CSIT 534 Operating System (7)

INTERNET SECURITY, VIRUS & ANTIVIRUS

Trojan horses disguise themselves as valuable and useful software available for download on the Internet. They are programs that open a backdoor so the hacker can enter the client’s network at will.

Remote Access Trojans

Remote Access Trojans are the most frequently available ones. These give an attacker absolute control over the victim’s computers. The attacker can go through the files and access any personal information about the user that may be stored in the files, such as credit card numbers, passwords, and vital financial documents. A trojan horse is typically separated into two parts – a server and client. It is the client that is cleverly disguised as significant software and positioned in peer-to-peer file sharing networks or unauthorized download websites. Once the client Trojan executes on a computer, the attacker (i.e. the person running the server), has a high level of control over that computer, which can lead to destructive effects depending on the attacker’s purpose.

Password Sending Trojans

A Password Sending Trojan’s intention is to copy all the cached passwords, look for other passwords as they are keyed into a computer, and send them to particular email addresses. These actions are performed without the users’ awareness. Passwords for restricted websites, messaging services, FTP services, and email services come under direct threat with this kind of trojan.

Key Loggers

Key Loggers is a type of Trojan that logs victims’ keystrokes and sends the log files to the attacker. It then searches for passwords or other sensitive data in the log files. Most Key Loggers come with two functions, online and offline recording. Of course, they can be configured to send the log file to a specific email address on a daily basis.

Spyware is a program on the hard dirve that sends information about how you use a PC to marketers and advertisers. Antivirus software and firewalls do nothing to block spyware installed with a download that the user asks for. Spyware can be hidden under the Window’s Registry, where is harder to find.

Firewall manager software set up rules to filter out unwanted intrusions from internet. The firewall examines each packet, and if the outbound address of the data is on a list of banned internet locations it will block it. Another way to keep hacker out is all traffic thru a proxy file server, which examines all data based on the filtering rules and only forward packet obey the rules. Firewall manager also add the intrusions to a security log and reports to internet service provider or to helpdesk/IT staffs.

How Viruses Invade

Virus is created when a programmer intentionally infects a program or disk with computer code that has the capability to replicate itself, hide, watch for specific event to occur.

Boot record viruses target the master boot record. Program viruses look for executable .com and .exe program files and inserts its copy behind program header.

Memory resident virus can watch for attempts by antivirus software to find infected files and return phony information to hide from detection.

Viruses can traveler thru internet by email attachment or HTML hyperlink.

How Anti-virus Software Works

Anti-virus software inspects the master boot record, program files, and marco code for the present viruses. Signature scanners look at the contents of the boot record. Because stealth virus evades detection by signature scanners, heuristic detectors look for section of code triggered by time, routines to search for .COM and .EXE files, and disk writes that bypass the operation systems. To remove viruese in the memory, the software monitor all the modified program code, or programs that try to remain in memory after they are executed.

CSIT 534 Operating System (6)

NETWORK & INTERNET

To become part of a network, a PC uses a network interface (NIC) communicate signals pass from the PC’s RAM thru NIC to a LAN’s backbone. The NIC data can be sent along by cable or by wireless adaptor to the network. The most common network is Ethernet, which sends data from one node to another in packets format.

Packet format comes with Preamble, Destination Address, Source Address, Type, Data and CRC bits.

For a data or file travel thru a network, it must pass thru following layers to ensure the data gets throught intact and accurte

• Application layer converts a messages’s data nto bits and attaches a header to ID the sending and receiving computer
• Presentation layer translates data/file into ASCII code, compresses and encrypts the data as needed.
• Session layer set boundaries for beginning and end of the message and determine is half or full duplex.
• Transport layer protect the data and subdivides the data into segments and creates checksum test.
• Network layer selects a route for the message and forms segment into packets, count them and add header with address info.
• Data-link layer supervise the transmission. Keep a copy of each packet until it receive confirmation from next point.
• Physical layer encodes the packet into medium that will carry them (from digital to analog signal).

A net work uses hubs, switches and routers to move data to the right destination and to ward off intruders from the internet.

• Hubs – A hub receives incoming data packets from different nodes and places them into the memory buffer temporary if hub is busy with another packet.
• Switches – switch function is similar to hub but knows which of its connections lead to specific nodes.
• Routers - router function is similar to switch except that a router only delivery data to the specific address.

CSIT 534 Operating System (5)

HOW TRANSISTOR & MEMORY CARD WORKS (5)

Basically, the textbook did not well explain how transistor / flash memory works. I recommend all to read the presentation video from Sandisk Inc.

http://www.sandisk.com/business-solutions/ssd/movie-3-principles-of-flash-operation---flash-technology-tutorial-

CSIT 534 Operating System (4)

DATA STORAGE

RETRIEVING FILE FROM A DISK

When a user tries to open a file, the program call on its API and Window’s DLLs. Windows XP call on Installable File System (IFS) manager to pass control over to the appropriate file system driver (FSD) from one of the 4 storage systems (NRFS, VFAT, CDFS and Networks). Then the FSD get the disk location of the first cluster of the letter file from VFAT or from MFT (master file table). Finally the adapter take over, moving the read/write head to the correct series of disk cluster to retrieve he file and copied to the memory so the PC can work with it.

MIRROED DRIVE ARRAY (RAID)

As data integrity is more important than speed and there are only two hard drives, the best solution is mirrored drive array (RAID 1). Redundant array of independent drive (RAID) controller is to write every file to two or more drivers at the same time. A mirrored array can read the data twice faster as the controller reads alternate file cluster simultaneously. In case of a read failure, the controller simply reads the intact version of the file from the undamaged drive. If the damage is caused by a media defect, the controller automatically reads the data from the intact copy of the file on the other drive and writes it to a new, undamaged area on the drive where the defect occurred.

CSIT 534 Operating System (3)

WINDOWS OS

Window OS systems provide several files call DLLs (dynamic link libraries). These are collections of software code that perform common software functions. Its functions include displaying file open, file save, search and print dialog boxes. An application would like to take advantage of a DLL function first check with an API (application programming interface) to find out how to call the function. The application also passes along a specification for the type of information it expects the DLL to return to the application when the DLL has done its job. After all the function complete, the DLL puts the return information into memory and instruct Windows to remove the DLL routine from memory.

DATABASE

Database manager allow user to define a data type for the information that user would like to store. A record is a collection of data about a particular person, place or thing. The individual items are contained in fields. Several records with the same fields of information for entries constitute a table. Database manager carry out queries. These queries sort and filter the data to let the user see it from different perspective. Finally database manager present the data in a formatted, easy-to-read report. To create such report, the user need to storing data, creating indexes to allow fast sorting and relation in between fields so data from different table can be linked together.

CSIT 534 Operating System (2)

MICROPROCESSOR

CPU is composed of the ALU, accumulator and different kinds of registers (storage, address and general purpose) to process the data from instruction of the program. Dual core or multi core processors are designed for taking multi task works independently or corporately by combining with hyerthreading technology. Hyperthreading takes advantage of the fact that at any one time only part of a CPU’s computational power is being used. This means a dual core processor can simultaneously handle four threads or more if software and hardware are design for it.

PROGRAMMING LANGUAGE

Programs call interpreter and compliers translate commands written in higher level language in to machine language. Generally, complex software consists of one file that contains a master program- the kernel – surrounds by a collection of files that contain subprograms, or routines. The kernel call routines it need to perform certain task.

As a user types information into a program, it is stored as a variable. After a program has information in a variable, it can manipulate it with commands that perform mathematical operations on numbers or parse text string. Parsing is the joining, deletion, or extraction of some of the text characters to use them elsewhere in the program. When a variable is text, it is often called a string.

Interpreter and complier are both software programs that translate program source code that human understand into machine language.

CSIT 534 Operating System (1)

Boot-Up Process

Boot operation performs two major functions: One is Power on self test (POST) another one is search drives for an operation system. The most fundamental program from POST is Basic input / output system (BIOS), which will load the component records from CMOS and check all the associated hardwares such as CPU, memory, keyboard, hard drives to ensure system will work properly before boot – which is to transfer control of PC to the operation system.

As ROM BIOS tell CPU to execute a program from hard driver’s boot section. A specific code name NTLDR (NT LoaDeR), tell CPU where to find more code on the drive. In Window’s XP, this specific code is NTDETECT.com. NTDETECT displays the list onscreen and passes it along to the Window Registry, where other program have access to the information.

REGISTRY

Window Registry is a hierarchical database of configuration setting that controls all aspects of how Windows looks and works. At the very top of the Registry are five root keys that each control how Windows works.

• HKCR (Hkey Class Root) – root key contains information about file type
• HKCU (Hkey Current User) – control the settings of the user current logged into Windows
• HKLM (Hkey Local Machine) – contain information about the computer hardware and OS
• HKU (Hkey User) -- control the user-by-user settings Windows uses to display the Desktop
• HKCC (Hkey Current Config) – control configuration data of the current hardware profile.