Abstract
This chapter tries to bridge the gap between a fundamental topic in Computer Science, namely how computer processors execute programs, and a topic in information security, namely computer viruses.
It starts by introducing the concept of a fetch-decode-execute loop, and the implication of Harvard versus von Neumann architectures. By adopting a step-by-step approach and some very simple programs, the goal is show there is no magic involved: even complex, modern computer processors are based on fairly simple principles which everyone can understand. Using this background, the chapter explores a technical mechanism used by computer viruses to evade detection by virus scanners.
Specifically, the ability for a program to modify itself during execution (so-called self-modifying code) allows polymorphic viruses to hide their intentions from a scanner seeking to detect them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Strictly speaking, a virus is a program that propagates itself from file to file on one computer, but typically requires an external stimulus to propagate between computers (e.g., a user carrying infected files on a USB stick from one computer to another); the requirement for a host file to infect means the virus is typically not a stand-alone program. This contrasts with a worm, which propagates from computer to computer itself, acting as a stand-alone program without the need to infect a host file. A specific example might include aspects of both, so a precise classification is often difficult; we largely ignore the issue, using the term virus as an imprecise but convenient catch-all.
References
Wikipedia Alan Turing. http://en.wikipedia.org/wiki/Alan_Turing
Wikipedia: Anti-virus software. http://en.wikipedia.org/wiki/Antivirus_software
Wikipedia: ARPANET. http://en.wikipedia.org/wiki/ARPANET
Wikipedia: Central Processing Unit (CPU). http://en.wikipedia.org/wiki/Central_processing_unit
Wikipedia: Computer virus. http://en.wikipedia.org/wiki/Computer_virus
Wikipedia: Crash. http://en.wikipedia.org/wiki/Crash_(computing)
Wikipedia: Creeper. http://en.wikipedia.org/wiki/Creeper_(program)
Wikipedia: Debugging. http://en.wikipedia.org/wiki/Debugging
Wikipedia: Exclusive OR. http://en.wikipedia.org/wiki/XOR
Wikipedia: Halting problem. http://en.wikipedia.org/wiki/Halting_problem
Wikipedia: Harvard architecture. http://en.wikipedia.org/wiki/Harvard_architecture
Wikipedia: Harvard Mark I. http://en.wikipedia.org/wiki/Harvard_Mark_I
Wikipedia: Infinite loop. http://en.wikipedia.org/wiki/Infinite_loop
Wikipedia: Internet. http://en.wikipedia.org/wiki/Internet
Wikipedia: Keystroke logging. http://en.wikipedia.org/wiki/Keystroke_logging
Wikipedia: Malware. http://en.wikipedia.org/wiki/Malware
Wikipedia: Morris worm. http://en.wikipedia.org/wiki/Morris_worm
Wikipedia: Polymorphic code. http://en.wikipedia.org/wiki/Polymorphic_code
Wikipedia: Programmed Data Processor (PDP). http://en.wikipedia.org/wiki/Programmed_Data_Processor
Wikipedia: Punched tape. http://en.wikipedia.org/wiki/Punched_tape
Wikipedia: Self-modifying code. http://en.wikipedia.org/wiki/Self-modifying_code
Wikipedia: Software bug. http://en.wikipedia.org/wiki/Software_bug
Wikipedia: Stuxnet. http://en.wikipedia.org/wiki/Stuxnet
Wikipedia: Timeline of computer viruses and worms. http://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms
Wikipedia: Turing machine. http://en.wikipedia.org/wiki/Turing_machine
Wikipedia: von Neumann architecture. http://en.wikipedia.org/wiki/Von_Neumann_architecture
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Page, D., Smart, N. (2014). Playing Hide-and-Seek with Virus Scanners. In: What Is Computer Science?. Undergraduate Topics in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-04042-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-04042-4_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04041-7
Online ISBN: 978-3-319-04042-4
eBook Packages: Computer ScienceComputer Science (R0)