The Impact of Computer Attack and It’s Preventive Mechanisms Among Personal Computer Users
Chapter One
OBJECTIVES OF THE STUDY
Uncertainty prevailed about the results of computer virus infections among computer users. It was decided therefore, to determine to what degree personal computer users have experienced problems with their stored information due to virus infections on their computers. If any problem was experienced, the environment in which they occurred would be simulated in a controlled experiment, to determine the actual effect of the virus infections. If any real risks were identified, recommendations to minimize or eliminate them would be made.
Specific objectives include:
- To determine what effect computer viruses have had on computerized information among personal computer users.
- To identify, in controlled laboratory tests, the degree of danger that some of these viruses pose to stored information.
- To reach conclusions based upon the results of the laboratory tests.
- To suggest a disinfection procedure for the computer users.
CHAPTER TWO
LITERATURE REVIEW
Introduction
A computer virus is a sequence of instructions that copies itself into other programs in such a way that executing the program also executes that sequence of instructions. Rarely has something seemingly so esoteric captured the imagination of so many people; magazines from Business Week to the New England Journal of Medicine and newspaper articles have discussed viruses, applying the name to various types of malicious programs.
As a result, the term “computer virus” is often misunderstood. Worse, many who do understand it do not understand protection in computer systems, for example believing that conventional security mechanisms can prevent virus infections, or are flawed because they cannot. But computer viruses use a number of well-known techniques in an unusual order; they do not employ previously-unknown methods. So, although existing computer security mechanisms were not designed specifically to counter computer viruses, many of those mechanisms were designed to deal with techniques used by computer viruses. While security mechanisms cannot prevent computer virus infections any more than they can prevent all attacks, they can impede a virus’ spread as well as make the introduction of a computer virus difficult, just as they can limit the damage done in an attack, or make a successful attack very difficult. This paper tries to show the precise impact of many conventional security mechanisms on computer viruses by analyzing viruses in a general framework.
Because the probability of encountering a computer virus and the controls available to deal with it vary widely among different environments, this paper confines itself to that environment consisting of computers running operating systems designed for research and development, such as the UNIX operating system, the VAX/VMS operating system, and so forth. There is already a wealth of literature on computer viruses within the personal computing world (for example, see [J. David, 2008]), and a simple risk analysis (upon which we shall later elaborate) suggests that systems designed for accounting, inventory control, and other primarily business-oriented operations are less likely to be attacked by using computer viruses than by other methods. So, while some of the following discussion may be fruitfully applied to computer systems in those environments (for example, see [1]), many of the underlying assumptions of system management and administration simply do not apply to those environments.
First, we shall review what a computer virus is, and analyze the properties that make it a threat to computer security. Next, we present a very brief history of computer viruses and consider whether their threat is relevant to research and development systems, and if so, how. After exploring some of the research in secure systems that show promise for coping with viruses, we examine several specific areas of vulnerability in research-oriented systems. We conclude with a quick summary.
What is a Computer Virus?
Computer viruses do not appear spontaneously [F. Cohen, 2004]; an attacker must introduce one to the targeted computer system, usually by persuading, or tricking, someone with legitimate access into placing the virus on the system. This can readily be done using a Trojan horse, a program which performs a stated function while performing another, unstated and usually undesirable one (see sidebar 1). For example, suppose a file used to boot a microcomputer contains a Trojan horse designed to erase a disk. When the microcomputer boots, it will execute the Trojan horse, which would erase the disk. Here, the overt function is to provide a basic operating system; the covert function is to erase the disk.
CHAPTER THREE
DATA COLLECTION AND ANALYSIS
INTRODUCTION
To determine accurately whether virus infections cause damage to stored information, various programs to be used in the laboratory experiments as well as the virus programs themselves had to be identified and obtained. Furthermore, the disks that would be infected and inspected had to be prepared.
INFECTION PROGRAMS
Three programs were selected to be used as tolls for this research: one to insoect disks at bit level (a disk editor), one to manage disks generally (a disk untility program) and one to identify and remove viral infections (an anti-virus program).
Norton Utilities version 8.0 and PCTools version 6.0 were selected as disk editor and disk utility programs respectively in the “Top Ten Sellers” list (Anon, 2018). They are generally accepted to be of the most complete utility programs available. Dr. Solomon’s Anti-Virus Toolkit version 6.55 was used as an anti-viral program. During a review of anti-viral software, this package was highly recommended. This program is supported locally, a feature considered important should problems arise dring the research. It is also updated on a monthly basis, indicating that its authors are inlved in ongoing research. The regular updating allowed the investigator to choose the latest version available at the time of carry out the rsearch.
CHAPTER FOUR
TEST RESULTS AND CONCLUSIONS
INTRODUCTION
This research was undertaken to assist the computer users in industry in evaluating the danger that virus programs pose to stored information. If they drew any conclusions about the data-destroying potential of computer viruses based on reports in the general press, the would be left with a perception of a looming danger posed by these programs.
Many reports of virus epidemics were found, and some references explained the operation of virus programs. Conferences on the topic of computer viruses produced results which were too general to be of practical value. Most importantly, it was found that there was lack of reference with regard to the actual damage caused by viruses to stored information. All the hypotheses formulated subsequently refer to the danger that viruses pose to the stored information of a PC user.
Since the results of this research are of importance to users in industry, it was considered necessary to determine whether viruses have already had detrimental effects on users’ information in industry. It was clear that many users have had problems with virus infections, especially in the Western Cape. Controlled laboratory tests were then used to determine exactly what the effects of infection by a number of viruses were on stored information.
CHAPTER FIVE
IMPLICATIONS AND RECOMMENDATION
INTRODUCTION
The implications of the findings of this research are addressed, some recommendations made to the computer user in industry, and suggestions for further study are noted.
IMPLICATIONS OF FINDINGS
Certain computer users are more susceptible to suffer loss of stored information due to computer virus infections than others. To take precautions against the loss of any stored information, PC users must
- Have access to the master disks of all the programs executed on a regular basis.
- Make regular backup of at least data files.
- Use a recent version of a legal anti-viral program
- Understand the basic operation of computer viruses (i.e. the four types and method of infection).
- Understand the layout of a DOS disk (i.e. sectors, tracks, cylinders, sides, partitions).
- Know and be able to use a disk utility program (e.g. Norton Utilities, PCTools).
Recommendations
It is recommended that the average PC user in the industry follow the set of guidelines below. This will minimize the risk of loosing information as a result of computer virus infection.
- Use original legal software
- Make regular backups of especially data files (use BACKUP and RESTORE, or even COPY, DISKCOPY or XCOPY).
- Use write-protection on disk where possible.
- Use logical write-protection (the DOS ATTRIB command, for example) to set all program files to read only.
- Minimize the use of disks on different PC’s including maintenance personnel using their own disks.
- Obtain and use a recent version of a reliable anti-virus program and arrange for regular updates
- Check all new software with this program before installing or using it.
- If it is impractical to train all users on anti-virus software, utility programs and the operation of viruses, train al least one support specialist
- Be aware of the characteristic symptoms cause by the most popular viruses
- Do not boot a hard drive PC from a disk without a good reason.
SUMMARY
The results of this study amongst users in the business world are in line with findings of a study by Koo (2000), aimed at the academic community which found that: “… the people at greatest risk of computer virus infection are those college students who use a computer every day nut have minimal knowledge about computer viruses
Technical mistakes in widely read articles also confirm this general lack of insight into the layout and operation of disks and computers in general. Since this research was aimed at the average PC user and no the computer scientist, the results will be especially useful to the former group. A non-technical user should form a clear picture of the potential threat, or lack thereof, posed by a given virus. The value of anti-viral as well as utility-type program is also evident from the research.
REFERENCES
- Al-Dossary, “Computer Virus Prevention and Containment on Mainframes,” Computers and Security 9(2) (Apr. 2000) pp. 131-1
- Adelman, “An Abstract Theory of Computer Viruses,”, Advances in Cryptology CRYPTO ‘88 Proceedings, Springer-Verlag, New York, NY (Aug. 2008) pp. 354-374.
- Adkins, G. Dolsen, J. Heaney, and J. Page, “The Argus Security Model,” Twelfth National Computer Security Conference Proceedings (Oct. 2009) pp. 123-134.
- Anderson, “Computer Security Technology Planning Study,” ESD-TR-73-51, Air Force Electronic Systems Division, Hanscom Air Force Base, MA (2004).
- ˘ Avizienis, “The N-Version Approach to Fault-Tolerant Software,” IEEE Transactions on Software Engineering SE-11(12) (Dec. 2005) pp. 1491-1501.
- ˘ Avizienis, M. Lyu, and W. Schutz, “In Search of Effective Diversity: A Six-Language Study of Fault-Tolerant Control Software,” Technical Report CSD-870060, University of California, Los Angeles, CA (Nov. 2007).