ebook img

Guide to Computer Viruses: How to avoid them, how to get rid of them, and how to get help PDF

480 Pages·1994·48.572 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Guide to Computer Viruses: How to avoid them, how to get rid of them, and how to get help

Robert Slade's GUIDE TO COMPUTER VIRUSES Robert Slade's GUIDE TO COMPUTER VIRUSES How to avoid them, how to get rid of them, and how to get help With J9 Illustrations and a Diskette Springer-Verlag New York Berlin Heidelberg London Paris Tokyo Hong Kong Barcelona Budapest Robert Slade Vancouver Institute for Research into User Security 3118 Baird Road North Vancouver BC Canada V7K 2G6 E-mail: [email protected] Cover photo © Omikron, Science Source/Photo Researchers. Library of Congress Cataloging-in-Publication Data Slade, Robert M. [Guide to computer viruses] Robert Slade's guide to computer viruses: How to avoid them, how to get rid of them, and how to get help. p. cm. Includes bibliographical references and index. ISBN 0-387-94311-0 (New York).-ISBN 3-540-94311-0 (Berlin) 1. Computer viruses. I. Title. II. Title: Guide to computer viruses. QA76.76.C68S55 1994 005.8-dc20 94-21645 Printed on acid-free paper. © 1994 Springer-Verlag New York, Inc. All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer-Verlag New York, Inc., 175 Fifth Ave nue, New York, NY 10010, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use of general descriptive names, trade names, trademarks, etc., in this publication, even if the former are not especially identified, is not to be taken as a sign that such names, as understood by the Trade Marks and Merchandise Marks Act, may accordingly be used freely by anyone. Production coordinated by Impressions and managed by Bill Imbornoni; manufacturing supervised by Jacqui Ashri. Typeset by Impressions, a division of Edwards Brothers, Inc., Madison, WI. 9 8 7 6 5 4 3 2 1 ISBN-13: 978-0-387-94311-4 e-ISBN-13: 978-1-4684-0227-8 DOl: 10.1007/978-1-4684-0227-8 To Gloria PREfACE If you have bought this book in a panic because you suspect that your computer is already infected by a virus, please turn to Chapter 2-the "Beginner's Panic Guide to Viral Programs." The only audience the book is not for is serious antiviral research ers-and those looking for a "how to write" cookbook. The CIO of a Fortune 1000 company needs to know the reality and scope of the prob lem, and how to "shortlist" the available resources. The technical man ager needs product contact and assessment information. The technical support or help desk worker needs accurate information on how to deal with the problem. Small business owners need to know how to protect themselves and their business information. The computer retail and repair person needs to avoid infecting his or her customers. The home user needs all the help he or she can get. The book is written to apply to all systems-micro, network and mainframe. The concepts are the same in all cases. Examples are drawn from many systems, although MS-DOS predominates since the concepts are clearest when presented with MS-DOS examples. Tech nical experts working in other operating systems should be able to ex trapolate from the examples given here-the average user shouldn't have to worry too much about the technical differences. Contacts are listed for Amiga, Atari, Macintosh, MS-DOS, OS/2, and UNIX systems. The text of the book has been written with the average nontechnical computer user in mind. Jargon and assumptions about familiarity with technical concepts are kept to a minimum. At the same time, based upon experience in seminars, the material is sufficiently esoteric to be new and of interest to technical experts outside the virus research field. The material is based upon a weekly column that has been vetted for accuracy by the best of the international virus research community, as well as upon seven years of compilation. The contact and review infor mation is the result of thousands of hours of compilation and testing over four years. Not all parts of the book will appeal to all audiences. For example, even the "Beginner's Panic Guide" might be beyond the absolute neo phyte who doesn't yet know how to get a directory listing. I'm sorry, but to write a step-by-step guide at that level would just make the book too big. By the same token, experienced technical people will find the vii viii ROBERT SLADE'S GUIDE TO COMPUTER VIRUSES description of basic computer functions to be quite elementary (al though I hope not simple to the point of inaccuracy). However, there should be something in the book for just about everyone. Even the executive or manager who can't read his or her own E-mail should be able to understand the scope and concepts of the problem and appreciate the policies and procedures to minimize risk. In addition, given the wide range of viral activities and the scarcity of accurate information (not to mention the abundance of rumors and myths), even the most technically literate should find new information regarding defense and recovery. Hopefully for the vast majority of "in termediate" users, this should be a help, comfort, and resource. I hope nobody who buys the book will ever need it. The odds, ac cording to the best available studies, seem to indicate that a quarter of those who do will use it within two years. About 25 books have been published on this topic altogether. Many are over three years old, a lifetime in a field where software "generations" are measured in months. A number are written to promote a specific product. Those few remaining that are reasonably accurate are intended for the re search, academic, or technical audience, and not for the average man ager or user. Most popular personal computer magazines have reviewed anti viral software from time to time. These reviews tend to cover the same few products each time and have been almost universally condemned by the research community. The reviews are technically suspect and subjective. Mediocre products are consistently given the highest re views, tending to indicate that rankings are assigned on the basis of advertising budget. It is difficult to decide a proper order for the presentation of this material. To a large extent, the chapters are independent from each other and can be read in almost any order. I think this order makes as much sense as any, but feel free to read as you please. Much of this is intended to be reference material, although I hope it is readable as well. Also, some material is covered in more than one place. For example, defining the terms "stealth" and "polymorphism" requires much tech nical detail so you will find as much information on them in the defi nitions chapter as in the chapter on viral functions and operations: possibly more. Chapter 1 Introduction: Definitions, Jargons, and Myths What is a virus? What related problems are not viral? What are the other types of "malware"? Terminology of viral programs and virus research. PREFACE ix Chapter 2 Beginner's Panic Guide to Viral Programs What to do if you (or a friend) is infected and have made no prepara tions. Chapter 3 History and Examples of Viral Programs Some cases and descriptions of major viral programs or attacks on MS DOS, Mac, and mainframes. The descriptions give some back ground and framework to the functions discussed in Chapter 4. Chapter 4 Computer Operations and Viral Operations Discussion of computer functions used by viral programs. Why a "per fect" defense isn't possible. How viral programs attack, and what to look for. Chapter 5 Antiviral-Protection Checklist How to protect yourself and reduce the risk of virus infection. Policies, procedures, and tools you already have to detect infections. Chapter 6 Antiviral Software and Evaluation What the types of antiviral software are, and their strengths and weak nesses. How to choose the best type for your situation. Chapter 7 The Virus and Society Opinion and social implications concerning: • Hackers, crackers, phreaks, and virus writers • The "no sharing" rule • "Teaching" virus writing • Trends in virus technology • The scope of the problem • Computer "Third World" hygiene It may seem strange, but the appendices are longer than the book. They include: A Frequently Asked Questions B Quick Reference Antiviral Review Chart C Reviews of Antiviral Products D Antiviral Vendors and Contacts Listing E Antiviral Bookshelf F Antiviral BBS Listing G Glossary (terms used in antiviral research) x ROBERT SLADE'S GUIDE TO COMPUTER VIRUSES H Antiviral Checklist I Antiviral Files on Accompanying Disk Included with this book is a disk with antiviral software for MS DOS and Macintosh systems. All of the programs are functional and effective, and you are allowed to try any of them that you wish. Some are shareware, and if you continue to use the programs you should register them with the authors. Full details are included with the doc umentation in each archive file. The programs are provided both to get you started with some an tiviral software and to provide you with examples of the types of anti viral software. Disinfectant, for the Macintosh, is an antiviral scanner. The four programs for MS-DOS represent two scanners, two change detection programs (one specialized for boot-sector infectors), and one activity monitor. Please see Chapter 6 for more details on antiviral soft ware and Appendix I for more details on the disk and files. The disk is a 3lJz" high density (1.44 megabyte) MS-DOS formatted disk. I am in full sympathy with those who find this to be a problem and can only ask for your forbearance in what is, after all, a matter of practical constraint in production. This format has been chosen as the most accessible to the greatest number. I became interested in the virus field following studies into the so cial aspects of computing and the risks of various types of technologies. In 1987 the first major virus infestations occurred, taking them out of the realm of academic curiosity and into the position of a real security threat. Acting initially as the unofficial archivist for the budding re search community, I eventually specialized in evaluating antiviral products, maintaining what have come to be termed "Mr. Slade's Lists" of antiviral contacts, products and BBSes. Since 1991 I have written a weekly "tutorial" column for the on-line community. Most recently this has been augmented by a weekly "news and gossip" column. In a very real sense I did not write this book, I only compiled it. The field of virus research is very small, but even so the level of tech nical detail is so wide-ranging that no one person can encompass it all. To a large extent, then, this is the work of the international virus re search community, and primarily those who meet around the digital campfire known as VIRUS-L or camp. virus , moderated through the dedication of Ken van Wyk. The attendees are too many to name here. Some get named in the body of the book someplace-most don't. All have my thanks. William D. Knipe did the cartoons. Thanks to Dr. Kinsey who observed that you can eventually get PREFACE xi some interesting results out of any field of research, as long as you collect enough data. Thanks to all those computer users who, in 1989 and 1990, kept asking which antiviral software was the best and who got me into this. CONTENTS Preface vii CHAPTER 1 Introduction: Definitions, Jargon, and Myths 3 What and What Not 3 Related Programs 6 Special Terms 12 Viral Myths 17 CHAPTER 2 Beginner's Panic Guide to Viral Programs 29 Don't Panic 29 Power 31 Backups 32 Getting Started 33 Assume You're Wrong 37 Scanners 38 Other Antivirals 39 Local Reports 41 Weird Behavior 44 Cleanup 45 CHAPTER 3 History and Examples of Viral Programs 47 Early History 47 Viral Examples 54 CHAPTER 4 Computer Operations and Viral Operations 91 Boot Sector Infectors 91 File Infectors 97 The Viral Use of Computer Operations and Functions 103 CHAPTER 5 Antiviral-Protection Checklist 123 Antiviral Checklist 124 CHAPTER 6 Antiviral Software and Evaluation 137 Standards and Measures 137 User Reaction and Interface 142 xiii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.