The Source of Viruses
Since a virus can be rather
small, its code can be "hidden" inside other larger and more
complicated programs. Two hundred lines of a virus could be separated into one
hundred packets of two lines of code and a jump each; these one hundred packets
could be easily hidden inside a compiler, a database manager, a file manager,
or some other large utility.
Virus discovery could be
aided by a procedure to determine if two programs are equivalent. However,
theoretical results in computing are very discouraging when it comes to the
complexity of the equivalence problem. The general question "Are these two
programs equivalent?" is undecidable (although that question can be
answered for many specific pairs of programs). Even ignoring the general
undecidability problem, two modules may produce subtly different results that
mayor may notbe security relevant. One may run faster, or the first may use a
temporary file for workspace whereas the second performs all its computations
in memory. These differences could be benign, or they could be a marker of an
infection. Therefore, we are unlikely to develop a screening program that can
separate infected modules from uninfected ones.
Although the general is
dismaying, the particular is not. If we know that a particular virus may infect
a computing system, we can check for it and detect it if it is there. Having
found the virus, however, we are left with the task of cleansing the system of
it. Removing the virus in a running system requires being able to detect and
eliminate its instances faster than it can spread.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.