Browse Prior Art Database

Protecting Against Infection by Computer Viruses

IP.com Disclosure Number: IPCOM000101267D
Original Publication Date: 1990-Jul-01
Included in the Prior Art Database: 2005-Mar-16
Document File: 3 page(s) / 122K

Publishing Venue

IBM

Related People

Karp, AH: AUTHOR

Abstract

Computer viruses are programs that replicate in a computer and do harm either by actively destroying files or by passively using up resources. They often penetrate mainframe systems by attaching themselves to a piece of electronic mail. The proposed scheme should make it virtually impossible for a virus to use this method to gain access to a system.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 50% of the total text.

Protecting Against Infection by Computer Viruses

       Computer viruses are programs that replicate in a
computer and do harm either by actively destroying files or by
passively using up resources.  They often penetrate mainframe systems
by attaching themselves to a piece of electronic mail.  The proposed
scheme should make it virtually impossible for a virus to use this
method to gain access to a system.

      There are a number of routes by which a computer virus can gain
access to a computer.  One possibility is addressed by this
disclosure, attachment to electronic mail.  Other means, such as
guessing passwords, are beyond the scope of this disclosure.

      It is simple for a virus to enter a mainframe via electronic
mail.  A user logs on to the system, sees some mail, and reads it
into the system.  Unknown to the user, a second file, attached to the
mail, is also read in.  This second file, the virus, often duplicates
some commonly used system function, such as the editor.  As soon as
the virus is executed, it can begin replicating by attaching itself
to other files.  When these files are sent to other systems, these
systems become infected, too.

      Some viruses are benign and do no damage other than to consume
system resources.  Other viruses are virulent and periodically
destroy data.  It is these latter viruses that pose a potential
danger and force the adoption of restrictive security measures.  When
these measures make it difficult for users to communicate with the
outside world, the mere threat of a virus has extracted a cost in
lost productivity.

      A number of techniques have been used to prevent this type of
attack.  First, the computer can be disconnected from any external
sources.  This approach assumes that no legitimate users of the
system will attempt to introduce a virus.  Of course, this approach
is far too restrictive. Productivity is lost when users cannot
communicate with the outside world.  Secondly, it is not safe to
assume that legitimate users will not attempt to corrupt the system
or that they will not be able to escape detection.

      Another approach is to modify the system to prevent multiple
files from being read simultaneously.  While probably the most
effective scheme, it is possible that a knowledgeable person could
find a means to circumvent it, using either a program bug or a
weakness in the design.

      There is clearly a need for a technologically simple scheme to
prevent a virus from replicating.  It is important that this scheme
allow free communication with other computer users without impacting
productivity too much.  The proposed scheme meets these goals.

      The proposed procedure is simple.  When a file is read into the
system, simply change, at random, some fraction of the characters
read.  If the file is a note, it will simply look like it was entered
by a poor typist.  For example, "Meet me for dinner at 8 PM." might
re...