Software for Detecting and Removing Viruses. 


Мы поможем в написании ваших работ!



ЗНАЕТЕ ЛИ ВЫ?

Software for Detecting and Removing Viruses.



Virus protection (or antivirus) software are applications that can determine when a system has been infected with a virus. Typically, such software runs in the back-ground and scans files whenever they are downloaded from the Internet, received as attachments to e-mail, or modified by another application running on the system. Most virus protection software employs one of the following methods:

Signature-based detection: This is the traditional approach and searches for “signatures,” or known portions of code of viruses that have been detected and cataloged in the wild. Signature-based products are fast and reliable in detecting previously known viruses but generally cannot detect new viruses until the vendor has updated its signature database with information about the new virus and users have downloaded the updated signature files to their systems.

Behavior-blocking detection: This is a newer approach borrowed from intrusion detection system (IDS) technologies and uses policies to define which kinds of system behaviors might indicate the presence of a virus infection. Should an action occur that violates such a policy, such as code trying to access the address book to mass mail itself through e-mail, the software steps in and prevents this from happening and can also isolate the suspect code in a “sandbox” until the administrator decides what to do with it. The advantage of behavior-blocking detection is that it can detect new viruses for which no signatures are known. The disadvantage is that, like IDSs, such detection systems can generate false positives if the detection threshold is set too low or can miss real infections if it is set too high. A few newer virus protection products include behavior-blocking technology, but most still operate using signature databases.

UNIT 3

Read and translate the text.

Text A

Authentication Mechanisms.

The mechanics of this authentication mechanism differ from those of the protection mechanisms for implementing virtual machines mainly because not all of the components of the system are under uniform physical control. In particular, the user himself and the communication system connecting his terminal to the computer are components to be viewed with suspicion. Conversely, the user needs to verify that he is in communication with the expected computer system and the intended virtual machine. Such systems follow our abstract model of a guard who demands a match between something he knows and something the requester possesses. The objects being protected by the authentication mechanism are the virtual machines. In this case, however, the requester is a computer system user rather than an executing program, and because of the lack of physical control over the user and the communication system, the security of the computer system must depend on either the secrecy or the unforgeability of the user's identification.

In time-sharing systems, the most common scheme depends on secrecy. The user begins by typing the name of the person he claims to be, and then the system demands that the user type a password, presumably known only to that person.

There are, of course, many possible elaborations and embellishments of this basic strategy. In cases where the typing of the password may be observed, passwords may be good for only one use, and the user carries a list of passwords, crossing each one off the list as he uses it. Passwords may have an expiration date, or usage count, to limit the length of usefulness of a compromised one.

The list of acceptable passwords is a piece of information that must be carefully guarded by the system. In some systems, all passwords are passed through a hard-to-invert transformation before being stored, an idea suggested by R. Needham. When the user types his password, the system transforms it also and compares the transformed versions. Since the transform is supposed to be hard to invert (even if the transform itself is well known), if the stored version of a password is compromised, it may be very difficult to determine what original password is involved. It should be noted, however, that "hardness of inversion" is difficult to measure. The attacker of such a system does not need to discern the general inversion, only the particular one applying to some transformed password he has available.

Passwords as a general technique have some notorious defects. The most often mentioned defect lies in choice of password--if a person chooses his own password, he may choose something easily guessed by someone else who knows his habits. In one recent study of some 300 self-chosen passwords on a typical time-sharing system, more than 50 percent were found to be short enough to guess by exhaustion, derived from the owner's name, or something closely associated with the owner, such as his telephone number or birth date. For this reason, some systems have programs that generate random sequences of letters for use as passwords. They may even require that all passwords be system-generated and changed frequently. On the other hand, frequently changed random sequences of letters are hard to memorize, so such systems tend to cause users to make written copies of their passwords, inviting compromise. One solution to this problem is to provide a generator of "pronounceable" random passwords based on digraph or higher order frequency statistics to make memorization easier.

A second significant defect is that the password must be exposed to be used. In systems where the terminal is distant from the computer, the password must be sent through some communication system, during which passage a wiretapper may be able to intercept it.

An alternative approach to secrecy is unforgeability. The user is given a key, or magnetically striped plastic card, or some other unique and relatively difficult-to-fabricate object. The terminal has an input device that examines the object and transmits its unique identifying code to the computer system, which treats the code as a password that need not be kept secret. Proposals have been made for fingerprint readers and dynamic signature readers in order to increase the effort required for forgery.

The primary weakness of such schemes is that the hard-to-fabricate object, after being examined by the specialized input device, is reduced to a stream of bits to be transmitted to the computer. Unless the terminal, its object reader, and its communication lines to the computer are physically secured against tampering, it is relatively easy for an intruder to modify the terminal to transmit any sequence of bits he chooses. It may be necessary to make the acceptable bit sequences a secret after all. On the other hand, the scheme is convenient, resists casual misuse, and provides a conventional form of accountability through the physical objects used as keys.

Suppose that a remote terminal is equipped with enciphering circuitry, such as the LUCIFER system, that scrambles all signals from that terminal. Such devices normally are designed so that the exact encipherment is determined by the value of a key, known as the encryption or transformation key. For example, the transformation key may consist of a sequence of 1000 binary digits read from a magnetically striped plastic card. In order that a recipient of such an enciphered signal may comprehend it, he must have a deciphering circuit primed with an exact copy of the transformation key, or else he must cryptanalyze the scrambled stream to try to discover the key. The strategy of encipherment/decipherment is usually invoked for the purpose of providing communications security on an otherwise unprotected communications system. However, it can simultaneously be used for authentication.

 

COMREHENTION CHECK

1. Give the Russian equivalents to the following words and word combinations:

to verify; rather than; unforgeability; possible elaborations and embellishments; to discern the general inversion; notorious defects; an expiration date; usage count; by exhaustion; random sequences of; a wiretapper; forgery; against tampering; to resist casual misuse; to scramble all signals; magnetically striped plastic card; a recipient; primed with; to be invoked for the purpose of



Поделиться:


Последнее изменение этой страницы: 2016-12-10; просмотров: 588; Нарушение авторского права страницы; Мы поможем в написании вашей работы!

infopedia.su Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав. Обратная связь - 34.203.242.200 (0.01 с.)