The Exploit: A Theory of Networks - asounder
The Exploit: A Theory of Networks - asounder
The Exploit: A Theory of Networks - asounder
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Nodes 85<br />
computer’s normal MBR. Early antivirus programs performed a calculation<br />
in which the size <strong>of</strong> program files was routinely checked for<br />
any changes (unlike document files, program files should not change,<br />
and thus a change in the file size indicated an add - on or other type <strong>of</strong><br />
virus). Second - generation viruses were able to outmaneuver these<br />
calculations by either ballooning or pruning program code so that it<br />
always remains the same size. Third - generation viruses, such as “stealth”<br />
viruses, went further, being able to intercept and mimic the antivirus<br />
s<strong>of</strong>tware, thereby performing fake file scans. Fourth - generation viruses<br />
are the opposite <strong>of</strong> the third generation; they employ “junk code”<br />
and “attack code” to carry out multipronged infiltrations, in effect<br />
overwhelming the computer’s antivirus s<strong>of</strong>tware (“armored” viruses).<br />
However, one antivirus technique has remained nominally effective,<br />
and that is the identification <strong>of</strong> viruses based on their unique “signature,”<br />
a string <strong>of</strong> code that is specific to each virus class. Many antivirus<br />
programs use this approach today, but it also requires a constantly<br />
updated record <strong>of</strong> the most current viruses and their signatures. Fifth -<br />
generation viruses, or “polymorphic” viruses, integrate aspects <strong>of</strong><br />
artificial life and are able to modify themselves while they replicate and<br />
propagate through networks. Such viruses contain a section <strong>of</strong> code—a<br />
“mutation engine”—whose task is to continuously modify its signature<br />
code, thereby evading or at least confusing antivirus s<strong>of</strong>tware.<br />
<strong>The</strong>y are, arguably, examples <strong>of</strong> artificial life. 64<br />
Viruses such as the polymorphic computer viruses are defined by their<br />
ability to replicate their difference. <strong>The</strong>y exploit the network.<br />
That is, they are able to change themselves at the same time that<br />
they replicate and distribute themselves. In this case, computer viruses<br />
are defined by their ability to change their signature and yet maintain<br />
a continuity <strong>of</strong> operations (e.g., overwriting code, infiltrating as<br />
fake programs, etc.). Viruses are never quite the same. This is, <strong>of</strong> course,<br />
one <strong>of</strong> the central and most disturbing aspects <strong>of</strong> biological viruses—<br />
their ability to continuously and rapidly mutate their genetic codes.<br />
This ability not only enables a virus to exploit new host organisms<br />
previously unavailable to it but also enables a virus to cross species<br />
boundaries effortlessly, <strong>of</strong>ten via an intermediary host organism. <strong>The</strong>re