A Pathology of Computer Viruses

Lieferzeit: Lieferbar innerhalb 14 Tagen

53,49 

ISBN: 3540196102
ISBN 13: 9783540196105
Autor: Ferbrache, David
Verlag: Springer Verlag GmbH
Umfang: xiv, 306 S.
Erscheinungsdatum: 11.11.1991
Format: 2 x 24.1 x 16.5
Gewicht: 540 g
Produktform: Kartoniert
Einband: Kartoniert
Artikelnummer: 301797 Kategorie:

Beschreibung

The 1980's saw the advent of widespread (and potentially damaging) computer virus infection of both personal computer and mainframe systems. The computer security field has been comparatively slow to react to this emerging situation. It is only over the last two years that a significant body of knowledge on the operation, likely evolution and prevention of computer viruses has developed. A Pathology of Computer Viruses gives a detailed overview of the history of the computer virus and an in-depth technical review of the principles of computer virus and worm operation under DOS, Mac, UNIX and DEC operating systems. David Ferbrache considers the possible extension of the threat to the mainframe systems environment and suggests how the threat can be effectively combatted using an antiviral management plan. The author addresses the latest developments in "stealth" virus operations, specifically the trend for virus authors to adopt extensive camouflage and concealment techniques, which allow viruses to evade both existing anti-viral software and to avoid detection by direct observation of machine behaviour. A Pathology of Computer Viruses addresses a distinct need - that of the computer specialist and professional who needs a source reference work detailing all aspects of the computer virus threat.

Autorenporträt

Inhaltsangabe1 Introduction.- 1.1 Preamble.- 1.2 What is a Computer Virus?.- 1.3 Worms: Networked Viruses.- 1.4 Terminology.- 2 Historical Perspectives.- 2.1 Introduction.- 2.2 1960s: Early Rabbits.- 2.3 1970s: Fiction and the Worm.- 2.4 1980-1983: Genesis.- 2.5 1984-1986: Exodus.- 2.6 1987: Mac, Atari and Amiga Next.- 2.7 1988: Proliferation and Disbelief.- 2.7.1 January-March.- 2.7.2 April-September.- 2.7.3 October-December.- 2.8 1989: Reaction by the Community.- 2.8.1 January-March.- 2.8.2 April-June.- 2.8.3 July-September.- 2.8.4 October-December.- 2.9 1990: Organisation and Litigation.- 2.9.1 January-April.- 2.9.2 May-September.- 2.9.3 October-December.- 2.10 Summary.- 3 Theory of Viruses.- 3.1 Introduction.- 3.2 Addition of Viral Code.- 3.3 Detection of Viruses.- 3.4 Classes of Viruses.- 3.5 Thompson: and Trusting Trust.- 3.6 Biological Analogies.- 3.6.1 Biological Viruses.- 3.6.2 Parallels Between Low Level Operation.- 3.6.3 High Level Parallels.- 3.7 Quest for Life.- 3.8 Evolution: Genetic Algorithms.- 3.8.1 Random Mutation.- 3.8.2 Programmed Mutation.- 3.8.3 Genetic Algorithms.- 3.8.4 Growth and Death.- 4 Operation of PC Viruses.- 4.1 Introduction.- 4.2 PC Boot Sequence: Initialisation.- 4.3 BIOS and DOS.- 4.4 Master Boot Record.- 4.5 DOS Boot Sector.- 4.6 System Initialisation.- 4.7 Batch Processing Viruses.- 4.8 COM and EXE Viruses.- 4.8.1 Non-overwriting Prepending COM Infectors.- 4.8.2 Overwriting COM Infectors.- 4.8.3 Non-overwriting Appending COM Infectors.- 4.8.4 EXE Viruses.- 4.9 Resident and Transient Viruses.- 4.10 Manipulation by Viral Code.- 4.11 Activation Criteria.- 4.12 Camouflage.- 4.12.1 Concealment in Infected Files.- 4.12.2 Encryption of Viral Code.- 4.12.3 Hiding of Viral Code.- 4.12.4 Checksum Calculation.- 4.12.5 Prevention of Alteration Detection.- 4.12.6 Concealment of Viral Code in Memory.- 4.12.7 Concealment of Viral Activity.- 4.12.8 Concealing Disk Activity.- 4.12.9 Concealing System Slowdown.- 4.13 Replication.- 4.13.1 Locating a Host.- 4.13.2 Signatures.- 4.13.3 Miscellaneous Topics.- 4.13.3.1 Corresponding File Virus.- 4.13.3.2 SYS Virus.- 4.13.3.3 Multi-vector Viruses.- 4.13.3.4 Multi-architecture Viruses.- 4.13.3.5 Architecture Dependent Viruses.- 5 Management of PC Viruses.- 5.1 Perspective on Security.- 5.2 Components of a Virus Control Scheme.- 5.3 Prevention of Virus Attack.- 5.3.1 Physical Access Constraints.- 5.3.2 Electronic Measures.- 5.3.2.1 Physical Feature Verification.- 5.3.2.2 Knowledge Verification.- 5.3.2.2.1 Passwords.- 5.3.2.2.2 Background Verification.- 5.3.2.2.3 Other Techniques.- 5.3.2.3 Possession Verification.- 5.3.3 Media Access Controls.- 5.3.4 Network Access Controls.- 5.3.4.1 Identification of Access Controls.- 5.3.4.1.1 Centralised Network File Servers.- 5.3.4.1.2 Distributed Trust.- 5.3.4.1.3 Network Transport by Public Carrier or Accessible Media.- 5.3.5 Ideological Controls.- 5.3.5.1 User Education.- 5.3.6 Management Policies.- 5.3.6.1 Training of Employees.- 5.3.6.2 Use of Anti-viral Measures.- 5.3.6.3 Compartmentalisation.- 5.3.6.4 Centralisation.- 5.3.6.5 Personnel Policies.- 5.3.7 Vaccination and Inoculation.- 5.4 Detection of Viral Code.- 5.4.1 Monitoring and Logging.- 5.4.2 Signature Recognition.- 5.4.3 Generic Code Recognition.- 5.4.4 Sacrificial Lamb.- 5.4.5 Auditing.- 5.4.6 Use of Expert Systems to Analyse Viral Behaviour.- 5.4.7 Fighting Fire with Fire.- 5.5 Containment of Viral Code.- 5.5.1 Hardware Compartmentalisation.- 5.5.1.1 Virtual Machine.- 5.5.1.1.1 80386 Task Switching Support.- 5.5.1.1.2 80386 Paged Segmented Memory.- 5.5.1.1.3 Accessing OS Code.- 5.5.1.1.4 Segment Permissions.- 5.5.1.1.5 Paged Memory Operation.- 5.5.1.1.6 Input/Output Operations.- 5.5.1.1.7 Virtual Machine in Software.- 5.5.1.2 Automatic Flow Verification.- 5.5.1.3 Software Distribution: Ensuring Trust.- 5.5.2 Software Compartmentalisation.- 5.5.2.1 Interrupt Trapping Code.- 5.5.2.1.1 Configurable Monitors.- 5.5.2.1.2 Operation of a Monitor.- 5.5.2.1.3 Extensions to Real Time Moni

Herstellerkennzeichnung:


Springer Verlag GmbH
Tiergartenstr. 17
69121 Heidelberg
DE

E-Mail: juergen.hartmann@springer.com

Das könnte Ihnen auch gefallen …