McAfee virusscan 4.5 Guia Do Utilizador
Administrator’s Guide
vii
Preface
Anti-virus protection as information security
“The world changed [on March 26, 1999]—does anyone doubt that? The world
is different. Melissa proved that ... and we are very fortunate ... the world
could have gone very close to meltdown.”
could have gone very close to meltdown.”
—Padgett Peterson, Chief Info Security Architect, Lockheed Martin Corporation,
on the 1999 “Melissa” virus epidemic
By the end of the 1990s, many information technology professionals had
begun to recognize that they could not easily separate how they needed to
respond to new virus threats from how they already dealt with deliberate
network security breaches. Dorothy Denning, co-editor of the 1998 computer
security handbook Internet Besieged: Countering Cyberspace Scofflaws, explicitly
grouped anti-virus security measures in with other network security
measures, classifying them as a defense against malicious “injected code.”
begun to recognize that they could not easily separate how they needed to
respond to new virus threats from how they already dealt with deliberate
network security breaches. Dorothy Denning, co-editor of the 1998 computer
security handbook Internet Besieged: Countering Cyberspace Scofflaws, explicitly
grouped anti-virus security measures in with other network security
measures, classifying them as a defense against malicious “injected code.”
Denning justified her inclusive grouping on based on her definition of
information security as “the effective use of safeguards to protect the
confidentiality, integrity, authenticity, availability, and non-repudiation of
information and information processing systems.” Virus payloads had always
threatened or damaged data integrity, but by the time she wrote her survey
article, newer viruses had already begun to mount sophisticated attacks that
struck at the remaining underpinnings of information security. Denning’s
classification recognized that newer viruses no longer merely annoyed system
administrators or posed a relatively low-grade threat; they had in fact
graduated to become a serious hazard.
information security as “the effective use of safeguards to protect the
confidentiality, integrity, authenticity, availability, and non-repudiation of
information and information processing systems.” Virus payloads had always
threatened or damaged data integrity, but by the time she wrote her survey
article, newer viruses had already begun to mount sophisticated attacks that
struck at the remaining underpinnings of information security. Denning’s
classification recognized that newer viruses no longer merely annoyed system
administrators or posed a relatively low-grade threat; they had in fact
graduated to become a serious hazard.
Though not targeted with as much precision as an unauthorized network
intrusion, virus attacks had begun to take on the color of deliberate
information warfare. Consider these examples, many of which introduced
quickly-copied innovations to the virus writer’s repertoire:
intrusion, virus attacks had begun to take on the color of deliberate
information warfare. Consider these examples, many of which introduced
quickly-copied innovations to the virus writer’s repertoire:
• W32/CIH.Spacefiller destroyed the flash BIOS in workstations it infected,
effectively preventing them from booting. It also overwrote parts of the
infected hard disk with garbage data.
infected hard disk with garbage data.
• XM/Compat.A rewrote the data inside Microsoft Excel spreadsheet files. It
used advanced polymorphic concealment techniques, which meant that
with each infection it changed the signature bytes that indicated its
presence and allowed anti-virus scanners to find it.
with each infection it changed the signature bytes that indicated its
presence and allowed anti-virus scanners to find it.