💾 Archived View for spam.works › mirrors › textfiles › virus › virusinf.vir captured on 2023-06-16 at 21:06:05.

View Raw

More Information

-=-=-=-=-=-=-

A Suggested Readings List for Computer Viruses and Related Problems:

Prepared by:   John Wack
               National Institute of Standards and Technology

               September 22, 1989


                                 ABSTRACT


This document provides a list of suggested readings for obtaining information
about computer viruses and other related threats to computer security.  The
primary intended audience is management as well as other technically-oriented
individuals who wish to learn more about the nature of computer viruses and
techniques that can be used to reduce their potential threat.  The suggested
readings may range from general discussions on the nature of viruses and
related threats, to technical articles which explore the details of various
viruses, the mechanisms they attack, and methods for controlling these threats
to computer security.

BASIC TERMS


The following list provides general definitions for basic terms that are
commonly used throughout the applicable literature.  Some of the terms are
relatively new and their definitions are not widely agreed upon, thus they may
be used differently elsewhere.


Computer Virus:  A name for a class of programs that contain software that
has been written to cause some form(s) of damage to a computing system's
integrity, confidentiality, or availability.  Computer viruses typically copy their
instructions to other programs; the other programs may continue to copy the
instructions to more programs.  Depending on the author's motives, the
instructions may cause many different forms of damage, such as deleting files
or crashing the system.  Computer viruses are so named because of their
functional similarity to biological viruses, in that they can spread rapidly
throughout a system.  The term is sometimes used in a general sense to cover 
many different types of harmful software, such as trojan horses or network
worms.

Network Worm:  A name for a program or command file that uses a computer
network as a means for adversely affecting a system's integrity, reliability, or
availability.  From one system, a network worm may attack a second system by
first establishing a network connection with the second system.  The worm
may then spread to other systems in the same manner.  A network worm is
similar to a computer virus in that its instructions can cause many different
forms of damage.  However a worm is generally a self-contained program that
spreads to other systems, as opposed to other files. 

Malicious Software:  A general term for computer viruses, network worms,
trojan horses, and other software designed to deliberately circumvent
established security mechanisms or codes of ethical conduct or both, to
adversely affect the confidentiality, integrity, and availability of computer
systems and networks.  The software may be composed of machine-language
executable instructions, or could be in the form of command files.

Unauthorized User(s):  A user who knowingly uses a system in a non-legitimate
manner.  The user may or may not be an authorized user of the system.  
The actions of the user violate established security mechanisms or policies, or
codes of ethical conduct, or both.



Trojan Horse:  A name for a program that disguises its harmful intent by
purporting to accomplish some harmless and possibly useful function.  For
example, a trojan horse program could be advertised as a calculator, but it
may actually perform some other function when executed such as modifying
files or security mechanisms.  A computer virus could be one form of a trojan
horse.

Back Door:  An entry point to a program or system that is hidden or
disguised, often created by the software's author for maintenance or other
convenience reasons.  For example, an operating system's password mechanism
may contain a back door such that a certain sequence of control characters
may permit access to the system manager account.  Once a back door becomes
known, it can be used by unauthorized users or malicious software to gain
entry and cause damage.

Time Bomb, Logic Bomb:  Mechanisms used by some examples of malicious
software to cause damage after a predetermined event.  In the case of a time
bomb, the event is a certain system date, whereas for a logic bomb, the event
may vary.  For example, a computer virus may infect other programs, yet
cause no other immediate damage.  If the virus contains a time bomb
mechanism, the infected programs would routinely check the system date or
time and compare it with a preset value.  When the actual date or time
matches the preset value,  the destructive aspects of the virus code would be
executed.  If the virus contains a logic bomb, the triggering event may be a
certain sequence of key strokes, or the value of a counter.

Anti-Virus Software:  Software designed to detect the occurrence of a virus. 
Often sold as commercial products, anti-virus programs generally monitor a
system's behavior and raise alarms when activity occurs that is typical of
certain types of computer viruses.

Isolated System:  A system that has been specially configured for determining
whether applicable programs contain viruses or other types of malicious
software.  The system is generally disconnected from any computer networks
or linked systems, and contains test data or data that can be restored if
damaged.  The system may use anti-virus or other monitoring software to
detect the presence of malicious software.  

Computer Security:  The technological safeguards and management procedures
that can be applied to computer hardware, programs, data, and facilities to
assure the availability, integrity, and confidentiality of computer based
resources and to assure that intended functions are performed without harmful
side effects.

                            SUGGESTED READINGS



Brenner, Aaron; LAN Security; LAN Magazine, Aug 1989.

Bunzel, Rick; Flu Season; Connect, Summer 1988.

Cohen, Fred; Computer Viruses, Theory and Experiments; 7th Security
Conference, DOD/NBS Sept 1984.

Computer Viruses - Proceedings of an Invitational Symposium, Oct 10/11, 1988;
Deloitte, Haskins, and Sells; 1989

Denning, Peter J.; Computer Viruses; American Scientist, Vol 76, May-June,
1988.

Denning, Peter J.; The Internet Worm; American Scientist, Vol 77, March-April,
1989.

Dvorak, John; Virus Wars: A Serious Warning; PC Magazine; Feb 29, 1988. 

Federal Information Processing Standards Publication 83, Guideline on User
Authentication Techniques for Computer Network Access Control; National
Bureau of Standards, Sept, 1980.

Federal Information Processing Standards Publication 73, Guidelines for
Security of Computer Applications; National Bureau of Standards, June, 1980.

Federal Information Processing Standards Publication 112, Password Usage;
National Bureau of Standards, May, 1985.

Federal Information Processing Standards Publication 87, Guidelines for ADP
Contingency Planning; National Bureau of Standards, March, 1981.

Fiedler, David and Hunter, Bruce M.; Unix System Administration; Hayden
Books, 1987

Fitzgerald, Jerry; Business Data Communications: Basic Concepts, Security, and
Design; John Wiley and Sons, Inc., 1984

Gasser, Morrie; Building a Secure Computer System; Van Nostrand Reinhold,
New York, 1988.

Grampp, F. T. and Morris, R. H.; UNIX Operating System Security; AT&T Bell
Laboratories Technical Journal, Oct 1984. 


Highland, Harold J.; From the Editor -- Computer Viruses; Computers &
Security; Aug 1987. 

Longley, Dennis and Shain, Michael; Data and Computer Security

McAfee, John; The Virus Cure; Datamation, Feb 15, 1989.

NBS Special Publication 500-120; Security of Personal Computer Systems: A
Management Guide; National Bureau of Standards, Jan 1985.

NIST Special Publication 500-166; Computer Viruses and Related Threats: A
Management Guide; National Institute of Standards and Technology, Aug 1989.

Parker, T.; Public domain software review: Trojans revisited, CROBOTS, and
ATC; Computer Language; April 1987. 

Schnaidt, Patricia; Fasten Your Safety Belt; LAN Magazine, Oct 1987.

Shoch, J. F. and Hupp, J. A.; The Worm Programs: Early Experience with a
Distributed Computation; Comm of ACM, Mar 1982.

Spafford, Eugene H.; The Internet Worm Program: An Analysis; Purdue
Technical Report CSD-TR-823, Nov 28, 1988.

Thompson, Ken; Reflections on Trusting Trust (Deliberate Software Bugs);
Communications of the ACM, Vol 27, Aug 1984.

Tinto, Mario; Computer Viruses: Prevention, Detection, and Treatment; National
Computer Security Center C1 Tech. Rpt. C1-001-89, June 1989.

White, Stephen and Chess, David; Coping with Computer Viruses and Related
Problems; IBM Research Report RC 14405 (#64367), Jan 1989.

Witten, I. H.; Computer (In)security: infiltrating open systems; Abacus (USA)
Summer 1987.