1-1
Chapter 1 Computer Viruses One of the most familiar forms of risk to computer security is the computer virus. A computer virus is a
program written by a hacker or a cracker, designed to perform some kind of trick upon an unsuspecting
victim’s computer. In some cases, the trick performed is mild, such as drawing an offensive image on the
victim’s screen or changing all of the characters in a document to another language. Sometimes the trick is
much more severe, such as reformatting the hard drive and erasing all the data or damaging the
motherboard so that it cannot operate properly.
Types of Viruses Viruses can be categorized by their effects, which include being a nuisance, destroying data, facilitating
espionage, and destroying hardware. A nuisance virus usually does no real damage but is an inconvenience.
The most difficult part of a computer to replace is the data on the hard drive. The installed programs,
documents, databases, and saved emails form the heart of a personal computer. A data-destructive virus is
designed to destroy this data. Some viruses are designed to create a backdoor into a system to bypass
security. Called espionage viruses, they do no damage but allow a hacker or cracker to enter the system later
for the purpose of stealing data or spying on the work of the competitor. Very rarely, a virus is created to
damage the hardware of the computer system itself. Called hardware-destructive viruses, these bits of
programming can weaken or destroy chips, drives, and other components.
Methods of Virus Operation Viruses operate and are transmitted in a variety of ways. An email virus is normally transmitted as an
attachment to a message sent over the Internet. Email viruses require the victim to click on the attachment,
which causes the virus to execute. Another common mode of virus transmission is via a macro, a small
subprogram that allows users to customize and automate certain functions. A macro virus is written for a
specific program, which then becomes infected when it opens a file with the virus stored in its macros. The
boot sector of a compact disc or hard drive contains a variety of information, including how the disk is
organized and whether it is capable of loading an operating system. When a disc is left in a drive and the
computer reboots, the operating system automatically reads the boot sector to learn about that disk and to
attempt to start any operating system on it. A boot sector virus is designed to alter the boot sector of a disk
so that whenever the operating system reads the boot sector, the computer will automatically become
infected.
Other types of viruses and methods of infection include the Trojan horse virus, which hides inside another
legitimate program or data file, and the stealth virus, which is designed to hide itself from detection
1-2
software. Polymorphic viruses alter themselves to prevent detection by antivirus software, which operates by
examining familiar patterns. Polymorphic viruses alter themselves randomly as they move from computer to
computer, making detection more difficult. Multipartite viruses alter their form of attack. Their name reflects
their ability to attack in several different ways. They may first infect the boot sector and then later act like a
Trojan horse virus by infecting a disk file. These viruses are more sophisticated and therefore more difficult to
guard against. Another type of virus is the logic bomb, which generally sits quietly dormant waiting for a
specific event or set of conditions to occur. A well-known example of a logic bomb was the widely publicized
Michelangelo virus, which infected personal computers and caused them to display a message on the artist’s
birthday.
2-3
Chapter 2 Security Risks Although hackers, crackers, and viruses garner the most attention as security risks, companies face a variety
of other dangers to their hardware and software systems. Principally, these risks involve types of system
failure, employee theft, and the cracking of software for copying.
Systems Failure A fundamental element in making sure that computer systems operate properly is protecting the electrical
power that runs them. Power interruptions such as blackouts and brownouts have very adverse effects on
computers. An inexpensive type of power strip called a surge protector can guard against power fluctuations
and can also serve as an extension cord and splitter. A much more vigorous power protection system is an
uninterruptible power supply (UPS), which provides a battery backup. Similar in nature to a power strip but
much bulkier and a bit more expensive, a UPS provides steady, spike-free power and keeps a computer
running during a blackout.
Employee Theft Although accurate estimates are difficult to pinpoint, businesses certainly lose millions of dollars a year in
stolen computer hardware and software. In large organizations, such theft often goes unnoticed or
unreported. Someone takes a hard drive or a scanner home for legitimate use, then leaves the job sometime
later and keeps the machine. Sometimes, employees take components to add to their home PC systems, or
thieves break into businesses and haul away computers. Such thefts cost far more than the price of the stolen
computers because they also involve the cost of replacing the lost data, the cost of time lost while the
machines are gone, and the cost of installing new machines and training people to use them.
Cracking Software for Copying A common goal of hackers is to crack a software protection scheme. A crack is a method of circumventing a
security scheme that prevents a user from copying a program. A common protection scheme for software is
to require the installation CD to be resident in the drive whenever the program runs. Making copies of the CD
with a burner, however, easily fools this protection scheme. Some game companies are taking an extra step
to make duplication difficult by scrambling some of the data on the original CDs, which CD burners will
automatically correct when copying. When the copied and corrected CD is used, the software checks for the
scrambled track information. If the error is not found, the software will not run.