What is a virus?
The terms “computer virus” and “virus” are used very loosely in everyday conversation and have become synonymous with “trouble”.

A virus is usually not something that creates cool screen effects and enables you to hack into Pentagon. The “Launching virus” screen as seen in Hollywood movies bear no resemblance with real life viruses. In reality, a virus infection is most often invisible to the user. The machine may slow down a little. Some programs may be unstable and crash at irregular intervals, but then again that happens ever so often on clean systems too.

Still, some viruses have some sort of screen effect. The Windows virus “Marburg” fills the desktop with red circles with a white “X” inside”. A couple of viruses will make desktop icons escape the mouse cursor. Such effects are not particularly common, since they expose the existence of the virus. In order to explain such vexing programs, we will need to look at what programs really are.

Laboratory Protocol

Our laboratory protocol to regulate behavior in the laboratory was initially based on biohazard protocols (Health Canada, 2001); biologists and chemists have had decades of experience working with dangerous substances, and it is only prudent to build on their experience. Obviously, the analogy breaks down after a certain point, but there were a number of things to be learned about laboratory access, operation, and personnel training.

Since the contagions of concern in the computer virus lab are electronic, we had to add a number of provisions with respect to media handling, and any means of electronic transmission, both wired and wireless. Our initial thought was to let students bring media into the lab, so long as it was not brought out again, to allow material researched on the Internet to be brought in, but after negative reviewer feedback we scrapped this idea. Printouts were also contentious, in two ways: first, that we were allowing them to be made at all; second, how they were to be handled by students. We eventually clarified the protocol to specify how printouts should be handled, but still allowed them to be made – at the very least, printouts can be useful for debugging purposes.

VIPRE highlights
VIPRE is a high performance application that doesn’t slow down your computer like older, traditional, antivirus products. It is low on system resources and optimizes your overall PC user experience. VIPRE is also the first consumer security product to introduce the concept of “home site licensing”. VIPRE is a completely new product that combines antispyware, antivirus, anti-rootkit, and other technologies into a seamless, tightly-integrated product that offers you the most powerful protection against today’s highly complex malware threats by means of system scans, real-time monitoring with Active Protection™, email protection, and threat data integration.

System scans
Proprietary antivirus and antispyware detection engine uses all-new technology At VIPRE’s core is an antivirus and antispyware engine that merges the detection of all types of malware into a single efficient and powerful system. The new technology was developed exclusively by Sunbelt, without building on older generation antivirus engines.

INTRODUCTION
A worm attacks vulnerable computer systems and employs self-propagating method to flood the Internet rapidly Worms, such as Code Red [10], Slammer [9], and Witty [17], have infected hundreds of thousands of hosts and become a significant threat to network security and management. It is therefore of great importance for defenders to characterize the spread of worms that employ distinct scanning methods and to study countermeasures accordingly.

Different scanning methods have been employed by previous worms. For instance, Morris worm used topological scanning that relies on the information contained in the victim
host to find new targets. Code Red v2 and Slammer worms employed random scanning that selects targets randomly. Code Red II and Nimda worms exercised localized scanning that preferentially searches for targets on the “local” address space.

Introduction and Motivation
In recent years, a series of Internet worms has exploited the confluence of the relative lack of diversity in system and server software run by Internet-attached hosts, and the ease with which these hosts can communicate. A worm program is self-replicating: it remotely exploits a software vulnerability on a victim host, such that the victim becomes infected, and itself begins remotely infecting other victims. The severity of the worm threat goes far beyond mere inconvenience. The total cost of the Code Red worm epidemic, as measured in lost productivity owing to interruptions in computer and network services, is estimated at $2.6 billion [7].

Content Filtering
We consider two schemes analyzed by Moore et al. “Requirements for Containing Self-Propagating Code”
Content filtering—Idea is that worm packets look a lot alike. One can find
signatures based on hashes of packet content to recognize I’m told that actual commercial products exist that do this Our model : after a delay T0, worm scans are recognized by packet content.
Filters at local network boundaries protect those networks. Fraction fopen of hosts have “open path” to attack still.
Phase I – the worm spreads before detection.
Phase II – the susceptible population drops from s(T0) to
(1 – fopen) × s(T0), dynamics otherwise are the same.

Address Blacklisting
Address Blacklisting—likely infected hosts are added to blacklists. Fraction fopen hosts remain unprotected.
Our model :
Detection delay T0 of infected host, detection framework started at time
D0
Phase I—original spreading dynamics
Phase II—At time D0 + T0 blacklisting takes effect. Split populations into
that which is covered by blacklisting (sp) and that which is unprotected
(su): At time D0 + T0: