Computer Virus: A virus is a program that can “infect” or “contaminate” other programs by modifying them to include a copy of it.  Anti virus programs must be updated continuously to look for new and modified viruses. Viruses are the number-one method of computer vandalism.

The first computer viruses were designed to show off their programming skills and to demonstrate how easily computer security systems could be infiltrated.  Today, viruses are often made to corrupt or scramble data on a computer’s hard disk.

There are over 5000 known viruses.  The rate of virus infection is also increasing.

The Electronic Privacy Act of 1986 is the most noteworthy legislation against the fraudulent use of computers.

There are several categories of computer viruses:

  1. Boot-sector viruses
  2. File-infecting viruses
  3. Trojan horse/Backdoor programs
Boot-sector viruses:

A boot sector virus is designed to replace the information in the hard disk’s boot sectors with its own code.  Once the virus is in memory, it can replicate itself onto any other disks that are used in the infected computer.

File infecting viruses:

This is the most common type of virus.  A file-infecting virus attaches itself to an executable program file be adding its own code to the executable file.  It escapes detection.  When the infected file is run, the virus can

attach itself to other executable files.  Files infected by this type of virus usually have a .COM, .EXE, or .SYE extension.  A virus can be triggered when an infected file is executed.

Trojan horse Programs:

A Trojan horse program is not technically a virus.  The distinction between a virus and a Trojan horse program often looks and initially acts like a legitimate program, but once it is executed; it can destroy or scramble data.


A worm is an independent program that replicates itself, crawling from machine to machine across network connections.  It often clogs networks as it spreads, often via e-mail.

Intrusion Detection is the method in which a security administrator uses to detect the presence of an unauthorized intruder.

  • Network based Intrusion Detection – It consists of a black box that sits on the network in promiscuous mode, listening for patterns inductive of an intrusion.
  • Host based Intrusion Detection – It includes auditing for specific.
  • Log File Monitoring – Programs that parse log files after an event has already occurred.
  • File Integrity Checking – It check for Trojan horses, or files that have otherwise been modified, indicating an intruder has already been there.
What is IDS?

IDS stand for Intrusion Detection System.  If one wishes to compare to a home anti-burglary system, firewalls perform the role of door and window locks.  An IDS performs the role of such an alarm system and adds the next preventive layer of security by detecting attacks that penetrate IT systems.

No protection system could make a network 100% secure against outside attacks.  Such an anomalous situation must be reported to the system administrator as quickly as possible.  It is useful to view what an intruder was doing in an IT system.  These are the key tasks for Intrusion Detection System programs.

IDS perform a continuous monitoring of events. It monitors the server and logs any unauthorised access attempts.  IDS must be instructed to recognize such events.  It can process various types of data.  The most frequent are: traffic eavesdropping, packets flowing into system logs, information on users activities.  In operational terms, three primary types of IDS are available:

  • Host base systems – HIDS
  • Network based systems – NIDS
  • Network node-based systems - NNIDS
Problems with IDSes

It is prone to “false-positives” (false alerts).  It is possible that an IDS generates an alert when no problem was actually present.  This is known as false positive.  The network administrator may ignore these alerts, possibly allowing a serious attack to pass unnoticed.  A detailed tuning of alerting and triggering, rules must be performed. 

This is a serious task.  It is critical to understand the properties of IDS technologies, to have a broad knowledge of contemporary intrusion types.  A more rigorous configuration policy is necessary.  The implementing of an IDS service to specialists.