The problem of computer viruses


Информатика, кибернетика и программирование

A number of viruses in order to begin their destructive actions, waiting for a date or other event of activation. There are viruses that do not destroy information, and each time the machine code for disk sector gradually, allowing access to the coded information only in the presence of the virus in memory.



83 KB

0 чел.

Ministry of Education and Science, Youth and Sports of Ukraine

National Aviation University


on the topic:

Performed by

Dmytro Mazun IACS 103:2

Checked by:

Senior teacher Svitlana Soroka

Kyiv 2011


В цьому рефераті висвітлено проблему компютерних вірусів. В рефераті розповідається про розвиток компютерних вірусів, описуються основні вірусні програми та принципи їх роботи по зараженню операційних систем. В окремому розділі описано основні антивірусні програми та засоби їх боротьби з вірусами.

In this essay the problem of computer viruses. In the essay describes the development of computer viruses, describes the virus program and principles of their work on theinfection of operating systems. A separate section describes the major antivirus software and tools to combat viruses.

В этом реферате освещена проблема компьютерных вирусов. В реферате рассказывается о развитии компьютерных вирусов, описываются основные вирусные программы и принципы их работы по заражению операционных систем.В отдельном разделе описаны основные антивирусные программы и средства ихборьбы с вирусами.


I. General information about viruses

II. Prehistory

III. Who writes viruses?

IV. The spread of viruses.

V. Types of computer viruses.

VI. "Related" terminology.

VIII. Prevention of infection by computer viruses.

IX. Means to combat viruses.

X. Antivirus software for DOS.



I. General information about viruses

Computer virus - a Tracing program designed to replicate itself apart from the knowledge and against his will users. Spreading virus is realized through joining them to other programs, documents, or by writing to the disk boot sector.

In some cases, viruses can be extremely damaging, defacing or damaging the drive program. They can violate the integrity of the file table FAT, causing all sorts of distortions on the hard drive that can completely destroy the data. Some viruses display various messages, or "pretty" images mocking the content. Others alter the checksum .EXE files so that they no longer run. A number of viruses in order to begin their destructive actions, waiting for a date or other event of activation. There are viruses that do not destroy information, and each time the machine code for disk sector gradually, allowing access to the coded information only in the presence of the virus in memory. When loading, such as compact disk  read this information it is impossible: instead of file names and directories - solid waste. Attempts to remove this virus can lead to complete loss of data on disk. Agree to work to the user, knowing that you have already "counted" psychologically difficult. 

II. Prehistory

These days, most are "bad" viruses for various untoward effects on computers, but initially it was not - the program with the virus-like algorithms have been developed for research purposes.

Conceptual foundations of computer viruses were laid long before most virus threats. "Virology have not reached a consensus on the" where "and" when. " However, it is generally accepted that these ideas were born in the days when computers were a huge and terribly expensive facilities, which could be afforded only by large enterprises, large research institutes and government agencies. And while many of the viruses circulating today predatory and malicious, the plans the programmers and scientists destruction of data, of course, was not included.

The idea then consisted of modeling the process of development of living organisms in nature. The aim was to create a computer program that could copy itself (self-replication). This could also be used to develop and modify the program itself. The algorithm works like this: if the replication process is a mistake or change any conditions arising as a result of the code is mutation, creating some new variation of the program. It is mutable genetic code allows biological virus to be more or less able to adapt and apply in different circumstances that, in general, is the basis of all biological life. Digital code-mutant could allow program to be "alive" (keep working) when the computer or other medium. Such behavior of programs - a step towards creating artificial intelligence. Unfortunately, in this case, science fiction was completely inappropriate and harmful manifestation. The results of these studies and how to implement the algorithms are widely reported in the literature - at least for students of computer specialties are well known. And, as so often - with good intentions paved the road to hell.

When the computer world consisted of a relatively small number of computer virus, even if it was written, could not quickly and widely disseminated. But with the advent of personal computer viruses suddenly got a fertile breeding ground. Avalanche growth of global networks, the ability to attach files to e-mail messages and overall growth of man's dependence on computer technologies - all this creates for the dissemination of computer viruses, excellent condition. 

III. Who writes viruses?

The transformation of scientific experimental research programs in the insidious viruses - the result of changes in audience of people who are engaged. Those who now writes the viral code, the least interested in exploring possibilities of artificial intelligence.

Some do it by unwittingly - many students of the faculties of computer science, studying assembler or C, in order to try their hand at "serious" business as their duty to create something like a virus, sometimes getting a "good" results (and, of course, well forget it program on a computer in the classroom).

Many virus writers are well aware what could be the consequences of their research. Often, however, circumstances are stronger than men. Known Stoned virus was written by a gifted pupil of the middle classes. Creating a virus that he feared the spread and thus destroy all copies of the virus, except for one who kept house. His younger brother and a couple of his friends pulled off a virus and infect them just for fun a few floppy disks in the school. The infection spread so quickly that stop it was already impossible.

Some are doing it consciously and purposefully, perhaps to assert itself in order to feel the extent of their evil 'power. " Not ruled out more serious reasons - terrorism, competition in business, politics.

We have to admit that the secret lodge of virus writers working very productively. So, according to company Network Associates, a well-known developer of antivirus software, its professionals every month have to "deal" with an average of 200 new viruses. In general, mankind itself has created his problems that are not less severe than the contagious epidemic, and to ignore that is now impossible. 

IV. The spread of viruses.

A computer virus is largely similar to the prototype - the biological virus. He attacks a computer, then spreads rapidly among many computers, because the computer community - a very open system, and the infected disk, and programs are constantly circulating among the users. The virus can be inactive for several days, months or even years, waiting in the wings and all that time copies of its program code to other machines.

Viruses attach themselves to the program so that every time, try to reproduce, to cling to run after that other programs and executable files. In memory, the virus can also infect programs and disks, intercepting instructions printed or other standard operations. In fact, the virus can be copied into memory and the hard drive of your computer by simply viewing an infected compact disk directories.

The virus can be transmitted via modem, downloaded from the Internet, distributed by any means computer data. Most often, spreading from a compact disk to a compac disk, a virus written to block the boot hard drive and, thus, each time the machine is virus and again loaded into memory.

Viruses behave differently. Some sit in memory and are often aggressive, while the system is not closed. Other viruses are activated only when you run the infected software programs.

Since the main purpose and the vital function of the virus (as a living organism) - proliferation, it is clear that virus writers will be looking to do the most effective ways. In this regard, targets of attack of viruses is very rarely pure text files exchanged between users is not as intense. Whether business program - for a short time, the program can be copied many times. 

V. Types of computer viruses.

Quarry boot sector viruses.

Programs written to the tail of the program the boot drive C: or replacing it by running from the date of infection for her and their functions. These viruses enter the car when booting from an infected disk. When read, and the program starts the boot, the virus is loaded into memory and infects all, for what it is intended.

Quarry master boot record viruses.

Infect the master boot record system (Master Boot Record) of hard disks and boot sector on compact disk. This type of virus takes control of the system at the lowest level, intercepting instructions between the computer hardware and operating system.

File viruses.

Viruses that attach themselves to COM-and EXE-files or replace them. (In some cases they can infect files with other extensions.) File viruses infect a clean program, throwing them in memory. In other cases, they are activated when accessed, sometimes infects all files in the directory from which he was a shove. Class file viruses also includes programs that are not physically attached to the files, but redefine itself an association named the program - the victim.

Macro viruses.

In some computer programs use macro languages, which allow you to automate frequently performed procedure. As computers become more powerful, more complex tasks to be fulfilled. Some macro languages ​​allow to write files to formats other than the original document. This feature can be used by virus writers to create macros that infect documents. Macro viruses are usually spread through Microsoft Word and Excel.

Combined viruses.

Viruses, showing a combination of characteristics listed above. They can infect files and boot sector and master boot record. 

VI. "Related" terminology.

Companion virus.

Latent virus program, which is not actually attached to another program, but instead uses the name and the rules of the "infected" programs (such situations are also known as a product).

Trojans, "Trojan" program.

They contain the code itself is not viral code, but for his "delivery" of the computer used viral methods. The function of these programs are usually the most destructive and dangerous: the destruction of the sectors of the system drive, initialization files DOS. Can be used for opening passwords across networks.

Initiating event.

Some criterion for the activation of the virus (eg, the date on the computer's system clock).

Stealth (invisible).

Various methods used in the algorithms of viruses to evade detection. For example: 

reassignment of system pointers and information to infect a file without actually changing its physical parameters;

concealment, increase the length of a file by wiretapping request, and output the original, uninfected file length.

Stealth size.

The virus, which tries to hide itself from detection, concealing the size.

Full stealth.

Tries to hide itself from detection by masking the size and attributes of your file.


Various methods of encryption program code of the virus in order to detect complications.


Polymorphic virus tries to evade detection by changing its internal structure or methods of encryption. Manifests itself differently in every infected file.


Refers to the virus, which was written using the older code of the virus. New virus usually has one or more new features. 

VII. What the virus can not.

  •  Computer viruses do not grow spontaneously;
  •  Computer viruses do not infect files on write-protected disks, as well as the pure text messages E-mail;
  •  Viruses can not damage the disks physically;
  •  Viruses do not affect the computer hardware such as monitors or chips. They infect only software.

VIII. Prevention of infection by computer viruses.

Usually sign of a virus on the machine is a strange message or image on the display, unexplained change in file size or sudden decrease in speed of data processing. Since in the modern intensive exchange of data between computers from getting infected no one is safe, the best sewn - prevention. Among the spectacular methods to prevent infection:

  •  Write protects the disk during its transmission somewhere;
  •  Be sure to carry the virus scan disks others in obtaining information on disks from somewhere;
  •  Never turn on your computer if the drive is some sort of (dubious) disks;
  •  Do not load data from bulletin boards (BBS) or other power source if the file can not be checked for viruses;
  •  Use anti-virus software every time you start your computer.

Complement these activities should be continuous monitoring of the most important information with regular backups it. 

IX. Means to combat viruses.

Regular compliance with the above simple rules gives a high degree of assurance of protection from computer viruses. But what if "it" still happen? Fortunately, as we know, from all the poison is the antidote. In order to combat computer viruses are created with antivirus software and antivirus software whole complexes. There are also successful experiments prevent the entry of viruses into the machine at the hardware level, with special "security" device-circuit boards.

With the spread of computer viruses, understanding the need uncompromising struggle against them came very quickly, and joined the fight many of the most experienced professionals. The first reasonably reliable antivirus software already appeared in the late 80's. Today anti-virus tools are very important section of the service software.

Originally viruses written for DOS, Windows 3.xx, and the then other platforms. Antivirus programs are also created for use with these systems. With the advent of Windows 95 to use these programs it became dangerous - in the new environment (especially under the FAT 32 file system), they can mess things up bad cases. At best, they will not work as expected, at worst, can damage the file structure. This applies to most known anti-virus for DOS, for example MicrosoftAntivirus, which included a set of MS-DOS and early versions of Windows. To work specifically for Windows 9x, new versions of almost all antivirus programs. 

X. Antivirus software for DOS.

Domestic public computer are widely known anti-virus software for DOS development of Moscow "Sophos": Aidstest, Adinf, Doctor Web. What are these programs? If you dispense with the details, then they realized three of the widely used practice in anti-virus approach:

Aidstest - updated weekly program, which is rigidly fixed by the signs of all currently known viruses and their variants;

Adinf - anti-virus program, constant monitoring and analyzing the changes in her as create and maintain database files on disk. The program allows users to instantly identify the emergence of viruses of any type, including stealth viruses, encrypted and polymorphic viruses;

Doctor Web. As Aidstest, the program detects and cures viruses known to it, while allowing you to connect the new (external) definitions files. In addition, the program has a special module (heuristic), which is a high probability it can detect any expression of viral activity, including unknown viruses. Important and useful feature of the program is its ability to scan files that were packaged by various archive utility.

What program to adopt? Probably, the correct answer would be - all three, but better - apart from them any more. Using multiple anti-virus programs first, increasing the likelihood of detection of the virus, and secondly, can confirm the diagnosis, established by one of them. If even two of the few antivirus programs indicate the presence of infection, such a conclusion can be trusted and need to start treatment.

A new approach to organizing the protection against computer viruses

Introduction to the problem

Mass distribution of computer viruses, as well as active discussion in the media plans of the information war involving hackers to suppress the enemy's control systems and data led to the fact that the establishment of resistance and defense takes on a new quality. According to a number of foreign experts, the State, the losers in the information war will be rejected in its development for many decades.

It is already clear that the traditional methods of construction of security systems will not bring the desired result. We must look for new approaches to solving this problem. This article aims to provide "food for thought" for the development of anti-virus systems so they can look at their subject area with the other party - namely, by nature pose perhaps the most sophisticated security system - the immune system.

I apologize for the style: he is more biomedical, than a computer, and quite difficult to perceive geek - the technical slang difficult to describe other domains. I just wanted to show the new direction of development of anti-virus protection, but it is enough common understanding of the genetics and immunology.

The same ones who will charm the beauty of the functioning of such a complex system, means a body's immune system, the author invites you to cooperate in the development of radically new directions in computer science - evolution Software Engineering, which is based on the assumption that functional and structural similarity of computer programs and organic protein.

It should be noted that in parts of Immunology and Microbiology, this material is based on [1].

Viral technology of the XXI century

Already developed a number of algorithms that write viruses, which fundamentally can not be detected by any of the existing methods. Many point out that self-modifying code in an arbitrary way is simply impossible to get, at least - of architecture Intel [2]. In any case, there are strict limits, which allow the same operation to implement a limited number of ways. Ways these are known in advance that, in principle, allows to enumerate all the key pieces of viruses, so - accurately recognize them.

However, if we assume that the processor architecture can be arbitrary, or even dynamically synthesized in progress, as is done in [2], it suffices to write the appropriate processor emulator - some virtual machine that will execute the virus code, which was built on certain principles. It is important that the implementation of virtual machines can be arbitrary. Today one can find many popular software emulators in the 1980's cars: from the "Spectrum" to BK-0010. Should take into account the fact that emulators can be generated automatically.

As noted in [2], the virus is written in a virtual machine requires a lot of time for analysis by traditional methods. Hence, we need an automated facility to combat this kind of destructive programs. The only question is, what principles should be based, such anti-virus system? The answer is surprisingly simple: the principles of the human immune system. Indeed, in our body operates an excellent system that can deal with billions of pathogenic antigens. And so it something on the shoulder and not as "polymorphic"!

A bit of theory

The immune system has formed in the process of evolution as a means of protection against infection by microorganisms, has in all vertebrates (including humans). In invertebrate defense systems more primitive: they are usually based cells are dissolving pathogenic antigens.

High specificity - a fundamental feature of all immune responses. Ability to distinguish alien from her - the second fundamental property of immune system.

Almost any macromolecule foreign to the recipient, can cause an immune response. A substance capable of causing an immune response, called an antigen (ie the generator of antibodies). The most amazing thing is that the immune system can distinguish even very similar antigens, such as two proteins that differ by only one amino acid.

Striking ability of recognition makes the immune system is almost unique among cellular systems, only more complicated nervous system. Both systems consist of a large number of cells organized into complex networks. In such a network between individual cells may be both positive and negative interactions, and the response of one cell is distributed in the system and affects many other cells.

Unlike neurons, relatively rigidly fixed in space, the cells that make up the immune network that is continuously moving, and only briefly interact with each other.

There are two main types of immune responses: humoral responses and immune responses of the cell type.

Humoral responses associated with the production of antibodies - proteins, also called immunoglobulins. Binding of the antibody inactivates viruses. Bound antibodies are markers for microorganisms to be destroyed.

Response of the cell type - the second type of immune responses. It consists in the formation of specialized cells that react with foreign antigens on the surface of other organism's own cells. Reactive cells can kill cells infected with a virus and having on its surface viral proteins, that is to destroy the infected cell until the completion of the replication process. In other cases, the reaction of cells is the generation of chemical signals that promote the destruction of microorganisms by macrophages taken root.

For the specificity of immune response cells are responsible - one of the groups of leukocytes. The total number of lymphocytes in the human body is about 2 1012; on cell mass human immune system is comparable to the brain. Two main classes of immune responses are determined by two classes of lymphocytes: T cells responsible for cellular immunity, while B-cells produce antibodies.

Most of the T-cell immunity plays a regulatory role, either enhancing or suppressing the responses of other leukocytes. These cells, called, respectively, of T-helper and T suppressor, in groups of regulatory cells. Other T lymphocytes, called cytotoxic T-cells kill cells infected by viruses. Since both cytotoxic T lymphocytes and B lymphocytes are directly involved in protecting the body against infection, these two types of lymphocytes called effector cells.

The most striking property of the immune system - that it can respond to millions of foreign antigens by producing antibodies that specifically interact with antigens. In addition, the immune system is able to produce antibodies to molecules created by humans and not existing in nature. This and other interesting facts could be explained by the so-called theory of clonal selection [1]. According to the above theory, each lymphocyte in the process of development gains the ability to react with a specific antigen, has never met with him. This is because the cell-surface proteins appear receptors that specifically correspond to some antigen. If the cell to meet with the antigen, its binding to the receptor activates the cell - it will cause proliferation and maturation of her offspring.

Thus, the foreign antigen selectively stimulates those cells, which would be suitable to him specific receptors, and which therefore will inevitably respond specifically to this antigen.

Those portions of the antigen, which interact with antigen-binding site of the antibody molecule, or receptor on the lymphocyte, called antigenic determinants.

Most of the lymphocytes has been in continuous circulation.

Constant circulation not only provides a meeting of the lymphocytes with an antigen, but also necessary to allow the lymphocytes to meet each other: the interaction between specific lymphocytes plays a crucial role in most immune responses.

Immune system, as well as nervous, has a memory. It is therefore possible to acquire lifelong immunity to certain diseases.

How does the immune system distinguishes its own cells from "foreign"? One possible reason is that an organism inherits genes encoding receptors for other people, but not for their own antigens, and therefore his immune system is programmed to respond only to foreign antigens.

Another reason - that the immune system initially would be able to answer and their own, and to foreign antigens, but in the early stages of development could be trained not to respond on their own. Thus, the immune system is potentially able to respond to antigens own body, but are trained not to do so.

Believe that training the immune system goes through the destruction of lymphocytes responding to antigens own body.

Antibodies are proteins, and proteins encoded by genes. Therefore, a variety of antibodies poses a complicated genetic problem: how the number of antibodies produced may exceed the number of genes in the genome of an organism? One of the highlights regarding the establishment of the variety of antibodies, is that during development of B-cell DNA of an organism undergoes restructuring.

It is shown experimentally that the frequency of somatic mutations in the gene sequence encoding the V-region is estimated at 3.10 per pair of nucleotides, which is about a million times more spontaneous mutations in other genes. This process is called somatic gipermutirovaniya. In the V-regions after the second immunization rapidly accumulate point mutations.

Directed somatic antigen gipermutirovanie performs fine tuning of antibody formation as a result of affinity maturation. Thus, affinity maturation - is the result of repeated cycles of somatic gipermutirovaniya, followed by guided selection of antigen in the humoral response.

Antibody not only protect the body against infections, but also play an important role in the regulation of immune responses themselves. Like the neurons in the nervous system, many lymphocytes, perhaps to a greater extent interact with each other than with the outside world, and then the immune response could be seen not as a response independent of reacting with the antigen of lymphocytes, as well as outrage reverberating immunological network.

Dimensions such idiotopicheskoy network in principle could be enormous.

Artificial immune system from IBM ISC

One of the successful projects using the above theoretical concept is the creation of IBM's immune system cyberspace (Immune System forCyberspace, ISC), operating model which was demonstrated in October 1997 held at the San Francisco conference «Virus Bulletin'97».

IBM anti-virus technology is based on a model of human immune system. Despite receiving several patents related directly to ISC, the work has not yet been completed.

There is another confirmation of the relevance of this line of work: In 1999, an American corporation RAND, known as the nerve center of a number of law enforcement agencies of America, conducted a study, which resulted in recommendations for the selection of technologies that could provide the necessary level of information security of national information infrastructure and defense information infrastructure of the Ministry U.S. Defense Department. As the most promising technologies for creating security systems of new generation were chosen technology of forming an artificial immune system.


It is obvious that a system of information security computer network for direct image of human immune system is practically impossible, and this is not necessary. However, the fact that the immune system has reached perfection in the fight against pathogens and foreign antigens, said that many of the principles that have shaped the immune system is very efficient and can be used with the assumption that they will work not with biochemical antigens with antigens of the program, that is information.

Along with the recent advances in the field of multi-agent intelligent systems allow us to hope that in the near future Artificial immune system will be established and its effectiveness will not fall below the effectiveness of its natural prototype.


[1] Alberts B., Bray D., Lewis J., Raff M., Roberts K., Watson J. Molecular Biology of the Cell: The 3-Volume 2 ed., Revised. and add. Trans. from English. - Moscow: Mir, 1994.

[2] Chris Kasperski, "Viruses: Past, Present and Future» / / «Byte Russia», № 6, 1999, pp. 52-55.

PAGE  11


А также другие работы, которые могут Вас заинтересовать

8125. Методы неинформированного поиска. Поиск в ширину, в глубину, однородной стоимости, ограниченный по глубине поиск 142.53 KB
  Методы не информированного поиска. Поиск в ширину,в глубину, однородной стоимости, ограниченный по глубине поиск. Основная проблема в области поиска - нахождение хорошей стратегии поиска для заданной задачи. Страт...
8126. Методы неинформированного поиска. Поиск с итеративным углублением, двунаправленный поиск. Поиск c удовлетворением ограничений. Cложность методов поиска 241.79 KB
  Методы не информированного поиска. Поиск с итеративным углублением, двунаправленный поиск. Поискc удовлетворением ограничений. Cложность методов поиска. Итеративно углубляющийся поиск. В ограниченном по глубине пои...
8127. Методы информированного поиска. Поиск сначала лучший. A*-поиск. 316.08 KB
  Методы информированного поиска. Поиск сначала лучший. A*-поиск. Методы не информированного (слепого) поиска в большинстве случаев неэффективны. Эффективность поиска может быть повышена за счет использования дополнительны...
8128. Альфа-бета отсечение 392 KB
  Альфа-бета отсечение (конспект) При минимаксном поиске количество состояний игры, которые должны быть исследованы в процессе поиска, экспоненциально зависит от количества ходов. Эту зависимость, к сожалению, невозможно устранить, но существует возмо...
8129. Архитектура доски объявлений (ДО) 238 KB
  Архитектура доски объявлений (ДО). (Конспект) Архитектура ДО. В первой половине 70-х годов по заказу Управления перспективных исследований США DARPA рядом американских университетов была выполнена пятилетняя исследовательская программа, направленная...
8130. Модели представления и обработки неопределенных знаний. Коэффициенты уверенности Шортлифа 71 KB
  Модели представления и обработки неопределенных знаний. Коэффициенты уверенности Шортлифа. (Конспект) Представление и обработка в ЭС неопределенных знаний Экспертным знаниям, как правило, присуща неопределенность. В инженерии знаний принято выделять...
8131. Нечеткие множества. Лингвистическая переменная. Нечеткая логика. Нечеткий вывод. Композиционное правило вывода 142.5 KB
  Нечеткие множества. Лингвистическая переменная. Нечеткая логика. Нечеткий вывод. Композиционное правило вывода. (Конспект) В основе понятия нечеткого множества (НИ) лежит представление о том, что обладающие общим свойством элементы некоторого множес...
8132. Байесовские сети 75.5 KB
  Байесовские сети (Конспект) Теорема Байеса: Пусть Ai - полная группа несовместных событий, тогда формула Байеса (формула перерасчета гипотез) и B некоторое событие положительной вероятности Доказательство следует из теоремы умножения и формулы...
8133. Модели планирования действий в системах искусственного интеллекта 94.5 KB
  Модели планирования действий в системах искусственного интеллекта Задача планирования. Язык описания состояний и действий. Планирование на основе поиска в пространстве состояний. Планированием называется процесс выработки последовательности действий...