Manualshelf

User`s guide

ManualsBrandsAMSTRAD ManualsComputer equipmentPC-ECD
12345678910
VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139.
/90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers.
VIRUS BULLETINPage 10 August 1991
NOVELL EXPERIMENTS
Dr. Jan Hruska / Richard Jacobs
Virus Propagation and NetWare Security
Computer viruses spread through interchange of executables
between computers. On Personal Computers (PCs) this
interchange is much more frequent than on minicomputers and
mainframes. This report will concentrate on viruses on PCs.
The interchange of executables on non-networked PCs is
almost exclusively done by floppy disks and is, as a conse-
quence, relatively slow and physically controllable. PC
networks allow high speed interchange and sharing of data
and executables. This interchange is also much more difficult
to control in practice, with hundreds of simultaneous users.
The danger of a large scale virus attack in a non-networked
organisation is comparatively small. The attack will be limited
to a few PCs before it is spotted and disk interchange is
prohibited. The possibility of a large scale virus attack on a
network is much greater and the chances of containment
smaller, if proper network security features are not used.
This report concentrates on Novell NetWare 3.11 and is a
result of a theoretical and practical study of virus behaviour
under NetWare 3.11 and NetWare 2.12. Although practical
anti-virus measures described are specific to NetWare 3.11,
much of it applies also to other network operating systems
such as IBM LAN Manager. It is assumed that the network
will be running on a dedicated file-server.
VIRUS TYPES AND REPLICATION MECHANISMS
A virus is a deliberately written computer program which
usually consists of two parts: self-replicating code and the
‘payload’, which produces side-effects. In a typical PC virus,
the replicating code may have between 400 and 2000 bytes,
while the size of the payload will depend on the side-effects.
Typically this is a few hundred bytes.
The side-effects of a virus are limited only by the imagination
of the virus author and can range from annoyance to serious
vandalism.
Virus Types by Point of Attack
Viruses can be divided into four categories according to the
executable items which they infect: parasitic viruses, boot
sector viruses, multi-partite viruses and companion viruses.
Program
Virus with
payload
Program
Program
Uninfected program
Program infected
at the beginning
Program
infected at the end
Figure 1. Program infection with a parasitic virus
Virus with
payload