» » The Art of Computer Virus Research and Defense

Fb2 The Art of Computer Virus Research and Defense ePub

by Peter Szor

Category: Networking and Cloud Computing
Subcategory: Technologies and Computers
Author: Peter Szor
ISBN: 0321304543
ISBN13: 978-0321304544
Language: English
Publisher: Addison-Wesley Professional (February 13, 2005)
Pages: 744
Fb2 eBook: 1773 kb
ePub eBook: 1480 kb
Digital formats: txt lit lit rtf

This book as a lot of good information, but it is seems to be more difficult than it should be at times

This book as a lot of good information, but it is seems to be more difficult than it should be at times. The examples are based in x86 ASSEMBLER. So if you don't have a clue about x86 assembler, it's going to be difficult. The book does NOT show the code to infect programs, just what it looks like before the infection and after the infection. I understand why. If it included the code, it would be a manual about how to write viruses. Clearly, we don't need one of those

Эту книгу можно прочитать в Google Play Книгах на компьютере, а также на устройствах Android и iOS. Выделяйте текст, добавляйте.

Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more. Szor also offers the most thorough and practical primer on virus analysis ever everything from creating your own personal laboratory to automating the analysis process.

Szor also offers the most thorough and practical primer on virus analysis ever everything from creating your own personal laboratory to automating the analysis process. This book's coverage includes.

Nuclear Physics: Exploring the Heart of Matter. 53 MB·76,326 Downloads·New!

Peter Szor systematically covers everything you need to know, including virus behavior and classification, protection strategies, antivirus and worm-blocking techniques, and much more. Szor presents the state-of-the-art in both malware and protection, providing the full technical detail that professionals need to handle increasingly complex attacks.

Peter Szor's book describes most of the attack types, defense strategies, analysis methods and famous viruses known up to about 2005

Peter Szor's book describes most of the attack types, defense strategies, analysis methods and famous viruses known up to about 2005. Though with new military threats like Stuxnet and just the fact that these things change by the year, the book may seem a bit dated now, but most of what is in the book should still be perfectly relevant. The author does occasionally moralize about the creation of viruses, including when it is entirely out of curiosity, which put me off a little.

Unlike most books on computer viruses, The Art of Computer Virus .

Peter Szor takes you behind the scenes of anti-virus research, showing howthey are analyzed, how they spread, and--most importantly--how to effectivelydefend against them. This book offers an encyclopedic treatment of thecomputer virus, including: a history of computer viruses, virus behavior,classification, protection strategies, anti-virus and worm-blocking techniques,and how to conduct an accurate threat analysis. The Art of Computer VirusResearch and Defense entertains readers with its look at anti-virus research, butmore importantly it truly arms them in the fight against computer viruses.As one of the lead researchers behind Norton AntiVirus, the most popularantivirus program in the industry, Peter Szor studies viruses every day. Byshowing how viruses really work, this book will help security professionals andstudents protect against them, recognize them, and analyze and limit thedamage they can do.
Comments to eBook The Art of Computer Virus Research and Defense
BlackHaze
It's pretty dated these days, but it's still a highly informative read about virus developments over time and the tools of the defender, the anti-virus industry. Even shows how to analyze malware. x86 assembly language knowledge is needed to understand the code snippets.

If you want something more up to date, try Practical Malware Analysis.
tref
Though dated still the most complete text on the subject. With very little trouble one should be able to supplement this with resources from the net (For example, you might want to investigate the use of Hidden Markov Models in the detection of Metamorphic Engines and how to defeat these )
Kieel
Powerful and clear guidebook, essential for understanding threats and countermeasures.
Butius
Very informative
Scoreboard Bleeding
For those of you who are proficient in computers this is the book for you. It will teach you how to make a good antivirus program. It is very informative and well written!!!!
Mavegar
phenominal read, although getting a bit dated
Knights from Bernin
However, I wish for more. I was very hopeful but nevertheless was disappointed by the failure to include example code. This book could best be described as a taxonomy of various characteristics of computer viruses. This book is not intended to inspire the reader to appreciate computer viruses. However, the book did introduce me to a computer game called corewars that has attracted a following of very interesting computer users that appreciate computer viruses .
The book is very disappointing in that the author does not show explicitly how to create and code viruses. The author explains in the preface that he does not include such code because of its obvious dangers. This reviewer believes however that the more understanding we have of viruses the better we can deal with their threats. We need to understand just what is possible, and this can only be done by creating viruses that may or may not be hazardous to computer systems. The more viruses that we create and then study the more we can guard against their infection. This goes for computer viruses as well as biological ones. Yes, there are dangers involved in doing this, but these dangers are nullified by the tools and artificial immune systems that we create in the process of studying viruses.

The book of course is not without its merits, one of these being the discussion of the history of computer viruses, which the author includes in the first chapter of the book. The designation "computer virus" was done in 1984, at which time a formal mathematical model was created for computer viruses. The author defines a computer virus as being a program that can recursively and explicitly copy a possibly evolved version of itself. This definition he says covers the notion of a `companion virus', which does not necessarily modify the code of other programs.

The author is also very thorough in his treatment of the different viruses and their association with specific computer platforms. In addition, he gives a detailed treatment of how to analyze a computer virus using disassemblers, debuggers, emulators, virtual machines, virus test networks, and unpackers, along with various other tools. Readers will definitely benefit from knowledge of assembly code.

For non-experts in virus research (such as this reviewer) but who have a strong mathematical background, a natural question to ask is whether one could develop a highly sophisticated computer immune system that would be able to detect any kind of computer virus within a reasonable time scale. The author believes that this cannot be accomplished, quoting a result by the mathematician Frederick Cohen (the inventor of the term "computer virus") indicating that such an immune system is not possible. The Cohen proof is not included in the book unfortunately, but a perusal of the literature will reveal that the proof is based, as expected, on the theory of computability and Turing machines. What Cohen showed was that the detection of generic computer viruses is undecidable by showing that if such a procedure existed, it would solve the halting problem for Turing machines.

Given the Cohen result, it is appropriate to ask whether viruses can come in such a wide variety as to make their detection and annihilation unique to the actual virus. In addition, it would appear that after a reasonable amount of time, it would become more difficult for virus writers to come up with `exotic' viruses that elude detection. Have most of the effective or interesting viruses already been invented, and therefore countered, by anti-virus programs? When reading this book one gets the impression that this is the case. However, the author shows that such a judgment would be premature, and he spends a fair amount of time in the book discussing possible future developments in computer viruses, particularly in distributed environments.

Even if virus writers are exhausting the possibilities for effective viruses, they can still find ways of evading the detection programs, using encryption for example. The author discusses several different approaches to the encryption of viruses, all of these having varying degrees of success, depending of course on the resources and knowledge base of the virus analyst. An interesting topic discussed in this connection is the origin of `oligomorphic' viruses, which change their decryptors in new generations. The `polymorphic' viruses, which are the next stage in complexity, are also discussed in this context, these allowing the mutation of their decryptors in possibly millions of different forms. When a virus is able to create new generations of itself that look different, it is called a 'metamorphic' virus. The author gives examples of these, how thay are detected, and the possibility of using them to construct a virus generator able to create new virus mutations on the fly without any human intervention. One of the metamorphic viruses, named W95/Zmist, is described by the author as being one the most complex binary viruses ever created. For that reason it is discussed in detail in the book. This discussion is fascinating reading, and one would have hoped that the source code was supplied in the book in order to allow responsible and curious individuals to create the W95/Zmist virus and study its behavior in real systems under controlled laboratory conditions.

The author does not distinguish between computer worms and viruses, except to say that the former are sometimes distinguished from the latter in the way they infect networks. A worm does not usually need to infect files but can propagate as a standalone program. However, the author gives examples of worms that do propagate by the infection of files. Illicit information gathering is the purpose of most worms, and the author discusses several different techniques that worms use to obtain this information. Particularly interesting to read about are the different techniques that computer worms are used to propagate themselves. One of these involves instant messaging, which because of its popularity will certainly be one that is given more attention by future attackers.

Virus writers will become more creative in the future, and their efforts will no doubt be discussed in future editions of this book. But it is the more subtle approaches that remain undiscovered that are the most devastating to both individuals and businesses. One gets the impression when reading this book that most of the viruses are created by pranksters who gain emotional reinforcement by the success of the exploits. The antivirus defense techniques work in the latter but not the former.
Related to The Art of Computer Virus Research and Defense
E-mail Virus Protection Handbook : Protect your E-mail from Viruses, Tojan Horses, and Mobile Code Attacks eBook
Fb2 E-mail Virus Protection Handbook : Protect your E-mail from Viruses, Tojan Horses, and Mobile Code Attacks ePub
Living With Herpes: The Comprehensive and Authoritative Guide to the Causes, Symptoms and Treatment of Herpes Virus Illnesses eBook
Fb2 Living With Herpes: The Comprehensive and Authoritative Guide to the Causes, Symptoms and Treatment of Herpes Virus Illnesses ePub
The Virus Creation Labs: A Journey into the Underground eBook
Fb2 The Virus Creation Labs: A Journey into the Underground ePub
The Togaviridae and Flaviviridae (The Viruses) eBook
Fb2 The Togaviridae and Flaviviridae (The Viruses) ePub
Computer Virus Survival Guide eBook
Fb2 Computer Virus Survival Guide ePub
The Herpesviruses: Immunobiology and Prophylaxis of Human Herpesvirus Infections (The Viruses) eBook
Fb2 The Herpesviruses: Immunobiology and Prophylaxis of Human Herpesvirus Infections (The Viruses) ePub
ADVANCES IN VIRUS RESEARCH VOL 40, Volume 40 eBook
Fb2 ADVANCES IN VIRUS RESEARCH VOL 40, Volume 40 ePub
Pete the Nerd's Do It Yourself Virus Removal: In 30 Minutes using free software you can remove viruses, malware, and spyware from your computer eBook
Fb2 Pete the Nerd's Do It Yourself Virus Removal: In 30 Minutes using free software you can remove viruses, malware, and spyware from your computer ePub
Venus Versus Virus Omnibus 1 (3 Volumes) eBook
Fb2 Venus Versus Virus Omnibus 1 (3 Volumes) ePub