Some Comments on Techniques for Resisting Computer Viruses
Abstract
Essentially, a computer virus is a code fragment which is implanted in a program to alter that program's function. For example assume the existence of some active virus program. The virus first searches for an executable file that is writeable. It then appends a copy of itself to some part of the code section, adds in a jump instruction to the usual entry point of the program, and then modifies that entry point to the virus code. Entry point addresses for programs in many computer systems can be obtained from what is generally dubbed the load module header residing in a known place of an executable file. The next time the program is invoked it ends up in the virus code which can then decide to reproduce further or to do something nasty (trigger). Figure 1 describes the basic flow control of many viruses. Variants on the virus theme include ones which modify their code structure before implantation or shift their position in the executable file. These tactics are intended to avoid detection by a program designed to track down the virus. Other types of viruses include those which are implanted on disks and are activated by the bootstrap programs on PC's. Computer viruses have caused concern in the information technology community. The basic protection mechanism of most machines is inadequate to deal with the virus problem, thus leaving them open to widespread corruption of data. The flaw in their protection mechanism is of such a fundamental nature even systems implementing multilevel information flow control (Cohen, 1988) can have files corrupted. The problem involves the fact that in many systems a program inherits all the rights and privileges of its invoker. Keywords: Australia.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 1989
- Accession Number
- ADA221097
Entities
People
- Miles Anderson