Swipe to navigate through the chapters of this book
This chapter tries to bridge the gap between a fundamental topic in Computer Science, namely how computer processors execute programs, and a topic in information security, namely computer viruses.
It starts by introducing the concept of a fetch-decode-execute loop, and the implication of Harvard versus von Neumann architectures. By adopting a step-by-step approach and some very simple programs, the goal is show there is no magic involved: even complex, modern computer processors are based on fairly simple principles which everyone can understand. Using this background, the chapter explores a technical mechanism used by computer viruses to evade detection by virus scanners.
Specifically, the ability for a program to modify itself during execution (so-called self-modifying code) allows polymorphic viruses to hide their intentions from a scanner seeking to detect them.
Please log in to get access to this content
To get access to this content you need the following product:
Strictly speaking, a virus is a program that propagates itself from file to file on one computer, but typically requires an external stimulus to propagate between computers (e.g., a user carrying infected files on a USB stick from one computer to another); the requirement for a host file to infect means the virus is typically not a stand-alone program. This contrasts with a worm, which propagates from computer to computer itself, acting as a stand-alone program without the need to infect a host file. A specific example might include aspects of both, so a precise classification is often difficult; we largely ignore the issue, using the term virus as an imprecise but convenient catch-all.
- Playing Hide-and-Seek with Virus Scanners
- Springer International Publishing
- Sequence number
- Chapter number