2.2 THE PROCESS OF INFECTION

 To understand how a malware infects a system, we go back to the elementary working of a computer. On booting, the system carries out the ROM (Read Only Memory) instructions, the first being the power on Self Test which is followed by the bootstrap process of reading the boot record and loading of the disk operating system. The booting process culminates into the system prompt displayed on the monitor.

The infection may begin as soon as a computer system boots from a contaminated disk or executes an infected program. Whatever malwares are present gets activated, which immediately begin to spread throughout the system.

Another important aspect that needs mention here is the interrupt mechanism. All input/output activities on a PC are carried out by interrupts. We will try to understand the concept of interrupt with an example. Let us say, a user wishes to save his program and presses on the key board. This is treated as an interrupt. The main memory has specific routines to handle these user requests. The program that services the interrupt request is termed as Interrupt Service Routines (ISR's) and is located in the memory with their addresses. Then interrupt request activates a number and not the routine address, thus, there exists a table with the interrupt numbers and the corresponding routine address. When an interrupt request is made, the CPU looks up the table, performs the required routines and transfers the control back to the program. 

The contents of ISR address table being in the RAM is vulnerable to modification by user programs and that is what a virus doesmodifying the ISR'S.

The first commercial application of malware was in 1985, when two Pakistani brothers, in order to keep track of software piracy used Brain Virus (also known as Pakistani virus) on their low cost software sold from their outlet in Lahore. Hidden in nearly every disk they sold, was an extra program not supplied by the original manufacturer a snippet of computer code, selfreplicating in nature that would infect an unauthorized user's computer by disrupting his operations. These selfreplicating programs multiplied so fast that, today, they created a great threat to the smooth operation of a computer.

Comments

Post a Comment

Popular posts from this blog

3.8 SECURE NETWORK DEVICES

 In this unit, we have already learnt that the firewall is only one entry point to your network. Modems, if you allow them to answer incoming calls, can provide an easy means for an attacker to sneak around, your front door (or, firewall). Just as castlesweren't built with moats only in the front, your network needs to be protected at all of its entry points. Secure Modems, DialBack Systems If modem access is to be provided, this should be guarded carefully. The terminal server, or network device that provides dialup access to your network needs to be actively administered, and its logs need to be examined for strange behavior. Its passwords need to be strong not ones that can be guessed. Accounts that aren't actively used should be disabled. In short, it's the easiest way to get into your network from remote: guard it carefully. There are some remote access systems which have the feature of a twopart procedure to establish a connection. The first part is the remote user di...
Read more

3.5 SECURITY ISSUES FOR SMALL AND MEDIUM SIZED BUSINESSES

 Small and medium sized businesses use the Internet and networked applications to reach new customers and serve their existing ones more effectively. At the same time, new security threats and legislation puts increased pressure on business networks to be reliable and secure. Business Challenges According to recent studies, security is the biggest challenge facing small and mediumsized businesses. Everchanging security threats from both inside and outside the business network can wreak havoc on business operations, affecting profitability and customer satisfaction. Small and mediumsized businesses must also comply with new regulations and laws created to protect consumer privacy and secure electronic information. Security issues for small and medium – sized businesses are classified into 5 basic categories: Worms and Viruses As per research, Computer worms and viruses remain the most common security threat, with 75 percent of small and medium businesses affected by it.. Worms and v...
Read more

3.4 TOPOLOGIES

Image
 In computer networking, topology refers to the layout of connected devices. You can think of a topology as a structure of a network. This shape does not necessarily correspond to the actual physical layout of the devices on the network. Network Topology is the study of the arrangement or mapping of the elements (links, nodes, etc.) of a network interconnection between the nodes. It also determines the strategy for physically expanding the network, in future Topologies can be physical or logical. Physical Topology means the physical design of a network including the devices, location and cable installation. Logical Topology refers to the fact that how data actually transfers in a network as opposed to its design. Following are the considerations for choosing a Topology: · Costing: Some kind of topology may be less expensive compared to others in terms of installation (for example Bus topology). · Length of cable: It is needed to connect machines in a network. · Network scalability:...
Read more