Computer Viruses
Download Full Article
What are computer viruses ?
A computer virus is a self-replicating program containing code that explicitly copies itself and that can “infect” other programs by modifying them or their environment such that a call to an infected program implies a call to a possibly evolved copy of the virus.
These software “pranks” are very serious; they are spreading faster than they are being stopped, and even the least harmful of viruses could be life-threatening. For example, in the context of a hospital life-support system, a virus that “simply” stops a computer and displays a message until a key is pressed, could be fatal. Further, those who create viruses can not halt their spread, even if they wanted to. It requires a concerted effort from computer users to be “virus-aware”, rather than continuing the ambivalence that has allowed computer viruses to become such a problem.
Computer viruses are actually a special case of something known as “malicious logic” or “malware”.
COHEN’S theoretical definition of Computer Viruses
Consider the set of programs which produce one or more programs as output. For any pair of programs p and q, p eventually produces q if and only if p produces q either directly or through a series of steps (the “eventually produces” relation is the transitive closure of the “produces” relation.) A viral set is a maximal set of programs V such that for every pair of programs p and q in V, p eventually produces q, and q eventually produces p. (”Maximal” here means that there is no program r not in the set that could be added to the set and have the set still satisfy the conditions.) For the purposes of this paper, a computer virus is a viral set; a program p is said to be an instance of, or to be infected with, a virus V precisely when p is a member of the viral set V. A program is said to be infected simpliciter when there is some viral set V of which it is a member. A program which is an instance of some virus is said to spread whenever it produces another instance of that virus. The simplest virus is a viral set that contains exactly one program, where that program simply produces itself. Larger sets represent polymorphic viruses, which have a number of different possible forms, all of which eventually produce all the others.
Detecting a Virus
For the purposes of this paper, an algorithm A detects a virus V if and only if for every program p, A(p) terminates, and returns “true” if and only if p is infected with V. Similarly, an algorithm A detects a set of viruses S if and only if for every program p, A(p) terminates, and returns “true” if and only if p is infected with some virus V which is a member of S. This is essentially Cohen’s definition in [1], and it is the only formal definition of detection that has proven theoretically fruitful. It also captures (at least to a first approximation) our intuitive notion of computer virus detection.
What is a Worm?
A computer WORM is a self-contained program (or set of programs), that is able to spread functional copies of itself or its segments to other computer systems (usually via network connections). Note that unlike viruses, worms do not need to attach themselves to a host program. There are two types of worms–host computer worms and network worms.
What is a Trojan Horse?
A TROJAN HORSE is a program that does something undocumented that the programmer intended, but that some users would not approve of if they knew about it. According to some people, a virus is a particular case of a Trojan Horse, namely one which is able to spread to other programs(i.e., it turns them into Trojans too).