Modern Operating Systems by Herbert Bos ...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Showing 718 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 718
SEC. 9.10
In addition to stateless firewalls, there are also
stateful firewalls
, which keep
track of connections and what state they are in. These firewalls are better at defeat-
ing certain kinds of attacks, especially those relating to establishing connections.
Yet other kinds of firewalls implement an
Intrusion Detection System
), in
which the firewall inspects not only the packet headers, but also the packet con-
tents, looking for suspicious material.
Software firewalls, sometimes called
personal firewalls
, do the same thing as
hardware firewalls, but in software. They are filters that attach to the network code
inside the operating system kernel and filter packets the same way the hardware
firewall does.
9.10.2 Antivirus and Anti-Antivirus Techniques
Firewalls try to keep intruders out of the computer, but they can fail in various
ways, as described above.
In that case, the next line of defense comprises the anti-
malware programs, often called
antivirus programs
, although many of them also
combat worms and spyware. Viruses try to hide and users try to find them, which
leads to a cat-and-mouse game. In this respect, viruses are like rootkits, except that
most virus writers emphasize rapid spread of the virus rather than playing hide-
and-seek down in the weeds as rootkits do. Let us now look at some of the techni-
ques used by antivirus software and also how Virgil the virus writer responds to
Virus Scanners
Clearly, the average garden-variety user is not going to find many viruses that
do their best to hide, so a market has developed for antivirus software. Below we
will discuss how this software works. Antivirus software companies have laborato-
ries in which dedicated scientists work long hours tracking down and under-
standing new viruses. The first step is to have the virus infect a program that does
nothing, often called a
goat file
, to get a copy of the virus in its purest form. The
next step is to make an exact listing of the virus’ code and enter it into the database
of known viruses. Companies compete on the size of their databases.
new viruses just to pump up your database is not considered sporting.
Once an antivirus program is installed on a customer’s machine, the first thing
it does is scan every executable file on the disk looking for any of the viruses in the
database of known viruses. Most antivirus companies have a Website from which
customers can download the descriptions of newly discovered viruses into their
databases. If the user has 10,000 files and the database has 10,000 viruses, some
clever programming is needed to make it go fast, of course.
Since minor variants of known viruses pop up all the time, a fuzzy search is
needed, to ensure that a 3-byte change to a virus does not let it escape detection.
However, fuzzy searches are not only slower than exact searches, but they may turn

Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades

Students also viewed documents