Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesI Am Virus: Hear Me Roar

January 1998 / Cover Story / I Am Virus: Hear Me Roar

Automation and tight desktop integration are needed to stop macro attacks from the Net.

Earl Greer

Anywhere from five to 10 new computer viruses are created each day, according to the antivirus software company Sophos. Infected systems are on the rise -- almost every midsize to large corporation has been infected within the last 12 months. And viruses spread more rapidly now, thanks to networks -- chiefly the Internet. Five years ago, a virus typically took two years to spread worldwide. Today, it takes mere hours, IBM researchers say.

Now the threat is growing again. Although writing 32-bit Windows 95 viruses requires s ubstantial programming skills, Word macro viruses require little skill, and consequently they now constitute 80 percent of all infections. ActiveX and Java already provide the technology making it possible for a computer to download and execute a program transparently to the user. And the number of environments viruses can live in will increase --  a PowerPoint virus is likely within a year.

Not all antivirus methods that have worked in the past will work in the future. For instance, as encryption of e-mail becomes more prevalent, scanning at firewalls will become less effective.

Major antivirus companies, led by Symantec and Computer Associates' Cheyenne Division, are introducing automated updating of antivirus signatures and detection software. Such updating will soon be available as often as once an hour, via the Internet. Some vendors are updating their virus signature files on the Internet as often as six times a day.

To cope with the speed a t which new viruses can spread, Symantec is emphasizing development of heuristic analysis. This technique watches a program's behavior rather than examining its code for matches to virus signatures. Thus, a new virus can be detected and blocked even before the antivirus company has examined a sample.

IBM is pioneering automated extraction of virus signatures along with automatic testing for false alarms. This approach has the potential to tremendously shorten the time between the appearance of a new virus and distribution of the solution to customers. Software with this capability could be in beta stage late this year or early next year.

Antivirus programs will include more options, allowing customers to adjust scanning speed by varying the detection capabilities ( see the table ). But there are other, more radical solutions emerging. Data Fellows recently unveiled F-Secure Anti-Virus Macro Control, which requires that any macros used in a Word document first be certified by a network administrator. And BIOS manufacturers such as Phoenix are putting code into their software that adds antivirus measures to the master boot record and code that forces PCs to boot off the hard drive.

Where to Find 


National Computer Security Association

Carlisle, PA
Phone:    800-488-4595
Phone:    717-258-1816
Internet: 
http://www.ncsa.com




Information on products in the 
security
 category

HotBYTEs
 - information on products covered or advertised in BYTE

Antivirus Bag of Tricks

Antivirus Bag of Tricks
Checksumming and integrity checking
Both methods store information about presumably uninfected files in a certain place. They perform periodic checks of the current status of the files against the stored information. If they detect change, they issue a warning. This method provides after-the-fact detection.
Heuristics
This is a method of analyzing files and boot areas in a general sense to determine if the code appears virus-like. Heuristics perform after-the-fact detection.
Decoys
This is a method of lying in wait for viruses, allowing certain files to become infected if a virus is present. Decoys detect viruses as they are infecting and are helpful in r aising the warning flag.
Behavior blocking
This is a method of analyzing the behavior of all computing actions to determine if the sum of the parts adds up to virus-like action. If it does, then this method stops the action before infection can occur. Behavior blocking performs before-the-fact detection.
On-demand and scheduled scanning
This is a method of scanning for specific viruses at certain times. This is always after-the-fact detection.
Real-time scanning
The detection process occurs while other computer processes (e.g., copying a file) occur. This method notifies users of existing viruses before they can be triggered.

National Computer Security Association in 1998

illustration_link (11 Kbytes)

AT A GLANCE: The antivirus industry gears up to combat a wave of new infections from macros and the Internet. Advances in e-mail encryption will thwart some antivirus scanners.

WHO SUPPORTS IT: Computer Associates, Data Fellows, Symantec, McAfee, Sophos, IBM, Trend Micro, Finjan, Dr. Solomon

Up to the Cover Story section contentsGo to previous article: Go to next article: Gigabit Ethernet Gears UpSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network