MS-DOS işletim sistemi ve bilgisayar virüsleri

Abstract

MS-DOS işletim sisteminin genel hatları ve özellikleri PC kullanıcıları tarafından az veya çok bilinmektedir. Bu önemli nokta göz önünde tutularak, çalışmamızın bir MS- DOS el kitabı hüviyetini kazanması daha baştan bir hedef olarak düşünülmemiştir. Bu çalışmanın asıl gayesi, MS-DOS işletim sisteminin teknik yapısına göreceli olarak daha fazla nüfuz ederek, bilgisayar virüslerinin bu teknik olanaklardan ne şekilde yararlanıp sözü edilen işletim sistemi altında nasıl bir yol izleyerek yayıldıklarını incelemek olmuştur. Çalışmanın ikinci ve üçüncü bölümleri bilgisayarın iç çalışmasının anlaşılmasında önemli açıklamalar getirmektedir. Dördüncü bölüm diskin esaslarını ve DOS' un diske bakış açısını açıklamaya çalışmaktadır. Beşinci ve altıncı bölümler DOS işletim sisteminin yapısıyla ilgili ayrıntılı açıklamalar sunmaktadır. Yedinci bölümden itibaren başlayan bilgisayar virüsleri problemi onbirinci bölümde son bulmaktadır. Bu bölüm ve bunu izleyen bölümlerde bilgisayar virüslerin yapı sı, DOS ortamından nasıl yararlandıkları ve bu ortama hangi teknikleri kullanarak girdikleri açıklanmaya çalışılmıştır. Onuncu bölümde karşıtvirüs metodları verilmektedir. Bu metodların uygulanması virüs istilâsını önemli ölçüde engelleyecektir. Nihayet onbirinci bölümde sisteme girmeyi başarmış virüslerin teşhis edilişleri ve sistemden uzaklaştırmaları konusu ele alınmıştır.

Genealogy of MS-DOS MS-DOS is an operating system that is rapidly evolving Due largely to its adoption by IBM, and to the enormous wa ve of third-party software that followed the success of the IBM PC, MS-DOS has become the dominant operating system for personal computers that use the Intel 8086 family of mic roprocessors. The progenitor of MS-DOS was an operating system cal led 86-DOS, which was written by Tim Paterson for Seattle Computer Products in mid-1980. At that time, Digital Re search's CP/M-80 was the operating system most commonly u- sed on microcomputers, and a decent though not extensive range of application software (word processors, database managers, and so forth) was available for use with it. In order to ease the process of porting 8-bit CP/M-80 appli cations into the new 16-bit environment, 86-DOS was ori ginally designed to mimic CP/M-80 in both functions avai lable and style of operation. Consequently, the structu res of 86-DOS' s file control blocks, program segment pre fixes, and executable files were nearly identical to those of CP/M-80. Existing CP/M programs could be converted me chanically (by processing their source-code files through a special translator program) and, after conversion, would run under 86-DOS either immediately or with very little hand editing. In October 1980, IBM approached the major microcompu ters-software houses in search of an operating system for the new line of personal computers it was designing. - X - Microsoft had no operating system of its own to of fer (other than a stand-alone version of Microsoft BASIC), but paid a fee to Seattle Computer Products for the right to sell Pater- son' s 86-DOS. (At that time, Seattle Computer Products re ceived a license to use and sell Microsoft? s operating sys tem.) In July 1981, Microsoft purchased all rights to 86- DOS, made substantial alterations to it, renamed it MS-DOS. V/hen the first IBM PC was released in the fall of 1981, IBM offered MS-DOS (referred to as PC-DOS 1.0) as its primary operating system. In spite of some similarities to its ancestor CP/M-80, MS-DOS version 1.0 contained a number of improvements over CP/M, including: D An improved disk-directory structure that inclu ded information about a file's at tributes (such as whether it was a system or hidden file), its exact size in bytes, and the date that the file was crea ted or last modified. >*r>- D A superior disk-space allocation and management and method, allowing extremely fast sequential or random record access and program loading. Q An expanded set of operating- system services, in cluding hardware-independent function calls to set or read the date and time, a filename parser multiple-block record I/O, and variable record sizes. D An AUTOEXEC batch file to open user-defined se ries of commands when the system was powered up or reset. IBM was the only major computer manufacturer (sometimes referred to as OEM, for original equipment manufacturer) to ship MS-DOS version 1.0 (as PC-DOS 1.0) with its products. MS-DOS version 1.25 (equivalent to IBM PC-DOS 1.1) was re leased in June 1982 to fix a number of bugs, and also to T Xi - support double-sided disks and improved hardware indepen dence in the DOS kernel. This version was shipped by se veral vendors besides IBM, including Texas Instruments, Compaq, and Columbia, who all entered the personal -compu ter market early. Today, due mainly to the increasing prevalence of hard-disk-based systems, MS-DOS version 1 is no longer in common use. MS-DOS version 2.0 was first released in March 1983. It was, in retrospect, a totally new operating system ( though great care was taken to maintain compatibility with MS-DOS version 1.0). It contained many significant inno vations and enhanced features, including: D Support for both larger-capacity flexible disks and hard disks. Q Many UNIX-like features, including a hierarchi cal file structure, file handles, I/O redirec tion, pipes, and filters. D Background printing (print spooling) G Volume labels, plus additional file attributes. D Installable device drivers ? A user-customizable system-configuration file that controlled the loading of additional devi ce drivers, the number of disk buffers, and so forth. D Maintenance of program environment blocks that could be used to pass informations between prog rams. Q An optional ANSI display driver that allowed programs to position the cursor and control dis play characteristics in a hardware-independent manner ? Support for the dynamic allocation, modifica tion, and release of memory blocks by applica tion programs. -.xil - D Support for customized user command interpreters (shells) Q System tables to assist application software in modifying its currency, time, and date formats. MS-DOS version 3.0 was first introduced by IBM in Au gust 1984, with the release of the 80286-based PC/AT machi nes, it includes the following features: D Direct control of the print spooler by applica tion software. ? Further expansion of international support over version 2.11 ? Extended error reporting, including a code that suggests a recovery strategy to the calling prog ram. O Support for file and record locking and sharing facilitaring the creation of networked applica tions. D Support for larger hard disks. By mid-1986, Microsoft had released MS-DOS version 3.2, to support 3.5" floppy disks and to integrate format ting into the peripheral device driver.! 1] With the introduction of MS-DOS version 4.0 the con cept of shell usage was entered. The shell program is any software that lets the user accomplishes most of the tasks the user would otherwise has to accomplish from the DOS command line. Shell programs tend to install themselves, take a look around, and present the user with a control screen. This new feature facilitates the tasks the user want to achieve. The MS*D0S version 5.0, releasing in 1991, is continu ing this shell concept. Of course, other powerful featu res and a great many of innovations are introduced. The - tl\l- - most important innovation among the others is the task- switching capability. With this feature, MS-DOS provides the users by means of disk processing the facility of passing between programs. An another newness in MS-DOS 5^0 implemented by Microsoft is the full-screen text edi tor. With this approach Microsoft seems to have solved a key matter in point of view of the users. These and other key innovations and enhanced proper ties make the MS-DOS version 5.0 a powerful and a rich de signed one. Without a doubt, this evolving of MS-DOS will continue, introducing newer concepts and tools that allow the user to accomplish his job more efficiently. Systems software for the IBM PC Systems software is software that serves as a control and interface layer between applications software, such as Turbo Assembler and Quattro, and the hardware of the com puter. "" ~"w.... In particular, systems software handles the complexi ties of interfacing to individual devices. For example, several hundred lines of assembly language code are requi red in order for the PC to process a single keystroke, but but the assembler programs can get keystrokes by invoking just one system function. This is made possible by the two main system software components of the PC: DOS and BIOS (Basic Input/Output System). In Figure 1., the DOS and BIOS systems software serves as a control and interface layer between application soft ware and the hardware of the IBM PC. Application software always has the option of controlling the hardware directly, but should use DOS or BIOS functions instead whenever pos sible. -XiV - Applications Software DOS Accessed through Int 21 h DOS functions and other Interrupts. BIOS Accessed through BIOS functions by way of several Interrupts. IBM PC Hardware Display adapter, keyboard, printer, disk, mouse, Joystick, and so on. Accessed at I/O ports and/or memory locations, depending on the speclllc hardware Item. Fig.1 - DOS and BIOS systems software as a control and interface layer. DOS DOS (short for Disk Operating System) is the program that controls the computer from the moment it reads the disk at power-up until one turn the power off. It' s DOS that provides the user with the A > prompt, and it's DOS that accepts and executes commands such as DIR. That is just the visible part of DOS. It also provi des a broad array of functions that are used heavily by just about every application. It's through DOS functions that applications read -.*V - from and write to files, get keystrokes, allocate memory, run other programs, and even set and get time of day. For example, the assembler code mov ah, 2 ;DOS function to display a character mov dl,'A*;A is the character to display int 21h ; invoke DOS to execute the function invokes the DOS "Display Output" function in order to dis play the character A at the current cursor location on the screen. BIOS The BIOS is the lowest-level software in the PC; even DOS uses BIOS functions to control the hardware. It's bet ter to use BIOS functions than to control the hardware di rectly, since, like DOS, the BIOS can mask differences bet ween various computers and devices. On the other hand, DOS functions should be used rather than BIOS functions when ever it is possible, since programs that use the BIOS can conflict with other programs, and tend to be less portable accross a variety of computer models. The most pressing reason to use the BIOS is for con trolling the display, since DOS provides virtually no sup port for the rich display capabilities of the PC. Only by invoking BIOS functions one can set the screen mode, con trol colors, get display adapter information, and so on. For example, the following code invokes the BIOS to set the the screen to four-color graphics mode on a CGA: mov ah,0 ;BIOS set mode function mov al,4 ;mode number for 320x200 4-color graphics int 10h ; execute BIOS video interrupt to set mode - XVL - The BIOS provides a variety of functions other than those related to display control, including keystroke-hand ling and disk control. In general, we are better off per forming these tasks through DOS functions.! 2] The computer virus dilemma Computer viruses are not the only problem facing com puter users and systems managers today. Many people are now wrestling with the problem of choosing their next ope rating system- be it OS/2, UNIX, a DOS extender or a non- IBM-compatible solution. Managers are trying to decide which side to root for in the spreadsheet wars, where even venerable Lotus Development Corporation now offers a multi tude of spreadsheets, each called 1-2-3, each with diffe rent features and abilities. Nowadays it is no longer suf ficient to evaluate programs on the basis of their indivi dual merits alone; we must decide which interface to stan dardize all of our software on- GUI or character-based? Life in the fast-track world of computing grows more con fusing every day. Complicating matters immensely is the issue of rogue software-programs designed with no other purpose than to destroy your hard-earned data. Software bombs, Trojan horses, worms, computer viruses, and other fiendish soft ware devices have entered the fray of personal computing with a vengeance. Hundreds, perhaps thousands of personal computers have been affected and infected by rogue compu ter software. The loss to businesses, both large and small, in time, money, and data is unaccountable. And no end is in sight. But the sky is not falling. The end is not near. With a little work, computer viruses and other rogue code can be understood and managed by all users, from sophisticated power users to budding novices. The trick is to have ac curate, straightforward information at your disposal.