Skip to main content
SpringerLink
Log in

Playing Hide-and-Seek with Virus Scanners

  • Chapter
Book cover What Is Computer Science?

Part of the book series: Undergraduate Topics in Computer Science ((UTICS))

  • 3282 Accesses

Abstract

This chapter tries to bridge the gap between a fundamental topic in Computer Science, namely how computer processors execute programs, and a topic in information security, namely computer viruses.

It starts by introducing the concept of a fetch-decode-execute loop, and the implication of Harvard versus von Neumann architectures. By adopting a step-by-step approach and some very simple programs, the goal is show there is no magic involved: even complex, modern computer processors are based on fairly simple principles which everyone can understand. Using this background, the chapter explores a technical mechanism used by computer viruses to evade detection by virus scanners.

Specifically, the ability for a program to modify itself during execution (so-called self-modifying code) allows polymorphic viruses to hide their intentions from a scanner seeking to detect them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Strictly speaking, a virus is a program that propagates itself from file to file on one computer, but typically requires an external stimulus to propagate between computers (e.g., a user carrying infected files on a USB stick from one computer to another); the requirement for a host file to infect means the virus is typically not a stand-alone program. This contrasts with a worm, which propagates from computer to computer itself, acting as a stand-alone program without the need to infect a host file. A specific example might include aspects of both, so a precise classification is often difficult; we largely ignore the issue, using the term virus as an imprecise but convenient catch-all.

References

  1. Wikipedia Alan Turing. http://en.wikipedia.org/wiki/Alan_Turing

  2. Wikipedia: Anti-virus software. http://en.wikipedia.org/wiki/Antivirus_software

  3. Wikipedia: ARPANET. http://en.wikipedia.org/wiki/ARPANET

  4. Wikipedia: Central Processing Unit (CPU). http://en.wikipedia.org/wiki/Central_processing_unit

  5. Wikipedia: Computer virus. http://en.wikipedia.org/wiki/Computer_virus

  6. Wikipedia: Crash. http://en.wikipedia.org/wiki/Crash_(computing)

  7. Wikipedia: Creeper. http://en.wikipedia.org/wiki/Creeper_(program)

  8. Wikipedia: Debugging. http://en.wikipedia.org/wiki/Debugging

  9. Wikipedia: Exclusive OR. http://en.wikipedia.org/wiki/XOR

  10. Wikipedia: Halting problem. http://en.wikipedia.org/wiki/Halting_problem

  11. Wikipedia: Harvard architecture. http://en.wikipedia.org/wiki/Harvard_architecture

  12. Wikipedia: Harvard Mark I. http://en.wikipedia.org/wiki/Harvard_Mark_I

  13. Wikipedia: Infinite loop. http://en.wikipedia.org/wiki/Infinite_loop

  14. Wikipedia: Internet. http://en.wikipedia.org/wiki/Internet

  15. Wikipedia: Keystroke logging. http://en.wikipedia.org/wiki/Keystroke_logging

  16. Wikipedia: Malware. http://en.wikipedia.org/wiki/Malware

  17. Wikipedia: Morris worm. http://en.wikipedia.org/wiki/Morris_worm

  18. Wikipedia: Polymorphic code. http://en.wikipedia.org/wiki/Polymorphic_code

  19. Wikipedia: Programmed Data Processor (PDP). http://en.wikipedia.org/wiki/Programmed_Data_Processor

  20. Wikipedia: Punched tape. http://en.wikipedia.org/wiki/Punched_tape

  21. Wikipedia: Self-modifying code. http://en.wikipedia.org/wiki/Self-modifying_code

  22. Wikipedia: Software bug. http://en.wikipedia.org/wiki/Software_bug

  23. Wikipedia: Stuxnet. http://en.wikipedia.org/wiki/Stuxnet

  24. Wikipedia: Timeline of computer viruses and worms. http://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms

  25. Wikipedia: Turing machine. http://en.wikipedia.org/wiki/Turing_machine

  26. Wikipedia: von Neumann architecture. http://en.wikipedia.org/wiki/Von_Neumann_architecture

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Bristol, Bristol, UK

    Daniel Page & Nigel Smart

Authors
  1. Daniel Page
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nigel Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Page, D., Smart, N. (2014). Playing Hide-and-Seek with Virus Scanners. In: What Is Computer Science?. Undergraduate Topics in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-04042-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04042-4_3

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04041-7

  • Online ISBN: 978-3-319-04042-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation