Good Homes for Viruses

• Boot sector virus
• difficult to detect
• easy to install
• self propagation easy in the Operating System
• Memory resident virus
• prefers resident code
• activated each time the code is activated

Machine and OS Independent Viruses

• Applications
• frequently have macro features for customization
• Libraries
• used by many programs

Virus Signatures

• Storage and execution patterns
• detected by a virus scanner
• program size changes OR program functionality changes
• Transmission patterns
• Outsmarting scanners
• polymorphic viruses
• use of encryption to hide forms

Virus Prevention

• Auditing
• Trusted software
• Testing new software
• Safeguarded copies of system files
• Virus detectors
• Booting from safe diskettes

Covert Channels

• Leak information on otherwise secure information channels
• Usually done with a Trojan Horse type program
• The information leaks are sent in coded bits in:
• storage channels
• timing channels

Storage Channels

• The message is coded by the presence or absence of objects in storage
• presence sets bit to 1
• absence sets bit to 0
• Example:
• A Trojan Horse program that can signal one bit of information by locking or unlocking a file during a predetermined interval

Timing Channels

• Uses the shared resource of Time
• Works in a timesharing situation where one process sends a message to another by using or not using its allotted timeslot
• Receiving process monitors the shared medium during the sending process’ timeslot