Detection techniques

There are four methods of spotting a virus that you have to know about, they are:

Searching for a virus signature

This means trying to find a match for a bit of programming code that has been recognised as a virus. This is the main way most anti virus programs detect viruses and is why you need to keep your anti virus up to date!

Memory resident monitoring

This is looking at the programs in memory (like in the screen I showed you when I talked about memory monitoring) and trying to spot a program that is trying to do something unusual. It is a bit like watching for pupils who keep turning round in an exam, they are probably trying to cheat. Not all anti virus programs do this and it has to be running all the time to be of any use.

Using something called checksum

Viruses sometimes change files. Anti virus programs can detect changes by getting a value out of a file (by doing a calculation with the binary numbers) and then later on trying to get the same value by performing the same calculation. If they don’t match someone or something (i.e. a virus) has changed the file.

Using something called heuristics

A heuristic is a trick or technique that helps you solve a problem. We know that viruses often display wierd behaviour, like trying to delete all your files without you clicking the mouse, or on a particular date disabling your computer (see michaelangelo virus). So anti virus programs can increase their chances of finding a virus by looking for these kinds of actions (another way of saying they are using a heuristic).

I hope this helps. If you are still finding it tricky there is some good stuff on Scholar, here, also I will be back tomorrow so you can ask questions then (I hope you have been behaving Dara )

Viruses, Worms and Trojans

Today we went through what the difference between all of these are, trying to tread a careful line between showing examples and enough information to make sense and holding back enough to prevent Dara from taking up a new career as a hacker/virus creator/general nuisance.

I showed an example of a trojan called spysherrif which pretended to be a security software program but actually reported false threats in order to make a sale.

Viruses

Today (Friday, but I am late typing it up) I covered viruses, I showed the class a clip of How to make a simple virus on Youtube. A bad idea, all questions that followed related to how this could be spread around the computers of friends and family

Keith claimed to be keen to learn about virus writing so he could “help uninfect computers”.

We also had a look at what you could do with a macro and the difference between these types of viruses and boot sector/file virsues. Below is a sall screenshot of the part of the syllabus that we are covering at the moment (if you want the full syllabus go here)

The Bootstrap loader

I have backdated this post to when you were meant to learn about it (I wasn’t actually in class) so think of this as an alternative lesson….

The bootstrap loader is 1. a piece of software 2. responsible for loading the rest of the operating system, these are pretty much the main pieces of information you need for the exam although if you do want to learn more here is a link to show I am not lying and here is a link to a massive page from wikipedia.

Main jobs of an Operating System

In this lesson I talked about the main funtions of a single user operating system and somehow managed to find a way to tie in a picture of an early flight simulator that I used to play back in the early nineties. Unfortunately I forget exactly why this was relevant now but it might be that I was trying to give a link between providing an HCI or interpreting user commands.

I did also show you this powerpoint which shows all the jobs that you need to know:

• Managing memory
• Resource allocation
• File management
• Input/Output