Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.

Published byWilfred Collins Modified over 8 years ago

Similar presentations

Presentation on theme: "Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316."— Presentation transcript:

1 Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316

2 Contents  Early virus protection software  Common malicious software  Notable viruses  Identification and deletion techniques  Pitfalls of each

3 Virus Protection Software  Used to prevent, detect, and remove malicious software  Began in 1980’s in research fields  BITNET/EARN network led to first open discussion of viruses  Mailing list included John McAfee and Eugene Kaspersky

4 Early Viruses  Malicious code spread through infected floppy disks  Exploited boot sectors of hard drives and executables  Windows Autorun  Limited in scope  Could only damage the host system  No replication  Mostly macros

5 Internet Age  As the internet became popular, malicious software evolved  Often infected Windows and Microsoft products  Outlook  Word  Malicious software becomes self-replicating and mobile  Infected emails and attachments  Zero-day exploits

6 Common Malicious Software  Today malicious software has many names based on behavior  Malware, spyware, viruses, trojans, keyloggers, backdoors, rootkits, worms, adware

7 Notable Viruses and Worms  1982- Elk Cloner infected Apple II systems  1990- ILOVEYOU infects millions of Windows systems Worldwide  2002- Mylife first virus to send infected emails to all Outlook contacts  2003 – SQL Slammer jams internet traffic worldwide by exploiting SQL Server  2004 – Sasser exploits LSASS Windows service blocking internet traffic to government agencies and private corporations.

8 Elk Cloner

9 ILOVEYOU

10 Mylife

11 SQL Slammer

12 Sasser

13 Notable Continued  2011- Anti Spyware appears as a legitimate program but forces users to pay for removal  2013- CryptoLocker trojan encrypts an important file on a computer and forces users to pay a ransom

14 Anti Spyware

15 CryptoLocker

16 Identification and Deletion  Multiple techniques exist to identify and delete malicious software  In 1987, Fredrick Cohen demonstrates no algorithm is perfect to remove all malicious software  Signature-Based detection  Heuristics  Rootkit  Real-time Protection/Shield

17 Signature-Based  AVG’s and Avast! Methods  Constantly refresh virus definitions on host systems  Scan contents of files looking for known signatures  Quarantine or encrypt those files to render them inoperable

18 Signature-Based Example  Signatures are pieces of code stripped from known malicious software and stored for cross-referencing on host systems  AVG and Avast! maintain their own virus definitions

19 Signature-Based Example  Simplistic Example  Malicious software with these lines of code  int[] example = new int[1000]  int counter = 500  while(counter>0)  example[counter] = someGenericGet()

20 Signature-Based Example  Anti-Virus software will (hopefully) identify this malicious code and take proper action  This technique is simple, efficient, and effective for most malicious code  Most, meaning it is easily defeated by modern metamorphic viruses

21 Signature-Based Example  Metamorphic viruses redefine themselves to avoid detection  int[] newExample = new int[1000]  int newCounter = 500  while(newCounter>0)  newExample[counter] = evenMoreGenericGet()

22 Signature-Based Example  The relationship between signature-based detection and false-positives inversely proportional  More strict and descriptive signatures throw more false-positives  Less strict signatures fail to detect known malicious code  Does not work on new malicious software as the signature does not yet exist in anti-virus definitions  Definitions must be constantly updated

23 Signature-Based

24 Real-Time Detection  To use Avast! as an example, uses multiple techniques to provide protection while the system is being used  On-access scanner  Real-Time shields and sandboxing  Firewalls

25 Realtime in Avast!

26 Scanners  Similar detection techniques previously mentioned  Signature-based, assuming a real-time shield failed  Sandboxing an executable  Analyze and/or disassemble program code to search for malicious modification of system files

27 Common Fallacies of Scanners  Scanning does NOT run every program on your drive and look for malicious intent  Scanners can only detect known viruses from definitions  If detected, viruses are not often deleted  Encrypted or moved  Memory/Flash scans are not reliable

28 Scanners

29 Sandboxing  Sandboxes are common in more fields than just security  For Windows compatible anti-virus programs  Emulate the OS with many of the same components  Addressable memory  OS Kernels  Restricted network kernel that points to nowhere or is limited  Mock system registry

30 Sandboxing Pitfalls  As with other methods, sandboxing has downsides  Memory heavy  CPU heavy  False-positives  Delayed execution of new programs  Installation hang-ups and errors

31 Sandboxing

32 Conclusion  Early virus protection software  Common malicious software  Notable viruses  Identification and deletion techniques  Pitfalls of each

Download ppt "Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.

September,2012 Managing Files and Folders 4/23/2015 Compiled By:- Solomon W. Demissie 1.
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.

Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
GROUP MEMBERS ALI RAZA EHTASHAM ZAFAR SOHAIB AHMED BILAL HASSAN FAHAD ABDUL AZIZ.

GROUP MEMBERS ALI RAZA EHTASHAM ZAFAR SOHAIB AHMED BILAL HASSAN FAHAD ABDUL AZIZ.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.

Antivirus Software Detects malware (not just viruses) May eliminate malware as well Often sold with firewalls Two approaches: Dictionary-based - Compares.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
Newport Photography Club Ryan Erwin PC MAINTENANCE & SECURITY.

Newport Photography Club Ryan Erwin PC MAINTENANCE & SECURITY.
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Similar presentations

Ads by Google