Computer Security 计算机安全 The techniques developed to protect single computers and network-link

Computer Security

计算机安全

The techniques developed to protect single computers and network-linked computer systems from accidental or intentional harm are called computer security. Such harm includes destruction of computer hardware and software, physical loss of data, and the deliberate invasion of databases by unauthorized individuals.

Data may be protected by such basic methods as locking up terminals and replicating data in other storage facilities. More sophisticated methods include limiting data access by requiring the user to have an encoded card or to supply an identification number or passworＤ. Such procedures can apply to the computer data system as a whole or may be pinpointed for particular information banks or programs. Data are frequently ranked in computer files according to degree of confidentiality.

Operating systems and programs may also incorporate built in safeguards, and data may be encoded in various ways to prevent unauthorized persons from interpreting or even copying the material. The encoding system most widely used in the United States is the Data Encryption Standard (DES), designed by IBM and approved for use by the National Institute of Standards and Technology in 1976. DES involves a number of basic encrypting procedures that are then repeated several times. Very large scale computer systems, for example, the U. S. military Advanced Research Project Agency Network (ARPANET), may be broken up into smaller subsystems for security purposes, but smaller systems in government and industry are more prone to system-wide invasions. At the level of personal computers, security possibilities are fairly minimal.

Most invasions of computer systems are for international or corporate spying or sabotage, but computer hackers^[1]may take the penetration of protected databanks as a challenge, often with no object in mind other than accomplishing a technological feat. Of growing concern is the deliberate implantation in computer programs of worms or viruses^[2]that, if undetected, may progressively destroy databases and other software. Such infected programs have appeared in the electronic bulletin boards available to computer users. Other viruses have been incorporated into computer software sold commercially. No real protection is available against such bugs except the vigilance of manufacturer and user.

Anti-Virus Programs to the Rescue

There is a wide range of virus protection products available to combat the 11,000 known viruses that currently plague personal computers. These products range in technology from virus scanners to terminate and stay resident monitors, to integrity checkers to a combination of the three. Each of these techniques has its associated strengths and weaknesses.^[3]

The most fundamental question that must be asked when considering and evaluating automated anti-virus tools is "how well does the product protect against the growing virus threat？" When developing a security program, companies must think long term. Not only must you choose a form of protection that can detect and safely eliminate today's varieties, but you must consider tomorrow's gully wash as well.^[4]The real challenge lies in securing against the 38,000 new species that are expected to appear within the next two years. The 11,000 known viruses that have been documented to date represent what is only the tip of the iceberg in terms of what tomorrow will bring.

Virus Protection Methods

Today there exists three broad based categories of anti-virus techniques: scanners, memory resident monitors (TSRs), and integrity checkers.

Virus Scanners

Virus scanners are programs designed to examine a computer's boot block, system memory, partition table, and executable files,^[5]looking for specific code patterns that are typical to known virus strains. Generally, a virus scanner is able to identify a virus by name and indicate where on the hard drive or floppy drive the infection has occurreＤ. Virus scanners are also able to detect a known virus before it is executeＤ. Virus scanners do a good job of detecting known viruses. They are generally able to find a virus signature if it is present and will identify the infected file and the virus. Some are faster than others, which is an advantage when checking a hard disk with thousands of files. But virus scanners have several major weaknesses.

First and foremost, scanners are completely ineffective against any virus whose code pattern is not recognizeＤ. In other words, scanners cannot identify a virus if they don't have a signature for it. Also, many of today's viruses are designed specifically to thwart scanners. These so-called stealth viruses know the correct file size and date for a program (i. e. , what they were before the virus infected them). They will intercept operations that ask for that information and return the pre-infection values, not the actual ones during a disk reaＤ. Some viruses can mutate slightly so that the original signature will be rendered ineffective against the new strain and can even result in file damage if recovery is based off virus signature assumptions. A new wave in virus authorship is the creation of self mutating viruses. These viruses infect a file in a different way each time, so it cannot be identified by a simple pattern search, rendering virus scanners ineffective.

Secondly, virus scanners are quickly rendered obsolete and require frequent, costly and time-consuming updates—which may be available only after serious damage has been done. The burden of constantly updating virus scanners, even if provided free of charge, can be a huge burden. In a corporate environment, where thousands of personal computers must be protected, simply distributing scanner updates in a timely and efficient manner and making sure they are installed is an enormous task.

I ntegrity Checkers

This is a relatively new approach, compared to scanners and monitors. Integrity checkers incorporate the principle modification detection. This technique safeguards against both known and unknown viruses by making use of complex file signatures and the known state of the computer environment rather than looking for specific virus signatures.

Each file has a unique signature (which is like a fingerprint-a unique identifier for that particular file) in the form of a CRC or a checksum. Changes in any character within the file will probably change the file's checksum. For a virus to spread, it must get into system memory and change some file or executable code.

An integrity checker will fingerprint and register all program files and various system parameters, such as the boot block, partition table, and system memory, storing this information in an on-line database. By recalculating the files checksum and comparing it to the original, integrity checkers can detect file changes that are indicative of a virus infection.

Industry experts agree that integrity checking is currently the only way to contend with tomorrow's growing virus threat. Since this methodology is non-reliant on virus signatures, it offers protection against all potential viruses, today's and tomorrow's.

Additionally, stealth viruses have historically been able to bypass integrity checkers. The only way users can be certain that their computer is 100 percent clean is to boot the system from a clean, DOS based disk and check the integrity of the information stored on this disk with the current state of the hard drive. Called the "Golden Rule" in virus protection, most integrity checkers fail to follow this security principle.

System Administrator

System Administrator, in computer science, is the person responsible for administering Use of a multiuser computer system, communications system, or both. A system administrator performs such duties as assigning user accounts and passwords, establishing security access levels, and allocating storage space, as well as being responsible for other tasks such as watching for unauthorized access and preventing virus or Trojan Horse^[6]programs from entering the system. A related term, sysop (system operator), generally applies to a person in charge of a bulletin board system, although the distinction is only that a system administrator is associated with large systems owned by businesses and corporations, whereas a sysop usually administers a smaller, often home- based, system.

Hacker

Hacker, in computer science, originally, is a computerphile, a person totally engrossed in computer programming and computer technology. In the 1980s, with the advent of personal computers and dial up^[7]computer networks, hackers acquired a pejorative connotation, often referring to someone who secretively invades others computers, inspecting or tampering with the programs or data stored on them. (More accurately, though, such a person would be called a cracker.) Hacker also means someone who, beyond mere programming, likes to take apart operating systems and programs to see what makes them tick.

Notes

[1]computer hackers：电脑黑客，指非法侵入他人计算机进行浏览或篡改程序或计算机上所存数据的人。

[2]Of growing concern is the deliberate implantation in computer programs of worms or viruses．越来越令人担心的是蓄意地把蠕虫程序或病毒植入计算机程序。

[3]These products range in technology from virus scanners to terminate and stay resident monitors，to integrity checkers to a combination of the three．Each of these techniques has its associated strengths and weaknesses．这些防病毒的产品从技术上有病毒扫描到内存驻留监督程序，从完整性检查到三者的结合程序，每一种有其相关的优点和缺点。

[4]gully wash：gully冲沟，檐槽。此处字面意义是“冲水槽”，可翻译成“但必须从长计议”或“考虑到未来的问题”。

[5]to examine a computer's boot block，system memory，partition table，and executable files：检查计算机的引导块、系统内存、分区表和可执行文件。

[6]Trojan Horse：特洛伊木马，一种欺骗程序。在计算机安全学中，一种计算机程序，表面上或实际上有某种有用功能，而含有附加的(隐藏的)可能利用了调用进程的合法特许来危害系统安全的功能。

[7]dial up：拨号呼叫，访问计算机的一种方法。计算机通过调制解调器连接到电话线路上，拨号上网。

Choose the best answer for each of the following: