jan19 - CS 426 class Jan 19, 2012

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CS 426 class Jan 19, 2012 www.cs.purdue.edu/homes/ssw/cs426/{index.html,syll.pdf,outline} (General purpose) Program security These ideas apply also to OS and DB. Read Chapter 3 How does a virus attach? 1. at beginning of pgm, so it can run before the pgm; or 2. at beginning and end of pgm, so it can run before the pgm and cleanup 3. in many places in the pgm; writer must understand the pgm 4. to email, say, in graphic, document or image attachments How does a virus gain control? Pretend to be a useful pgm and 1. change a pointer; or 2. change part of the OS Some viruses, such as those in email, execute only once. Other execute repeatedly and hide in 1. boot sector, inserted in a chain of sectors 2. parts of the OS that stay in memory (resident viruses) 3. apps with macro features, like word processor 4. libraries Viruses may be detected by their signatures: 1. storage pattern - its code on a disk or in memory 2. execution pattern - modify files, may seem normal 3. transmission pattern - disk, network, email. Virus scanner can find some viruses by looking for their signature Polymorphic viruses change their signatures continually by 1. moving around pieces of their data and code1....
View Full Document

Page1 / 2

jan19 - CS 426 class Jan 19, 2012

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online