💾 Archived View for spam.works › mirrors › textfiles › virus › virusbro.vir captured on 2023-06-16 at 21:05:56.
-=-=-=-=-=-=-
Computer Viruses and Trojan Horses;
A Guide to Protecting Your Computer
by Ted Landberg
3/8/88
This bulletin discusses software called viruses and trojan horses
and what precautionary steps you should take to prevent harm to
your computer based information.
Introduction
Recent newspaper and magazine articles have publicized several
incidences of malicious software known as computer viruses and
trojan horses. Serious questions are being raised about how
computer-based information can be protected from this type of
software. Presently, there are no absolute safeguards from this
malicious software short of isolating your computers, however
adequate protection can be achieved by employing a combination of
traditional safeguards and some common sense about where and who
you get software from.
What is a virus?
A computer virus has been described as a set of "extra" computer
instructions capable of replicating itself into other files,
usually programs. This self-replicating code is hidden in a
"host" program, referred to as a trojan horse. When the "host"
program is executed, so are the "extra instructions. A program
can be a trojan horse i.e. have "extra" instructions that may or
may not be a virus (self-replicating).
Trojan horses and viruses can be malicious. Examples of
malicious action include deleting data files, or rendering
computer systems unavailable by modifying software libraries.
This type of software presents a distinct threat to the
integrity of computer systems.
How do these virus programs enter a computer system?
Generally, viruses enter a computer system by using an appealing
program as a 'host' to harbor the self replicating computer
instructions. The host can be one of the operating system tools
such as compilers, editors, file utilities or one of the
embedded macro languages found in spreadsheets or data base
management software, and sometimes even in games.
1 Computer Viruses
Distribution of malicious software depends on getting an
unsuspecting user to accept a program where visual inspection of
the product is difficult, and the author or source can remain
anonymous. Public or private conferencing systems, timesharing
networks and electronic bulletin boards as well as user group
software exchanges and computer "flea markets" meet these
requirements.
What should I do to protect myself?
Isolating the computer system from contact with outside sources
of software is the best way to insure the integrity of the
system. This is very difficult for multi-user systems and not a
particularly attractive solution if the computer is going to
continue be useful over time.
One alternative approach is to detect the existence of malicious
or self replicating computer instructions. This requires some
knowledge of the target of the attack and the means used by a
virus to self replicate. A generic solution is difficult, but
several programs have been developed for identifying certain
types of computer instructions that could present risks.
These programs check for extraneous file operations including
opens, closes, reads and writes that bypass operating system
functions. A partial list of available software products is
found in Appendix A.
Another solution is to stop the virus from replication by
preventing the rewriting of 'infected' files. Confining programs
to libraries on storage devices with 'write disable' hardware is
one approach. Many large scale computer peripheral devices have
such a switch, however these features are rarely found on
desktop computers. An alternative to a hardware 'write disable'
switch is a software 'read only' feature. Unfortunately, these
options are found only on mini and mainframe computer operating
systems. The "read-only" attribute in MS-DOS is not an effective
protection mechanism because File Allocation Tables (FAT) can be
changed from user written programs.
Popular microcomputer operating systems allow execution of
computer instructions that can directly address and operate
storage devices bypassing normal operating system calls. Thus
there is a constant exposure of disk storage devices and their
file directories to destruction or modification.
2 Computer Viruses
A Five Point Program
There is no single set of solutions. Each installation must
assemble its own procedures for containing the problem. However
this 5 step process is suggested.
1. Education
All users of computers should be told about the existence of
Trojan Horses and Computer Viruses, what they are and how
to tell whether their system has been infected. Be frank
when discussing the threat of computer viruses.
2. Backup and recovery procedures.
Develop easy procedures for routine backup of important
computer files. Make backup hardware (i.e. tape units)
readily available to all users. Users connected to LANs
should use automatic backup features. Suggest file
organization structures that facilitate backup and recovery
of disks that have been ruined by computer viruses.
3. Isolate Software Libraries
On larger computer systems, consolidate libraries into 'Read
Only' directories. In general system or shared software
should have limited update and write attribute privileges.
4. Implement Software Library Management Procedures
Enforce program testing, version control, and quality
assurance checking for all software libraries. Use software
library management tools to control and audit programs.
Assign responsibility for testing public domain software and
providing "approved" copies of that kind of software. Known
source of software, inspect distribution media and
documentation for tapering, and develop a "master copy"
system.
5. Develop an Virus Alert Procedure
Getting the word out about potential or known viruses can
contain or minimize the eventual spread and harmful effects
of a computer virus. Notices, telephone trees to ADP
coordinators, phone or electronic mail are all good
vehicle. Procedures for containment and eradication should
be thought out before hand. These procedures usually
require shutting system down, reformatting disk or tape
storage media and re-building software libraries with a
known uninfected copies.
3 Computer Viruses
Appendix A
Virus Detection Tools
All Software Listed below is in the Public Domain and available
off of the NBS/ICST Security Bulletin Board (301) 948-5717 or
5718.
CHK4BOMB Checks for "write" instructions to absolute
disk sectors.
BOMBSQUAD A memory resident program that intercepts
read, write and verifies to floppy or hard
disks. Sends message on suspected
operations.
FLUSHOT3 Monitors COMMAND.COM file for writes and
updates. Will not allow a write to the
COMMAND.COM file. Note: some earlier
versions of this program had their own virus
in it.
HDSENTRY Protects hard disks from malicious writes
during testing of uncertified software.
EARLY Checks programs for incidence of use of OUT
instruction, INT 13H and DOS INT 26H.
4 Computer Viruses
�����������������������������������������������������������������������������������