• Computer viruses are small software
programs designed to transfer from one
computer to another.
“A virus is simply a computer program that is
intentionally written to attach itself to other
programs and replicate whenever those
programs are executed ”.
• Viruses can easily spread by e-mail
attachment or instant messaging messages.
• Virus can be spread by downloading
unnecessary files from Internet.
• Viruses can be disguised as attachments of
funny images, greeting cards, or audio and
The creeper virus was first detected on ARPANET, in
Propagated from TENEX operating system.
The first pc virus was a boot sector virus called “brain”,
created by Basit and Amjad Farooq Alvi, in 1986,
This virus copies itself from the software.
TRADITIONAL COMPUTER VIRUSES
First widely seen in the late 1980s,
Technology development encouraged virus
Development of personal computers.
Due to the internet.
Development of floppy disks.
HOW VIRUS WORKS?
When we run infected program it loads into
the memory and stars running as well. It
also has an ability to infect other programs.
When virus runs unidentified programs it
adds itself to it.
When we transfer some programs and files
to our friend either through email, cd, and
floppy disk, our friend’s computer can also
be affected as well.
Trojan horses –
A Trojan horse is a simple computer program.
The program damage when we run it. It can even
damage hard disk. Trojan horses can’t replicate
E-mail viruses –
An e-mail virus travels as an attachment to email-
message and usually replicates itself by
automatically mailing itself to the entire contact list
on our email address book. Some e-mail viruses
don't even require a double- click. If we hit once, it
directly passes to system.
SAFETY MEASURES FOR VIRUSES
Run a secure operating system like UNIX.
Buy virus protection software and install in PCs.
Avoid program from unknown sources (INTERNET).
Use commercial software.
For Microsoft application, Macro Virus Protection
should be enabled.
Never download unknown email attachment.
Block receiving and sending executable codes.
Solution is Antivirus software
Softwares that attempt to identify and eliminate
computer viruses and other malicious software
Sophisticated - But virus creators are always one
Detection - This is the key to antivirus software.
Scanning is the most commonly used technique in
Also known as Virus Dictionary Approach.
Scanner scans the hard disk, memory, boot sector
for code snippets.
If code snippet in a file matches any virus in the
dictionary, appropriate action is taken.
- Viruses can be found before execution.
- False alarms are rare.
- Quick at detecting known viruses.
- Polymorphic Viruses.
- Virus executes at least once.
- Continuous updates necessary.
What is a firewall?
A firewall is a device (or software
feature) designed to control the flow of
traffic into and out-of a network.
In general, firewalls are installed to
An edge firewall is usually software running on a
server or workstation. An edge firewall protects a
single computer from attacks directed against it.
Examples of these firewalls are:
IPFW on OSX
An appliance firewall is a device
whose sole function is to act as a
firewall. Examples of these firewalls
Router/Bridge based Firewall
A firewall running on a bridge or a router protects from a
group of devices to an entire network. Cisco has firewall
feature sets in their IOS operating system.
Computer-based Network Firewall
A network firewall runs on a computer (such as a PC or
Unix computer). These firewalls are some of the most
flexible. Many free products are available including
IPFilter (the first package we tried), PF (the current
package we are using found on OpenBSD 3.0 and later)
and IPTables (found on Linux). Commercial products
include: Checkpoint Firewall-1. Apple OSX includes
IPFW (included in an operating system you gotta
Protect a wide range of machines
from general probes and many
Provides some protection for
machines lacking in security.
Why use a firewall ?
Blocks packets based on:
Source IP Address or range of addresses.
Source IP Port
Destination IP Address or range of addresses.
Destination IP Port
Some allow higher layers up the OSI model.
Other protocols (How would you filter DecNET anyway?).
20 & 21 FTP (didn’t know 20 was for FTP, did you?)