网络工程论文中英文对照外文翻译文献

Computer Viruses

What are computer viruses?

According to Fred Cohen’s well-known definition, a computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a “virus”. However, Cohen uses the terms within his definition (e.g. “program” and “modify”) a bit differently from the way most anti-virus researchers use them, and classifies as viruses some things which most of us would not consider viruses.

Computer viruses are bits of code that damage or erase information, files, or software programs in your computer, much like viruses that infect humans, computer viruses can spread, and your computer can catch a virus when you download an infected file from the Internet or copy an infected file from a diskette. Once the viruses is embedded into your computer’s files, it can immediately start to damage or destroy information, or it can wait for a particular date or event to trigger its activity.

What are the main types of viruses?

Generally, there are two main classes of viruses. The first class consists of the file Infectors which attach themselves to ordinary program files. These usually infect arbitrary .COM and/or .EXE programs, though some can infect any program for which execution is requested, such as .SYS,.OVL,.PRG,&.MNU files.

File infectors can be either direct action or resident. A direct-action virus selects one or more other programs to infect each other time the program which contains it is executed ,and thereafter infects other programs when “they” are executed (as in the case of the Jerusalem) or when certain other conditions are fulfilled. The Vienna is an example of a direct-action virus. Most other viruses are resident.

The second class is system or boot-record infectors: those viruses, which infect executable code, found in certain system areas on a disk that are not ordinary files. On DOS systems, there are ordinary boot-sector viruses, which infect only the DOS boot sector on diskettes. Examples include Brain, Stoned, Empire, Azusa, and Michelangelo. Such viruses are always resident viruses.

Finally, a few viruses are able to infect both (the Tequila virus is one example). There are often called “multipartite” viruses, though there has been criticism of this name; another name is “boot-and -file” virus.

File system or cluster viruses (e.g. Dir-II) are those that modify directory table entries so that the virus is loaded and executed before the desired program is. Note that the program itself is not physically altered; only the directory entry is. Some consider these infectors to be a third category of viruses, while others consider them to be a sub-category of the file infectors.

What are macro viruses?

Many applications provide the functionality to create macros. A macro is a series of commands to perform some application-specific task. Macros are designed to make life easier, for example, to perform some everyday tasks like text-formatting or spreadsheet calculations.

Macros can be saved as a series of keystrokes (the application record what keys you press); or they can be written in special macro languages (usually based on real programming languages like C and BASIC). Modern applications combine both approaches; and their advanced macro languages are as complex as general purpose programming languages. When the macro language allows files to be modified, it becomes possible to create macros that copy themselves from one file to another. Such self-replicating macros are called macro viruses.

Most macro viruses run under Word for Windows. Since this is a very popular word processor, it provides an effective means for viruses to spread. Most macro viruses are written using the macro language WordBasic. WordBasic is based on the good old BASIC programming language. However, it has many (hundreds of) extensions (for example, to deal with documents: edit, replace string, obtain the name of the current document, open new window, move cursor, etc.).

What is a Trojan horse program?

A type of program that is often confused with viruses is a ‘Trojan horse’ program. This is not a virus, but simply a program (often harmful) that pretends to be something else.

For example, you might download what you think is a new game; but when you run it, it deletes files on your hard drive. Or the third time you start the game, the program E-mail your saved passwords to another person.

Note: simply download a file to your computer won’t activate a virus or Trojan horse; you have to execute the code in the file to trigger it. This could mean running a program file, or opening a Word/Excel document in a program (such as Word or Excel) that can execute any macros in the document.

What kind of files can spread viruses?

Viruses have the potential to infect any type of executable code, not just the files that are commonly called “program files”. For example, some viruses infect executable code in the boot sector of floppy disk or in system areas of hard drives. Another type of virus, known as a “macro” virus, can infect word processing and spreadsheet documents that use macros. And it’s possible for HTML documents containing JavaScript or other types of executable code to spread viruses or other malicious code.

Since viruses code must be executed to have any effect, files that the computer treats as pure data are safe. This includes graphics and sound files such as .gif, .jpg, .mp3, .wav, .etc., as well as plain text in .txt files. For example, just viewing picture files won’t infect your computer with a virus. The virus code has to be in a form, such as an .exe program file or a Word .doc file which the computer will actually try to execute.

How do viruses spread?

The methodology of virus infection was pretty straightforward when first computer viruses such as Lehigh and Jerusalem started appearing. A virus is a small piece of computer code, usually form several bytes to a few tens of bytes, that can do, well, something unexpected. Such viruses attach themselves to executable files— programs, so that the infected program, before proceeding with whatever tasks it is supposed to do, calls the virus code. One of the simplest ways to accomplish that is to append the virus code to the end of the file, and insert a command to the beginning of the program file that would jump right to the beginning of the virus code. After the virus is finished, it jumps back to the point of origination in the program. Such viruses were very popular in the late eighties. The earlier ones only knew how to attach themselves to .Com files, since structure of a .COM file is much simpler than that of an .EXE file—yet another executable file format invented for MS-DOS operating system. The first virus to be closely studied was the Lehigh virus. It attached itself to the file that was loaded by the system at boot time—COMMAND.COM. the virus did a lot of damage to its host, so after three-four replications it was no longer usable. For that reason, the virus never managed to escape the university network.

When you execute program code that’s infected by a virus, the virus code will also run and try to infect other programs, either on the same computer or on other computers connected to it over a network. And the newly infected programs will try to infect yet more programs.

When you share a copy of an infected file with other computer users, running the file may also infect their computer; and files from those computers may spread the infection to yet more computers.

If your computer if infected with a boot sector virus, the virus tries to write copies of itself to the system areas of floppy disks and hard disks. Then the infected floppy disks may infect other computers that boot from them, and the virus copy on the hard disk will try to infect still more floppies.

Some viruses, known as ‘multipartite’ viruses, and spread both by infecting files and by infecting the boot areas of floppy disks.

What do viruses do to computers?

Viruses are software programs, and they can do the same things as any other program running on a computer. The accrual effect of any particular virus depends on how it was programmed by the person who wrote the virus.

Some viruses are deliberately designed to damage files or otherwise interfere with your computer’s operation, while other don’t do anything but try to spread themselves around. But even the ones that just spread themselves are harmful, since they damage files and may cause other problems in the process of spreading.

Note that viruses can’t do any damage to hardware: they won’t melt down your CPU, burn out your hard drive, cause your monitor to explode, etc. warnings about viruses that will physically destroy your computer are usually hoaxes, not legitimate virus warnings.

Modern viruses can exist on any system form MS DOS and Window 3.1 to MacOS, UNIX, OS/2, Windows NT. Some are harmless, though hard to catch. They can play a jingle on Christmas or reboot your computer occasionally. Other are more dangerous. They can delete or corrupt your files, format hard drives, or do something of that sort. There are some deadly ones that can spread over networks with or without a host, transmit sensitive information over the network to a third party, or even mess with financial data on-line.

What’s the story on viruses and E-mail?

You can’t get a virus just by reading a plain-text E-mail message or Usenet post. What you have to watch out for are encoded message containing embedded executable code (i.e., JavaScript in HTML message) or message that include an executable file attachment (i.e., an encoded program file or a Word document containing macros).

In order to activate a virus or Trojan horse program, you computer has to execute some type of code .This could be a program attached to an E-mail, a Word document you downloaded from the Internet, or something received on a floppy disk. There’s no special hazard in files attached to Usenet posts or E-mail messages: they’re no more dangerous than any other file.

What can I do to reduce the chance of getting viruses from E-mail？

Treat any file attachments that might contain executable code as carefully as you would any other new files: save the attachment to disk and then check it with an up-to-date virus scanner before opening the file.

If you E-mail or news software has the ability to automatically execute JavaScript, Word macros, or other executable code contained in or attached to a message, I strongly recommend that you disable this feature.

My personal feeling is that if an executable file shows up unexpectedly attached to an E-mail, you should delete it unless you can positively verify what it is, Who it came from, and why it was sent to you.

The recent outbreak of the Melissa virus was a vivid demonstration of the need to be extremely careful when you receive E-mail with attached files or documents. Just because an E-mail appears to come from someone you trust, this does NOT mean the file is safe or that the supposed sender had anything to do with it.

Some General Tips on Avoiding Virus Infections

1. Install anti-virus software from a well-known, reputable company. UPDATE it regularly, and USE it regularly.

New viruses come out every single day; an a-v program that hasn’t been updated for several months will not provide much protection against current viruses.

2. In addition to scanning for viruses on a regular basis, install an ‘on access’ scanner (included in most good a-v software packages) and configure it to start automatically each time you boot your system. This will protect your system by checking for viruses each time your computer accesses an executable file.

3. Virus scans any new programs or other files that may contain executable code before you run or open them, no matter where they come from. There have been cases of commercially distributed floppy disks and CD-ROMs spreading virus infections.

4. Anti-virus programs aren’t very good at detecting Trojan horse programs, so be extremely careful about opening binary files and Word/Excel documents from unknown or ‘dubious’ sources. This includes posts in binary newsgroups, downloads from web/ftp sites that aren’t well-known or don’t have a good reputation, and executable files unexpectedly received as attachments to E-mail.

5. Be extremely careful about accepting programs or other flies during on-line chat sessions: this seems to be one of the more common means that people wind up with virus or Trojan horse problems. And if any other family members (especially younger ones) use the computer, make sure they know not to accept any files while using chat.

6. Do regular backups. Some viruses and Trojan horse programs will erase or corrupt files on your hard drive and a recent backup may be the only way to recover your data.

Ideally, you should back up your entire system on a regular basis. If this isn’t practical, at least backup files you can’t afford to lose or that would be difficult to replace: documents, bookmark files, address books, important E-mail, etc.

Dealing with Virus Infections

First, keep in mind “Nick’s First Law of Computer Virus Complaints”:

“Just because your computer is acting strangely or one of your programs doesn’t work right, this does not mean that your computer has a virus.”

1. If you haven’t used a good, up-to-date anti-virus program on your computer, do that first. Many problems blamed on viruses are actually caused by software configuration errors or other problems that have nothing to do with a virus.

2. If you do get infected by a virus, follow the direction in your anti-virus program for cleaning it. If you have backup copies of the infected files, use those to restore the files. Check the files you restore to make sure your backups weren’t infected.

3. for assistance, check the web site and support service for your anti-virus software.

Note: in general, drastic measures such as formatting your hard drive or using FDISK should be avoided. They are frequently useless at cleaning a virus infection, and may do more harm than good unless you’ re very knowledgeable about the effects of the particular virus you’re dealing with.

计算机病毒

什么是计算机病毒？

按照Fred Cohen的广为流传的定义，计算机病毒是一种侵入其他计算机程序中的计算机程序，他通过修改其他的程序从而将（也可能是自身的变形）的复制品嵌入其中。注意一个程序之所以成为“病毒”，并非一定要起彻底的破坏作用（如删除或毁坏文件）。然而，Cohen在他的定义（即“程序”和“修改”）中使用的“病毒”这个术语与大多数反病毒研究人员使用的“病毒”术语有些差别，他把一些我们多数人认为不是病毒的东西也归类为病毒。

计算机病毒是一些能破坏或删除计算机中的信息、文件或程序的代码。正如感染人体的病毒一样，计算机病毒能够扩散。当你的计算机从互联网上下载一个被感染的文件，或者从磁盘上复制一个被感染的文件时，你的计算机就会染上病毒。而一旦病毒进入到你的计算机文件中，它就能马上破坏或摧毁其中的信息，或者等到某个特殊的日期或事件来临时才触发其破坏活动。

个人计算机病毒主要有哪些类型？

一般来说，主要存在着两类计算机病毒。第一类由文件感染型病毒组成，他们将自身依附在普通的程序文件上。这些病毒通常感染任意的.COM和/或EXE文件，尽管有些也感染具有执行功能的文件，如.SYS，.OVL，.PRG和.MNU文件.

文件感染型病毒又可分为“立即执行型”和“驻留型”。立即执行型病毒在含有它的程序每次执行是都对其他的一个或多个文件进行感染，而驻留型病毒在被感染的程序第一次执行时先将自己隐藏在内存中的某个地方，以后当其他程序执行或当某些其他程序特定条件满足时就对它们进行感染（就像耶路撒冷病毒一样）。维也纳病毒是立即执行型病毒的一个例子，大多数其他病毒则是驻留型病毒。

第二类病毒是系统病毒或引导区记录感染型病毒，这些感染可执行代码的病毒出现在磁盘的某些系统区中，而不是普通文件中。在DOS系统中，常见的引导扇区病毒和主引导记录病毒，前者只感染DOS引导扇区，后者感染硬盘的主引导记录和软盘的DOS引导扇区。第二类病毒的例子包括大脑病毒、大麻病毒、帝国病毒、Azusa以及米开郎基罗病毒等，此类病毒通常为驻留型病毒。

另外，有些病毒能感染上述两种对象（如蒸馏酒病毒就是一个例子），这些病毒常称为“多成分”病毒（尽管这个名字曾遭到过批评），它们的另一个名字是“引导区和文件型”病毒。

文件系统型病毒或“簇”病毒（如Dir-II病毒）是那种修改文件目录表项并且在文件装入、执行前就被装入和执行的病毒。注意，程序本身实际上并没有被修改，只是目录项被修改。有些人把这种感染型病毒看作是第三类病毒，而另一些人把它看作是文件感染型病毒的子类。

什么是宏病毒？

许多应用程序都提供了创建宏的功能。宏是一个完成特定应用任务的命令序列。设计宏的目的是使诸如文本格式化或电子表格计算这样的日常工作更为简单。

宏可以保存成一系列击键（即应用程序记录你按了哪些键），或者它们能够用某些特殊的宏语言像通用程序设计语言一样复杂。当宏语言允许文件被修改时，就有可能建立能将自身从一个文件复制到另一个文件上的宏。这种具有自复制功能的宏称作宏病毒。

大多数的宏病毒都是在Windows的Word软件中运行的，因为Word是一种流行的字处理器，它为病毒的扩散提供了有效的途径。大部分的宏病毒是用WordBasic宏语言编写的。WordBasic基于以前的性能良好的BASIC编程语言，然而它有很多（几百种）扩展功能（如下列文件处理功能：编辑、替换字符串、获取当前文档的名字、打开一个新的窗口、移动光标等）。

什么是特洛伊木马程序?

通常与病毒想混淆的一种程序是特洛伊木马程序.。它不是病毒，仅仅是扮作其他东西的程序（常常是有害的）。

例如，你可能下载了你认为是新游戏的东西，但当你运行它时，它删除了你硬盘上的文件。或者当你第三次运行该游戏时，该程序把你保存了的密码发送给其他人。

注意：仅仅把一个文件下载到你计算机不会激活病毒或特洛伊木马程序。你必须执行文件中的代码才能出触发它。这意味着运行一个程序文件或打开一个可以执行文档中的宏的程序（如Word或Excel）中的Word/Excel文档。

哪些文件可以传播计算机病毒？

计算机病毒有感染任何可执行代码的潜力，不仅仅是通常叫做“程序文件”的文件。例如，某些计算机病毒感染软盘引导区或硬盘系统区域的可执行代码。另外有一种叫做“宏”

的计算机病毒，可以感染使用宏的字处理程序和电子表格程序。包括JavaScript和其他可执行类型代码的HTML文档也可能传播计算机病毒或其他恶意代码。

因为计算机病毒代码必须被执行才能实现任何感染，所以被计算机当作纯数据的文件是安全的。这包括.gif、.jpg、.mp3、.wav等图形和声音文件，也包括以.txt为扩展名的简单文本文件。例如，只查看图片不会使计算机感染病毒。病毒代码必须存在于一个形式中，像计算机实际上可执行的.exe程序文件或Word和.doc文件。

计算机病毒是如何传播的？

当初的病毒（如Lehigh and Jerusalem病毒）开始出现的时候，病毒感染的的方法是非常直截了当的。一个病毒是一小段计算机代码，通常是几个到几十个字节，它们能做一些意想不到的事情。比如，这些病毒将自身依附到可执行文件（即程序）上面，这样，被感染的程序在执行它自身的任务前首先调用病毒代码。实现这种目的的一个最简单的方法是将病毒代码附加文件的尾部，并且在程序文件的开头处插入一条命令，使得控制正好能跳到病毒代码的开始处，在病毒代码被执行完以后，控制又跳回到程序的初始点。这种病毒在80年代后期很常见。早期的病毒只知道附加到.COM文件上，因为他的结构比MS-DOS操作系统的另一种可执行文件格式——.EXE文件更简单。第一个被人们深入研究的病毒是Lehigh病毒，它把自身附加到启动时由系统装入的文件COMMAND.COM中。病毒对宿主程序能带来很多破坏，因为这些程序在经过三、四次复制以后就不可再使用。正因如此，病毒无法从大学的网络上消除干净。

当你执行一个感染了病毒的程序代码时，病毒程序也将进行并试图感染本计算机过通过网络相连的其他计算机上的其他程序。最新感染的程序将试图感染更多的程序。

当你与其他计算机用户共享一个感染文件的拷贝时，运行该文件也可以感染他们的计算机。并且，这些计算机中的文件也可能把病毒传染给更多的计算机。

如果你的饿计算机已经感染了引导区病毒，该病毒试图把自身的拷贝写到软盘的系统区域。然后，感染了的软盘可能感染用它们引导的其他计算机，而硬盘上的病毒拷贝将试图感染更多的软盘。

一些病毒，也叫做“多部分”病毒，既可以通过感染可以通过感染软盘的引导扇区来传播。

计算机病毒对计算机做什么？

病毒是软件程序，它所做的事情与计算机上运行的任何其他程序所做的事情相同。任何一个特别病毒的实际效果取决于编写病毒的程序员是如何编写的。

有些病毒有意设计为损坏文件和妨碍计算机的运行，也有一些病毒只传播自己而不做其他任何事情。但即便只传播自己的病毒也是有害的，因为它们在传播过程中损坏文件，还可能引起其他问题。

注意病毒不会对硬件造成任何损坏：它们不会彻底损坏你的CPU，也不会烧坏你的硬盘，引起你的显示器爆炸等。关于病毒将物理上破坏你的计算机的警告通常是恶作剧，不是合理的病毒警告。

现代病毒能够存在于从MS DOS 、Windows 3.1到 MacOS、 UNIX、 OS/2、 Windows NT等各种系统上。有些尽管难以发现，但却是无害的，它们知识偶尔在圣诞节产生叮当声或重新启动你的系统；另一些病毒却是有害的，它们能够删除或破坏你的文件、格式化硬盘或者做一些其他的事情；还有一些是致命的病毒，它们能随或不随宿主程序在网上传播，通过网络向第三方式从敏感的信息，或者甚至搞乱即时财经数据。

关于病毒和电子邮件有什么误解？

仅仅阅读一个纯文本的电子邮件或Usenet邮件不可能得到一个病毒。你必须警惕的是那些包含了可执行代码的编程消息（例如一个HTML消息中的JavaScript）或包含一个可执行文件附件的消息（例如一个编码程序文件或包含宏的Word文档）。

要激活病毒或特洛伊木马程序，你的计算机必须执行某种代码。这可能是附在电子邮件的程序、从因特网下载的Word文档或从软盘上接受的某些东西。附加在Usenet邮件或电子邮件消息的文件并不特别危险：它们并不比其他文件更危险。

怎样减少从电子邮件感染病毒的机会？

像对待任何其他新文件一样小心对待可能包含可执行代码的任一文件附件：把附件保存到磁盘上，在运行该文件之前，先用更新过的病毒扫描检查它。

如果你的电子邮件或新软件有能力自动执行JavaScript、Word宏或其他包括在消息中或附加在消息中的可执行代码 ，建议关闭这一功能。

如果一个电子邮件令人意外地出现一个可执行文件，除非你确实核实了它是什么、从谁那里来、为什么要发给你，否则删除它。

最近爆发的美丽杀病毒就是一个活生生的范例，说明当你接收到带附加文件过文档时要特别小心。只因为一个电子邮件来自你信任的某人，并不意味着该文件就是安全的或假定的发送者与此有任何关系。

避免病毒感染的一些普通技巧？

1． 安装著名公司的防病毒软件，定期升级定期使用。

新的计算机病毒每天都可能到来。几个月不升级的病毒软件面对当前的病毒不能提供什么保护。

2． 要定期扫描病毒，除此之外安装“访问时”扫描程序（大部分好的防病毒软件包中都有），并把它们配置为每次开机时自动启动。这将通过每次访问可执行文件就自动检查病毒来保护你的系统。

3． 在打开或执行一个新程序或其他包含可执行代码的文件之前，先进行病毒扫描，无论它们来自哪里。也有出售的软盘和CD-ROM光盘传播病毒的情况。

4． 防病毒程序不能很好地检查特洛伊木马程序，所以当打开来自不知道的或“不确定的”源的二进制文件和Word/Excel文档是要特别小心。这包括：二进制新闻组的邮件、来自不著名或良好声誉的Web/ftp网站的下载、收到意外的作为电子邮件附件的可执行文件。

5． 在联网聊天时接收到的程序其他文件要特别小心：这似乎是人们感染计算机病毒或惹上特洛伊木马麻烦的更普遍的途径之一。如果任何一个家庭成员（特别是年轻人）使用了计算机，一定要让他们知道聊天时不能接收任何文件。

6． 定期备份。某些病毒或特洛伊木马程序会删除和破坏硬盘上的文件，而最近的备份也许是恢复数据的唯一途径。

理想的情况是，定期备份整个系统。如果做不到，至少要备份不能承受丢失或难以替代的文件：文档、书签文件、地址薄、重要的电子邮件等。

处理病毒感染

首先，谨记“计算机病毒症的尼克第一定律”：

“仅仅因为你的计算机表现奇怪或一个程序不能正常工作，这并不意味着你的计算机有了病毒。”

1． 如果你的计算机没有使用好的、升级过的防病毒程序，先做这件事吧。许多归咎于病毒的问题实际上是由软件配置错误或其他与病毒无关的问题引起的。

2． 如果你被计算机病毒感染了，按照你恢复的文件的说明来清除它。如果备份了被感染的文件，用防病毒软件来恢复它。检查你恢复的文件确保你的备份没有被感染。

3． 要寻求帮助，请查看网站及防病毒软件的支持服务。

注意：一般来说，应该避免使用像格式化硬盘或用FDISK这样的过激措施。这常常对清除病毒感染无效，并且弊大于利，除非你对处理的病毒非常了解。

网络工程论文中英文对照外文翻译文献