable key
A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn’t required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious
COMPUTER VIRUS
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer. ( Fred Cohen) The term “computer virus” is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses. Viruses are sometimes confused with computer worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms
Methods to avoid detection
In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the “last modified” date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however, especially those which maintain and date Cyclic redundancy checks on file changes.
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files have many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access. (T Matsumoto.)
Avoiding bait files and other undesirable hosts
A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.
Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system.
Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of ‘garbage instructions’.
A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.
Stealth
Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is “clean”. Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.
Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) “clean” or “heal” the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.
code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.
Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses, however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts which remain identical between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operateSome viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.
Metamorphic code
To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of which is part of the metamorphic engine.
Conclusion
As more users come to understand the internet’s open nature and the dangers of web surfing, applying data encryption to common communications such as emailing and instant messaging is likely to become more popular. Without this security mechanism, information transferred over the internet can be easily captured and viewed by anyone listening. This critical data can be compromised in a number of ways, especially when stored in servers that might change hands over the years. When considering how detrimental crimes like are identity theft are on the rise, data encryption is well worth pursuing.
