Detecting Macro Viruses - A TRIZ Based Analysis

Author: Umakant Mishra

Abstract:

The macro viruses are easy to create but difficult to detect. Even for a virus scanner it is difficult to decide which macro is a virus and which macro is not, as a user macro may also create files, send emails and do all such activities that a macro virus can do. It is difficult to differentiate a genuine macro and a virus macro as both of them do similar type of jobs. Suspecting a macro to be virus just because it is “writing to a file” may result in false positives. It is necessary to improve the emulation method, like statically analyzing macro operations within a document, to save system resources and detect macro viruses more effectively.

Signature scanning can detect macro viruses. But this method is not very effective as there are plenty of new macro viruses created on every day whose signatures are yet to be updated in the signature database. Integrity checking does not work for detecting macro viruses, as comparing checksums is not possible for document files, which are usually modified by users on a regular basis. A heuristic scanning is most effective to detect macro viruses of all types, old and new. The heuristic technique does not require exact signatures of known viruses. It just examines a target program and analyzes its code to determine if the code appears virus-like.

Keywords: computer virus, anti-virus, anti-virus software, computer security, anti-virus design, anti-virus development, inoculation, virus scanning, virus detection, signature scanning, integrity checking, heuristic scanning, emulation, activity monitoring, generic scanning, behavior monitoring, resident scanning, virus database, macro virus, word macro,

Mishra, Umakant, Detecting Macro Viruses- A TRIZ Based Analysis (January 9, 2012). Available at SSRN: http://ssrn.com/abstract=1981892 or http://dx.doi.org/10.2139/ssrn.1981892

http://papers.ssrn.com/abstract=1981892

http://works.bepress.com/umakant_mishra/85

https://www.researchgate.net/publication/228310715_Detecting_Macro_Viruses-_A_TRIZ_Based_Analysis

Detecting Boot Sector Viruses- Applying TRIZ to improve anti-virus programs

Author: Umakant Mishra

Abstract:

The boot sector virus infects the boot record of the hard disk or floppy disks. It gets loaded onto the memory every time the computer is booted and remains resident in the memory till the computer is shut down. Once entered it alters the boot sector of the hard disk and remains in the hard disk permanently until the system is totally damaged and fails to boot.

While analyzing the problem from TRIZ prospective we try different possibilities to avoid boot sector viruses, such as, Can we do away with boot record? Can we avoid booting from floppies? Can we make the boot record virus resistant? Can we keep the boot record in a place which virus cannot access? Can the boot record checks itself for virus? Can we load the anti virus before loading boot sector? Can we remind the user to remove unwanted floppies from the drive?

One method to avoid boot sector virus is by loading some kind of anti-virus before the computer is booted. One possibility may be to load such an anti-virus from a ROM chip. Another possibility may be to load such an anti-virus from a hidden partition that is not accessible to viruses or other programs. Another method to avoid boot sector virus is to store the boot sector in a separate ROM chip, which is protected from any kind of infection. Although this method works satisfactorily to provide protection against boot sector viruses, it requires an additional ROM to be bought that adds to the cost of the system.

Keywords: Software Innovation, computer virus, anti-virus, anti-virus software, computer vulnerability, computer security, anti-virus design, anti-virus development, inoculation, virus scanning, virus detection, signature scanning, integrity checking, heuristic scanning, boot sector scanning, boot sector virus, generic scanning, behavior monitoring, resident scanning,

Umakant Mishra, Detecting Boot Sector Viruses- Applying TRIZ to Improve Anti-Virus Programs (January 9, 2012). Available at SSRN: http://ssrn.com/abstract=1981886 or http://dx.doi.org/10.2139/ssrn.1981886

http://papers.ssrn.com/abstract=1981886

http://works.bepress.com/umakant_mishra/84

https://www.researchgate.net/publication/228310712_Detecting_Boot_Sector_Viruses-_Applying_TRIZ_to_Improve_Anti-Virus_Programs