Followers

Wednesday, August 25, 2010

Firewall and Virus Protection.


ABSTRACT

The ultimate goal of this subject is to expose the information about the virus infection and firewall including history of the virus, who found them, categories and types of viruses, how it’s spread, what virus can do, symptoms of infection, how is virus looks like and how to avoid virus infection .
As a result from this report, readers who read this report will gain a valuable knowledge in determine the virus symptom and will know how to protect the personal computer (either desktop or laptop) from the virus intrusion.


Keyword
Malware, destructive, propagate, virus, worm, Trojan, multipartite, boot sector, cloning, spyware.


1.0 INTRODUCTION

Computer viruses are major nuisance and cause huge amounts of damage. They delete the files, important data, programs or confidential emails from user computers and they install a program which allows hackers, spammers attacks to the infected machine. And crucially, besides having done it its damage, the virus then attempts to copy itself to other computers via email or via victims own network. This copying or cloning are defines the program as a true virus.

Viruses have “evolved'' over the years due to efforts by their authors to make the code more difficult to detect, disassemble, and destroy. This evolution has been especially apparent in the IBM PC viruses; since there are more distinct viruses known for the DOS operating system than any other.

Meanwhile Firewall is an electronic filter that allow computer users to block communication over the internet from the virus attacks. It’s a utility that detects and protects a personal computer and its data from unauthorized intrusions. Firewall constantly monitor all transmissions to and from computer and will inform to the user of any attempted intrusion. Firewall not only using by personal user for their personal desktop or personal PC but its also use by large companies. Companies use firewalls to protect network resources from outsiders and restrict employee’s from accessing to sensitive data .

2. 0. OBJECTIVE

There are several objectives to discuss about this topic which are:-

2.1. To know history of virus.
2.2. To know what is virus exactly.
2.3. To know what is the Worm and Trojan Horses. Are they same with categories?
2.4 Where virus always hide which is determine the type of virus.
2.5 How viruses spreads.
2.6 Symptoms of computer being infected by virus.
2.7 How to avoid infection
2.8 What is a Firewall?

3.0 VIRUS

As an IT technology is rapidly change, virus also become more advanced because the authors created the virus more difficult to detect and destroy. The content of this report will discuss all about the virus and firewall that function as a security. The content as follows:-

3.1 HISTORY OF VIRUS

Lot of people fear their computer getting a virus, but don’t really even understand how computer viruses got started. The term “Computer Virus'' was formally defined by Mr. Fred Cohen in 1983, while he performed academic experiments on a Digital Equipment Corporation VAX system. Cohen was the first to suggest that one computer program would be able to infect another. He later noted that a virus can spread through a computer system or network by using authorizations of another user to infect their programs. Then every program that becomes infected can also act as a virus itself, spreading the virus from one computer to another.

The first computer virus written was in 1982 by a man named Rich Skrenta and Elk Cloner is the first virus spreads. Elk Cloner work by attaching itself to the Apple DOS operating system and was spread to other computers via of a floppy disk. “It will get on all of your disks, It will infiltrate your chips, Yes it’s Cloner” was the message displayed on the computer and tells the computer it was infected by virus.

The next well known computer virus was a PC virus called Brain. This virus was a boot sector virus created by two brothers Basit and Amjad Farooq Alvi in 1986. Both of them claimed they have not created the virus to intentionally infect other operating systems but instead claim that they had created the virus and attached it to software they had written in order to prevent pirated copies of their work from being created.


3.2 WHAT IS VIRUS EXACTLY ?

The phrase computer virus is actually an acronym. The word VIRUS stands for Vital Information Resources Under Siege. Virus is one of the several types of malware and it is a program or code created by a human that have a capability to attaches itself to a legitimate, executable piece of software and replicate itself. They can be transmitted through emails or downloaded files even can be present on floppy disks or any other sort of digital media. After transmitted they will operate themselves by spreading themselves into programs, documents, email attachments etc and will destructive those infected file or programs.

Some viruses, work quickly to damage the system computer while others can linger for months before we notice the real problem and some viruses also will start to copy themselves into machine computer and start to fill up disk space in the system memory, slowing down computer system and degrading the systems performance. Other virus, can be more serious and erase programs, corrupt or destroy selected files and it will crashing the computer system.

Beside the virus, there are another two categories of malware that quite popular which are Worms and Trojan Horses which mainly differ in the way they are hide , transmitted or spread and what damage they do.

3.2.1 WORM

A worm is one of the malicious programs that replicate itself within computer system. However it does not need a host program to propagate itself which means worm does not have to attach itself to a computer system like virus does in order to function. For example virus requires some action from a user to propagate such as transfer one file from computer to another computer, while worms replicate itself without any interference. This is the main differences between virus and worm. Another difference between them is worms generally will harm surrounding network and can spread so quickly within a large organization and will cause the network to crawly slow or collapsed the entire network.

3.2.2 TROJAN HORSE

Actually this “Trojan Horse” has been discovered from a parable of the ancient Greek story of the Trojan Horse. It tells where a group of warriors invades a city by hiding within a giant wooden horse. The residents of the city thought the horse to be a gift, they never know what was hidden inside so they rolled the horse in bringing their enemy within the city walls with it.

Technically, Trojan Horse is one of the malicious program which merely deletes files or install a back door but unable t replicate itself to another computers. It can easily download unintentionally. For example many computer games are designed in such that and hosted free, when a user executed that program it opens a back door to allows a hacker to control the user’s computer and steal the confidential and important information.

3.3 WHERE VIRUS HIDES @ TYPE OF VIRUS

The places or area which virus usually hides determine the types of virus. Virus usually hides at the different places such as Boot Sector Virus, File Viruses, Macro viruses, Multipartite Viruses. Polymorphic Virus etc.

3.3.1 BOOT SECTOR VIRUS

Boot sector is a sector of hard disk, floppy disk or similar data storage that contains code for booting programs. A boot sector virus infects or substitutes its own code for either the DOS boot sector or the Master Boot Record (MBR). The MBR is small program that runs every time the computer starts up. It controls the boot sequence and determines which partition the computer boots from. The MBR generally resides on the first sector of the hard disk and boot sector virus is hides in this area. Once the boot code on the drive is infected, the virus will be loaded into memory on every startup. From memory the boot virus can spread to every disk that the system reads. At the same time it will replace boot program with a modified and infected version of boot command utilities. Because of that, it will cause boot and data retrieval problems.

A boot sector virus is usually spread by infected floppy disks. In the past, there were usually bootable disks, but this is no longer the case. A floppy disk does not need to be bootable to transmit the virus. Any disk can cause infection if it is in the drive when the computer boots up. The virus can also be spread across networks from file downloads and from e-mail file attachments. In most cases, all write-enabled floppies used on an infected PC will themselves pick up the boot sector virus.

Some CMOS setups can be configured to prevent writing to the boot sector of the hard drive. This may be of some use against boot sector viruses. However, if we need to reinstall or upgrade the operating system, we will have to change the setting back to make MBR is writable again.

3.3.2 FILE or PROGRAM VIRUS

File or program virus is referring to the executable program or code such as ‘.com’ , ‘.bin’, ‘.exe’ etc. These infect executable program files such as those extension. These programs are loaded in memory during execution taking the virus with them. The virus becomes active in memory, making copies itself and infecting files on disks.

3.3.3 MACRO VIRUS

A macro virus is computer virus that hiding in a data file such as Microsoft Word, Microsoft Excel that contains macro or similar application. When open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template (Normal.dot) - a general purpose file that stores default document formatting settings. Every document open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers. A well known example was the Melissa Virus.

3.3.4 MULTIPARTITE VIRUS

Combination of a boot sector virus and file virus called as a Multipartite Virus. It also known as “Polypartite” .This method is one of the ways of virus hide which will infect at both of boot sectors and program files simultaneously. If the computer system was infected in this method, it’s very difficult to repair because it’s spreads at different locations. For example if we are in the process of cleaning the boots area that was infected and just want to start to clean the files, chances the boot sector re-infect is high. Another example is if the virus in a boot area has not removed yet, any files that we have cleaned before will re-infect.

3.3.5 POLYMORPHIC VIRUSES

A polymorphic virus is a virus that can encrypt its code in different ways so that it appears differently in each infection. This action is called as mutate. This technique is sometimes used by viruses, worms to hide their presence. Most antivirus attempt to locate malicious code by searching through computer files and data packets sent over a computer network. If the security software finds patterns that correspond to known computer viruses or worms, it takes appropriate steps to neutralize the threat. These viruses are more difficult to detect as it constantly mutates.



3.4 HOW VIRUSES SPREAD

Before the Internet became so widely accessible, computer viruses were generally spread through hardware such as floppy disks, CDs, DVDs, USBs or other removable media. If those removable media was infected, it could easily spread around pretty quickly. For example “Floppy Disk-Hafiz” was infected by virus and someone is used that floppy disk to transfer one file from one PC to another PCs. In a parallel virus will spread their selves by attaching themselves to the file stored on the infected floppy disk during the file migration. Due to that, the entire PC’s that has been used the Floppy Disk-Hafiz became infected after received or copied the file.

As the internet became more widely used and technology became more advanced, computer viruses continued grow and become more common to spread, or cause damage via a network connection. Most computer virus threats these days come in the form of information transferred on the Internet, such as during downloadable files, programs, emails etc but the most common way that viruses travel between computers are through email. Spreading by email is the easiest way. The virus is simply scans the hard disk of the computer on which it resides, looking for email addresses in documents and other files. The main factor is because many people in medium and large companies are using Microsoft Outlook for their email and their contact book. A common technique virus do is to scan the Outlook address book and send the virus to everyone on it. The recipient will get an attachment that appears to come from someone they know and will therefore trust it . especially if the attachment is accompanied by a message from the recipient’s contact that says something like “Here’s that picture you wanted” or “try this – you’ll love it”. Therefore, recipients will clicks on the attachment and unknowingly releasing a harmful virus in the computer system. The virus programs runs, and the process starts again on yet another machine.

This is contrast to the early days, a decade ago when they spread by copying themselves to the boot sector of whatever floppy disk was in the A drive. When that disk was used to boot another computer or when an infected disk was accidently left in a drive the computer was being rebooted, the virus would execute.

3.5 WHAT VIRUS CAN DO

Viruses commonly carry out on infected computers are the following:-

Ø Installing spamming back-door. This is a facility that allows spammers to connect to the infected computer in order to send spam via the user’s email account. By installing sophisticated back door software on PC’s through viruses, the spammers always have a continuous supply of email servers and account to exploit.

Ø As mentioned earlier, virus can send or delete files. The virus scan the victim’s hard disk in search particular files, and either deletes them or emails them to the creators of virus. Or in some cases, uploads them to a hacker Web site for the world to see.

3.6 SYMPTOMS OF VIRUS INFECTION

If computer was infected by virus, it will show an abnormal behavior. Symptoms of virus infection as the following:-

Ø Spontaneous system reboots meanings that system will reboot without order or instruction from the user. For example users are doing their daily work using their infected computer and suddenly the computer is shut off.

Ø Programs take longer to load. Memory-intensive operations take a lot of time to start. For example normally normal computer will took around 10 seconds to boot up or few seconds to open a file but once their computer have been infected, it will take longer time to open or load.

Ø Programs may hang the computer or not work at all. Any computers that have been infected, the programs will hang which means that we can’t do anything such as copy, open or scroll down any document we needed and for any documents that already opened, sometimes user cannot edit or type what their wanted to do.

Ø Application crashes. Some computers users especially animation designer or creator and etc, need a graphic applications such as Photoshop application or Macromedia application and etc to do their project but if their computer infected, those application may be crashes, cannot be run or use anymore.

Ø Sound problem with speaker or sound card. Computers which have been infected by virus also will impact the sound or speaker system. For example during boot up, the normal computer (clean computer) will generate a normal boot up sound but if the systems have been infected, the sound will be different.

Ø Corrupted hard disk data. Data or files inside the computer cannot be read if the virus have attack the hard disk.

Ø Increased use of disk space and growth in file size-the virus attaches itself to many files.

Ø A change in dates against the filenames in the directory. When the virus modifies a file the operating system changes the date stamp.

Ø The floppy disk and hard disk is suddenly exceeded without logical reason. The floppy disk and hard disk drive are the storage that contains circular platters that magnetically store data, instruction and information. The capacity of information, data or file in that stored can be read by checking their properties (for example: used space of hard disk is 937MB and free space is 2.8G). The actual free space which is 2.8G may decreased to 1G because the growth of virus inside there.

Ø Abnormal write-protect errors. The virus trying to write to a protected disk. Means that user of the infected computer cannot save, write or remove any documents, data or files inside the hard disk.

Ø Strange characters appear in the directory listing of filenames.

Ø Strange messages like "Type Happy Birthday Joshi" (Joshi Virus) or "Driver Memory Error" (kak.worm) appear on the screen and in documents.

Ø Strange graphic displays such as falling letters or a bouncing ball appear on screen.

Ø Junk characters overwrite text in document or data files.

3.7 HOW TO AVOID INFECTION

Anyone that has a computer knows the fear that computer viruses can invoke crashed computers, infected files, loss of information, etc. Fortunately, though computer viruses continue to evolve, so does a computer protection, such as :-

§ Anti-virus software

§ Anti-spyware

§ Firewall

3.7.1 Have Antivirus software & regularly scan.

The first thing have need to do in order to protect computer from viruses is to install a good antivirus protection or high quality antivirus program. This generally consists of good anti virus software, a spyware program and firewall. After installed the anti-virus, make sure to update it regularly and scan the computer and other storage media and it must be done frequents. There are some of the antivirus available on the market such as :

1. Kaspersky Antivirus
2. Norton Antivirus
3. AVG Antivirus
4. Norton Internet Security
5. Panda Antivirus
6. Mc Afee Antivirus
7. Bit defender
8. Avast antivirus
9. Avira Antivirus
10. Trend micro Pc-Cillin

Protecting the computer from the harmful programs is actually quite simple and easy to do with just a few simple practices.

3.7.2 Antivirus Software Features to Look for

· Ability to download new software upgrades from the Internet.
· Ability to automatically execute at startup.
· Ability to detect macros in a word-processing document as it is loaded by the word processor.
· Ability to automatically monitor files being downloaded from the Internet.
· Can be configured to scan memory and boot sector of hard drive for viruses each time PC is booted.
· Consider scheduling AV software to run at same time every day.
· Can be set to run continuously in the background and scan all programs that are executed.
· Can cause problems with other software, especially during installations.

3.7.3 Testing antivirus software

Testing the antivirus software is to make sure the installed antivirus is working properly. The way is by use the EICAR test virus. This file is developed by the European Institute for Computer Antivirus Research. This file is totally harmless and will be detected by most major antivirus programs. The test file was specially designed to contain no special characters as follow:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Steps:

1. Type this file using text editor such notepad
(or download it from Web by typing ‘eicar test’ into the search engine)

2. Save the file as eicar.com

3. Once saved, if the antivirus is working there is one small

window or message box in the bottom left will prompt says ‘Deleted and backup copy is created’ as per below.

If the said Message Box prompted, it tells us the current antivirus is working

3.7.4 Careful in downloading

Many virus and other damaging programs these days are connected by means of the internet. A person should always practice when on the Internet to avoid infection. Should avoid downloading files and programs from the Internet that not familiar because this is the top ways that infected files can get into the computer. As a precaution or for the safest option is to be mindful of what do we need to download.

3.7.5 Careful of email attachment or instant messaging

Catching a virus through email or instant messaging is another way that many computers get infected. We should be cautious of files and we open through email or instant messenger as these can infect the computer. Try and avoid opening emails from people we don’t know and from downloading from emails and instant messenger. However some virus is came from someone we know, so extra careful in opening email or attachment from that person especially the email is sent only for us (no other recipient).

3.7.6 Back up files

Back up files so that can restore them if a virus damages them. But make sure to scan the backup files before restoring back to the computer that have been repair. This is because the back up file that already infected with a virus can re-infect the computer system by restoring files form the back up copies. Therefore, check back up files with virus scanning software before using them.

3.7.5 Quarantine any infected computer

If few computers are connected to a network and found there is one computer has been infected by virus, immediately isolate it from others computers. In other words, disconnect it from any network it is on. Don’t allow anyone to copy or move files from it until the entire system has been reliably disinfected.

3.7.6 Keep original application and system disks locked

This way will prevent the virus from spreading to the original disks. If required to insert one of application floppy disk into an unknown computer, lock it first then unlocked application disk only after verifying that the computer is free of viruses.

3.8 FIREWALL

A computer which is connected to the internet becomes part of single global network. Whether that computer is multi-user Web server r small desktop or laptop PC and whether it’s connected to the internet via a leased line, broadband, cable or dial-up modem is irrelevant. Unless we take steps to prevent it, every computer on the internet is accessible to every other one.

If we run a Web server that offers information to the public, such as google.com then we want everyone who has an internet connection to be able to access our site. Our PC may be linked to the internet so that we can browse the Web and send an email but we don’t want the world’s of people be able to connect to our PC and view our files as it were a public Web server. Because of that, its an important to have a firewall.

A firewall is a dedicated appliance, or software running on computer which inspects network traffic passing through it. This is done according to set of rules set by the users which it will denies or permits passage based on that set of rules.

It can be considered as the first line of defense in protecting computers from unwanted visitors such as hackers, worms and remote control applications via hidden ‘Spyware[4]’. Without firewall protection the network is an ‘open door’ to the internet and anyone can easily cone and out. Even though there is no any important file to protect, hackers and curious intruders can easily kill the system computer, take control of network or damage hardware beyond repair.

Firewall comes in many forms. Some are dependent devices designed to protect all computers on the LAN to which the firewall is attached. Some known as ‘Personal Firewalls’ are programs which run on a desktop PC or laptop, designed to protect that computer only. A personal firewall programs has been included as part

3.8.1 Types of firewall

There are two types of firewall's our computers and/or networks can have :-

1. Hardware firewall - A hardware firewall is a hardware device that is connected to network. Often many home users who have a home network use their network router as a firewall solution.

2. Software firewall - A software firewall is a software program that we install on our computer that helps protect that computer from unauthorized incoming and outgoing data.

Below are the list of a few of the more widely used software firewall programs

Agnitum Outpost Firewall

BlackICE PC Protection

Kerio Personal Firewall

Sygate Firewall

Tiny software Tiny Personal Firewall

Network Associates

Zone Labs Zone Alarm

Note: A software firewall is only going to protect the computer that has the firewall installed on it.

In addition to the above listed firewall software programs many of the antivirus scanners released today also include their own version of a firewall program. If you have a antivirus scanner that also has a firewall program you do not need to worry about getting one of the above programs or another third-party firewall program.

3.8.2 WHO SHOULD USE A FIREWALL?

All networked and online computer users should implement a firewall solution.

Companies use firewalls to protect resources from outsiders and to restrict employee’s access to sensitive data such as payroll or personnel records.

Large companies often route all their communications through a proxy server, which typically is a component of the firewall. A proxy server is a server outside the company’s network that controls which communications pass into the company’s network. That is , a proxy server carefully screens all incoming and outgoing messages. Proxy servers use a variety of screening techniques. Some check the domain name or IP address of the message for legitimacy. Others require that the messages have digital signatures.

4.0 CONCLUSION

Therefore, since Virus exists in this Computerization world many years ago, we’ve to be ready to make a protection in order to avoid this variety of viruses from spread to our computers. It can be very dangerous which is can delete the files, important data, programs or confidential emails from user computers and they install a program which allows hackers, spammers attacks to the infected machine. This problem will be happened to anyone without care to whom and definitely will be wasting to the individual, government, private sector and organization especially when it was involved to their operation computerized.

According to this research, we have exposed for a variety type of viruses, what the virus itself can do, what their symptom, how to avoid the infection and many more. In Addition we have talk about Firewall which is one of the solutions that act as a security for the computer and networks. A firewall which is a dedicated appliance, or software running on computer which inspects network traffic passing through it. This is done according to set of rules set by the users which it will denies or permits passage based on that set of rules. It can be considered as the first line of defense in protecting computers from unwanted visitors such as hackers, worms and remote control applications via hidden ‘Spyware’ as we have discussed on the contents.

Even though some users may not have any important data, files or information inside their computer, but still they should need a firewall or any antivirus to protect their computers from being outsider infestation.

No comments:

Post a Comment