|
" A pathology of computer viruses "
David Ferbrache.
Document Type
|
:
|
BL
|
Record Number
|
:
|
745388
|
Doc. No
|
:
|
b565337
|
Main Entry
|
:
|
David Ferbrache.
|
Title & Author
|
:
|
A pathology of computer viruses\ David Ferbrache.
|
Publication Statement
|
:
|
London ; New York : Springer-Verlag, ©1992.
|
Page. NO
|
:
|
xiii, 299 pages : illustrations ; 24 cm
|
ISBN
|
:
|
0387196102
|
|
:
|
: 3540196102
|
|
:
|
: 9780387196107
|
|
:
|
: 9783540196105
|
Contents
|
:
|
1 Introduction.- 1.1 Preamble.- 1.2 What is a Computer Virus?.- 1.3 Worms: Networked Viruses.- 1.4 Terminology.- 2 Historical Perspectives.- 2.1 Introduction.- 2.2 1960s: Early Rabbits.- 2.3 1970s: Fiction and the Worm.- 2.4 1980-1983: Genesis.- 2.5 1984-1986: Exodus.- 2.6 1987: Mac, Atari and Amiga Next.- 2.7 1988: Proliferation and Disbelief.- 2.7.1 January-March.- 2.7.2 April-September.- 2.7.3 October-December.- 2.8 1989: Reaction by the Community.- 2.8.1 January-March.- 2.8.2 April-June.- 2.8.3 July-September.- 2.8.4 October-December.- 2.9 1990: Organisation and Litigation.- 2.9.1 January-April.- 2.9.2 May-September.- 2.9.3 October-December.- 2.10 Summary.- 3 Theory of Viruses.- 3.1 Introduction.- 3.2 Addition of Viral Code.- 3.3 Detection of Viruses.- 3.4 Classes of Viruses.- 3.5 Thompson: and Trusting Trust.- 3.6 Biological Analogies.- 3.6.1 Biological Viruses.- 3.6.2 Parallels Between Low Level Operation.- 3.6.3 High Level Parallels.- 3.7 Quest for Life.- 3.8 Evolution: Genetic Algorithms.- 3.8.1 Random Mutation.- 3.8.2 Programmed Mutation.- 3.8.3 Genetic Algorithms.- 3.8.4 Growth and Death.- 4 Operation of PC Viruses.- 4.1 Introduction.- 4.2 PC Boot Sequence: Initialisation.- 4.3 BIOS and DOS.- 4.4 Master Boot Record.- 4.5 DOS Boot Sector.- 4.6 System Initialisation.- 4.7 Batch Processing Viruses.- 4.8 COM and EXE Viruses.- 4.8.1 Non-overwriting Prepending COM Infectors.- 4.8.2 Overwriting COM Infectors.- 4.8.3 Non-overwriting Appending COM Infectors.- 4.8.4 EXE Viruses.- 4.9 Resident and Transient Viruses.- 4.10 Manipulation by Viral Code.- 4.11 Activation Criteria.- 4.12 Camouflage.- 4.12.1 Concealment in Infected Files.- 4.12.2 Encryption of Viral Code.- 4.12.3 Hiding of Viral Code.- 4.12.4 Checksum Calculation.- 4.12.5 Prevention of Alteration Detection.- 4.12.6 Concealment of Viral Code in Memory.- 4.12.7 Concealment of Viral Activity.- 4.12.8 Concealing Disk Activity.- 4.12.9 Concealing System Slowdown.- 4.13 Replication.- 4.13.1 Locating a Host.- 4.13.2 Signatures.- 4.13.3 Miscellaneous Topics.- 4.13.3.1 Corresponding File Virus.- 4.13.3.2 SYS Virus.- 4.13.3.3 Multi-vector Viruses.- 4.13.3.4 Multi-architecture Viruses.- 4.13.3.5 Architecture Dependent Viruses.- 5 Management of PC Viruses.- 5.1 Perspective on Security.- 5.2 Components of a Virus Control Scheme.- 5.3 Prevention of Virus Attack.- 5.3.1 Physical Access Constraints.- 5.3.2 Electronic Measures.- 5.3.2.1 Physical Feature Verification.- 5.3.2.2 Knowledge Verification.- 5.3.2.2.1 Passwords.- 5.3.2.2.2 Background Verification.- 5.3.2.2.3 Other Techniques.- 5.3.2.3 Possession Verification.- 5.3.3 Media Access Controls.- 5.3.4 Network Access Controls.- 5.3.4.1 Identification of Access Controls.- 5.3.4.1.1 Centralised Network File Servers.- 5.3.4.1.2 Distributed Trust.- 5.3.4.1.3 Network Transport by Public Carrier or Accessible Media.- 5.3.5 Ideological Controls.- 5.3.5.1 User Education.- 5.3.6 Management Policies.- 5.3.6.1 Training of Employees.- 5.3.6.2 Use of Anti-viral Measures.- 5.3.6.3 Compartmentalisation.- 5.3.6.4 Centralisation.- 5.3.6.5 Personnel Policies.- 5.3.7 Vaccination and Inoculation.- 5.4 Detection of Viral Code.- 5.4.1 Monitoring and Logging.- 5.4.2 Signature Recognition.- 5.4.3 Generic Code Recognition.- 5.4.4 Sacrificial Lamb.- 5.4.5 Auditing.- 5.4.6 Use of Expert Systems to Analyse Viral Behaviour.- 5.4.7 Fighting Fire with Fire.- 5.5 Containment of Viral Code.- 5.5.1 Hardware Compartmentalisation.- 5.5.1.1 Virtual Machine.- 5.5.1.1.1 80386 Task Switching Support.- 5.5.1.1.2 80386 Paged Segmented Memory.- 5.5.1.1.3 Accessing OS Code.- 5.5.1.1.4 Segment Permissions.- 5.5.1.1.5 Paged Memory Operation.- 5.5.1.1.6 Input/Output Operations.- 5.5.1.1.7 Virtual Machine in Software.- 5.5.1.2 Automatic Flow Verification.- 5.5.1.3 Software Distribution: Ensuring Trust.- 5.5.2 Software Compartmentalisation.- 5.5.2.1 Interrupt Trapping Code.- 5.5.2.1.1 Configurable Monitors.- 5.5.2.1.2 Operation of a Monitor.- 5.5.2.1.3 Extensions to Real Time Monitoring.- 5.5.2.2 OS Support.- 5.5.3 Network Compartmentalisation.- 5.5.4 Investigation and Response.- 5.5.4.1 What is the Infection?.- 5.5.4.1.1 Acquisition.- 5.5.4.1.2 Logging of Relevant Information.- 5.5.4.1.3 Disassembly.- 5.5.4.2 Dissemination of Information.- 5.5.4.3 General Containment.- 5.5.4.4 Tracing of Infection Source.- 5.5.5 Disinfection of Viral Code.- 5.5.5.1 Re-installation.- 5.5.5.2 Recompilation from Source.- 5.5.6 Checking for Re-infection.- 5.5.7 Disinfection Utilities.- 5.6 Recovery from Viral Infection.- 5.6.1 Backup Procedures.- 5.7 Contingency Planning.- 5.7.1 Redundancy.- 5.7.2 Insurance.- 5.7.3 Public Relations.- 5.8 Remedial Action.- 6 Apple Macintosh Viruses.- 6.1 Introduction.- 6.2 Macintosh: The Abstract Operating System.- 6.2.1 Initialisation.- 6.2.2 Resources.- 6.2.3 Trap Dispatch Table Structure.- 6.2.4 Non-link Viruses.- 6.2.5 Link Viruses.- 6.2.6 Notes on Keyboard Sequences.- 6.2.7 Summary of Mac Protection.- 7 Mainframe Systems: The Growing Threat.- 7.1 Introduction.- 7.2 Hardware Architectures.- 7.3 Software Architecture.- 7.3.1 Discretionary Access Controls.- 7.3.2 Integrity versus Confidentiality.- 7.3.3 Mandatory Access Controls.- 7.3.4 Commentary on Security Standardisation.- 7.4 UNIX: A Viral Risk Assessment.- 7.4.1 System Startup.- 7.4.2 Login and User Commands.- 7.4.3 Bugs and Loopholes.- 7.4.4 Mechanics of UNIX Viruses.- 7.4.4.1 Batch Viruses.- 7.4.4.2 Link Viruses.- 7.4.4.3 Dynamic Loading.- 7.4.4.4 Other Considerations.- 7.4.4.5 Protecting Against UNIX Viruses.- 7.4.4.6 Cohen: Early UNIX Viruses.- 8 Network Viruses: The Worms.- 8.1 Introduction.- 8.2 Standardisation.- 8.3 History of Network Pests.- 8.3.1 Early Work: Pre-1980.- 8.3.2 Recent Benign and Malicious Worms.- 8.3.3 CHRISTMA EXEC Chain Letter.- 8.3.4 Chain Letters on UNIX.- 8.4 Internet Protocols.- 8.4.1 Architecture.- 8.4.2 Peer Authentication.- 8.4.3 Access Controls.- 8.4.4 Data Stream Integrity.- 8.4.5 Daemons and Servers.- 8.4.6 Distributed Trust.- 8.4.7 Trusted Ports.- 8.4.8 Problems and Solutions.- 8.4.9 Internet Worm: Black Thursday - 3 November 1988.- 8.4.9.1 Internals.- 8.4.9.2 Action and Reaction.- 8.4.9.3 The Aftermath.- 8.4.10 DISNET: A Child of the Internet.- 8.5 OSI: Security in the Making.- 8.6 DECNET: Insecurity Through Default.- 8.6.1 HI.COM: The Christmas Worm.- 8.6.1.1 Reaction of the DECNET Community.- 8.6.1.2 Worms Against Nuclear Killers.- 9 Reactions of the IT Community.- 9.1 Discussion and Advice.- 9.1.1 Bulletin Board and Casual Users.- 9.1.2 Academic Establishments.- 9.1.2.1 CREN/CSNET.- 9.1.2.2 NSFNET.- 9.1.2.3 HEPNET/SPAN.- 9.1.2.4 General Community Responses.- 9.1.3 Government Research Organisations.- 9.1.4 Military Organisations.- 9.1.5 Commercial Organisations.- 9.1.6 Criminal Investigation Organisations.- 9.1.7 Professional Organisations.- 9.2 Legislative Issues.- 9.2.1 Scottish Law Commission.- 9.2.2 English Law Commission.- 9.2.3 Computer Misuse Act.- 9.2.4 Summary of Legislation.- 9.3 Professionalism and Software Development.- 10 Conclusions: The Future Ahead.- Appendices.- 1 DOS Filestore Structure.- 1.1 Introduction.- 1.2 Master Boot Record.- 1.3 DOS Boot Sector.- 1.4 File Allocation Table.- 1.5 Root Directory.- 2 Low Level Disk Layout.- 3 EXE File Format.- 4 Mac Filestore Structure.- 5 PC Virus Relationship Chart.- 6 Macintosh Virus Relationship Chart.- 7 PC Boot Sequence.- 8 AIDS Trojan: Accompanying Licence.- 9 Software Infected at Source.- 10 Nomenclature.- 10.1 Types of Virus.- 10.1.1 Master Boot Sector Viruses.- 10.1.2 DOS Boot Sector Viruses.- 10.1.3 Executable COM/EXE Viruses.- 10.1.4 Memory Resident Viruses.- 10.1.5 Overwriting Viruses.- 10.1.6 Prepending Viruses.- 10.1.7 Appending Viruses.- 10.2 Generations of Virus.- 10.3 Classes of Anti-virus Product.- 11 UNIX Boot Sequence.- 12 CERT Press Release.- 13 CERT/CIAC Advisories.- 14 Contact Points.- 15 Abbreviations.- 16 Further Reading.- 17 Virus-1 Archive Sites.- 18 Relative Frequencies of IBM Viruses.
|
Subject
|
:
|
Computer viruses.
|
Subject
|
:
|
Computervirus
|
Subject
|
:
|
Computervirussen.
|
LC Classification
|
:
|
QA76.76.C68D385 1992
|
Added Entry
|
:
|
David Ferbrache
|
| |