Establishing Type of Virus Protection, Viruses –Legal Issue, Handling Third Party

Software

Presented By Shweta Ghate

MIT college of Engineering

Agenda•Introduction of Virus.

• Types of Viruses

• Legal issues of Protection

• Handling Third Party Software.

•References

Introduction To Virus Definition A virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.

Viruses can damage your hardware, software or files and replicate themselves.

Types of VirusThere are two main types of virus.1.Resident• A VIRUS doing same thing with the

help of Operating system and memory called Residential virus

2.Non-resident• Those viruses searching new file to

affect called Non-residential virus.

Basic Types Of VirusTrojan Horses Appears as interesting program file but

when installed it allows intruders to access and read your files.Eg: “I LOVE YOU“.

Worms Virus that copies and multiplies itself by

using computer networks and security flaws. Eg.“CODE RED”

E-mail Viruses Use e-mail messages to spread which

allow it to automatically forward itself to thousands of people Eg. Rasom virus

Types of VirusBoot Sector Virus• A boot sector virus infects diskettes and hard

drives. • Boot sector viruses often spread to other

computers by the use of shared infected disks and pirated software applications.

.Program viruses• Active when the program file (usually with

extensions .BIN, .COM, .EXE, .OVL, .DRV) carrying the virus is opened.

• Once active, the virus will make copies of itself and will infect other programs on the computer.

Continued….Macro Virus• Programmed as a macro embedded in a document,

usually found in Microsoft Word and Excel• Once it gets in to your computer, every document you

produce will become infected• Relatively new type of virus and may slip by your

antivirus software if you don't have the most recent version installed.

• Eg. Melissa

Multiparitite virus• Hybrid of a Boot Sector and Program viruses. • Infects program files and when the infected program

is active it will affect the boot record

Virus-Legal Issues of protection Grounds on which virus creation or distribution may be found to be illegal • Unauthorized Access Any kind of access without the

permission E.g :Hacking

• Unauthorized Modification Any kind of modification to the data

without the permission of the User Eg. Email attacks

Continued…Incitement• Includes making available viruses, virus

code, information on virus creation, and virus engines.

Denial of Service attacks• Flooding a computer resource with more

requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users.

Continued..

• All such kind of attacks come under Cyber Crime i.e “unlawful acts

wherein the computer is either a tool or target or both”.

• Thus to control the Cyber Crime “Cyber Laws “ were introduced .

Cyber Laws

The world 1st computer specific law was enacted in the year 1970 by the German State of Hesse in the form of ‘Data Protection Act, 1970’ with the advancement of cyber technology.

Indian parliament passed its “INFORMATION TECHNOLOGY ACT, 2000” on 17th October to have its exhaustive law to deal with the technology .

IT ACT OF INDIA 2000

The Information Technology Act, 2000 aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means.

This ACT defines many CHAPTERS, which defines different kinds of punishments for different types of crime.

IT ACT OF INDIA 2000CHAPTER IX

• Act talks about penalties and adjudication (preparing official judgment)for various offences.

• The penalties for damage to computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons.

Continued…Penalty : 2year prisonment or/and 2lack penalty

The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government.

Adjudicating Officer has been given the powers of a Civil Court.

Protection mechanism

• Anti-virus • Firewall

• Recovery

• Online Backup Data

Handling Third Party Software

• Third party software refers to programs that are developed by companies other than the company that developed the computer's operating system.

• Eg. Windows programs developed by companies other than Microsoft are called third party programs.

Continued.. The risk is not in code that internal developers

have written, but in components provided by outside developers, whether open-source libraries or third-party toolkits.

There is an assumption that vendors and open-source developers have gone through the security checkpoints during the application development process, and that assumption is false.“

To secure their software, companies must first figure out which code components have become part of their code base

Continued…To analyze the software the developers and IT

security teams need to do an application assessment .

They need to find the vulnerabilities in the software :through static analysisby monitoring the developer's support forumthrough an intelligence service that tracks changes to software.

The company can then make an informed decision to patch the software or, if a patch is not practical, use a runtime analysis product to harden the application against exploitation of any critical vulnerabilities.

Continued….

Binary only Source

Publicly available

e.g. downloadable

"Software"

Bilateral Agreements

e.g. "Collaboration Agreements"

Publicly available

"Open Source""Free Software"

References

• www.opensource.org• www.wiseGEEK.com• www.spamlaws.com• www.cyberlawsindia.net• Chieh-jen,Chao-Ching Wang,” A Scalable

High-Performance Virus Detection Processor Against a Large Pattern Set for Embedded Network Security ” ,IEEE, pages 841-854, May 2012.

THANK YOU