Mobile virus
A mobile virus is an electronic virus that targets mobile phones or wireless-enabled PDAs.
As wireless phone and PDA networks become more numerous and more complex, it has become more difficult to secure them against electronic attacks in the form of viruses or other malicious software (also known as malware).
Contents[hide]
1 History
2 See also
3 External links
4 References
//
[edit] History
The first instance of a mobile virus occurred in June 2004 when it was discovered that a company called Ojam had engineered an anti-piracy Trojan virus in older versions of their mobile phone game Mosquito. This virus sent SMS text messages to the company without the user's knowledge. This virus was removed from more recent versions of the game; however it still exists on older, unlicensed versions. These older versions may still be distributed on file-sharing networks and free software download web sites.
In July 2004, computer hobbyists released a proof-of-concept mobile virus named Cabir. This virus replicates itself on Bluetooth wireless networks.[1]
In March 2005 it was reported that a computer worm called Commwarrior-A has been infecting Symbian series 60 mobile phones. This worm replicates itself through the phone's Multimedia Messaging System (MMS). It sends copies of itself to other phone owners listed in the phone user's address book. Although the worm is not considered harmful, experts agree that it heralds a new age of electronic attacks on mobile phones.
Common mobile viruses
Cabir: Infects mobile phones running on Symbian OS. When a phone is infected, the message 'Caribe' is displayed on the phone's display and is displayed every time the phone is turned on. The worm then attempts to spread to other phones in the area using wireless Bluetooth signals.
Duts: A parasitic file infector virus and is the first known virus for the PocketPC platform. It attempts to infect all EXE files in the current directory (infects files that are bigger than 4096 bytes)
Skulls: A trojan horse piece of code. Once downloaded, the virus, called Skulls, replaces all phone desktop icons with images of a skull. It also renders all phone applications, including SMSes and MMSes useless
Commwarrior: First worm to use MMS messages in order to spread to other devices. Can spread through Bluetooth too. It infects devices running under OS Symbian Series 60. The executable worm file once launched hunts for accessible Bluetooth devices and sends the infected files under a random name to various devices.
[edit] See also
Mobile software
Virus statistics
External links
Mobile Security Blog
Mobile Phone Viruses: News and Information
How To Not Catch a Mobile Virus
Mobile Malware Evolution: An Overview
How to the fix Cabir Virus
Sunday, November 18, 2007
Antivirus software
Antivirus software
"Antivirus" redirects here. For antiviral medication, see antiviral drug.
Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).
Antivirus software typically uses two different techniques to accomplish this:
Examining (scanning) files to look for known viruses matching definitions in a virus dictionary
Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.
Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Contents[hide]
1 Approaches
1.1 Dictionary
1.2 Suspicious behavior
1.3 Other approaches
2 Issues of concern
3 Antivirus, mobile devices and innovative solutions
4 SIM, flash based and USB based antivirus products
5 History
6 See also
7 Notes
8 External links
//
[edit] Approaches
[edit] Dictionary
In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:
attempt to repair the file by removing the virus itself from the file
quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread)
delete the infected file
To achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically minded and technically inclined users identify new viruses "in the wild", they can send their infected files to the authors of antivirus software, who then include information about the new viruses in their dictionaries.
Dictionary-based antivirus software typically examines files when the computer's operating system creates, opens, closes or e-mails them. In this way it can detect a known virus immediately upon receipt. Note too that a System Administrator can typically schedule the antivirus software to examine (scan) all files on the computer's hard disk on a regular basis.
Although the dictionary approach can effectively contain virus outbreaks in the right circumstances, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and more recently "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.
[edit] Suspicious behavior
The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, the antivirus software can flag this suspicious behavior, alert a user and ask what to do.
Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it can also sound a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the antivirus software obviously gives no benefit to that user. This problem has worsened since 1997[citation needed], since many more nonmalicious program designs came to modify other .exe files without regard to this false positive issue. Thus, most modern antivirus software uses this technique less and less.
[edit] Other approaches
Some antivirus software use other types of heuristic analysis. For example, it could try to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable. If the program seems to use self-modifying code or otherwise appears as a virus (if it immediately tries to find other executables, for example), one could assume that a virus has infected the executable. However, this method could result in a lot of false positives.
Yet another detection method involves using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, software analyzes the sandbox for any changes which might indicate a virus. Because of performance issues, this type of detection normally only takes place during on-demand scans. Also this method may fail as viruses can be nondeterministic and result in different actions or no actions at all done when run - so it will be impossible to detect it from one run. [1]
Some virus scanners can also warn a user if a file is likely to contain a virus based on the file type.
An emerging technique to deal with malware in general is whitelisting. Rather than looking for only known bad software, this technique prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator. By following this default deny approach, the limitations inherent in keeping virus signatures up to date are avoided. Additionally, computer applications that are unwanted by the system administrator are prevented from executing since they are not on the whitelist. Since modern enterprise organizations have large quantities of trusted applications, the limitations of adopting this technique rest with the system administrators' ability to properly inventory and maintain the whitelist of trusted applications. As such, viable implementations of this technique include tools for automating the inventory and whitelist maintenance processes.
[edit] Issues of concern
The ongoing writing and spreading of viruses and of panic about them gives the vendors of commercial antivirus software a financial interest in the ongoing existence of viruses. Some theorize that antivirus companies have financial ties to virus writers, to generate their own market, though there is no evidence for this.[2]
Some antivirus software can considerably reduce performance. Users may disable the antivirus protection to overcome the performance loss, thus increasing the risk of infection. For maximum protection the antivirus software needs to be enabled all the time — often at the cost of slower performance (see also software bloat).
It is important to note that one should not have more than one antivirus software installed on a single computer at any given time. This can seriously cripple the computer and cause further damage.[3]
It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.[citation needed] Having antivirus protection running at the same time as installing a major update may prevent the update installing properly or at all.
When purchasing antivirus software, the agreement may include a clause that your subscription will be automatically renewed, and your credit card automatically billed at the renewal time without your approval. For example, McAfee requires one to unsubscribe at least 60 days before the expiration of the present subscription.[citation needed] In that case, the subscriber may contest the charges with the credit card issuer, but this recourse is likely to fail if in fact the subscriber had authorised such a "continuous payment authority".
Some antivirus programmes are actually spyware masquerading as antivirus software. It is best to double-check that the antivirus software which is being downloaded is actually a real antivirus program.[4]
Some commercial antivirus software programs contain adware. For example, the home/small business version of CA Anti-Virus 2008 displays an advert for CA products whenever the desktop is unlocked after a period of inactivity.
[edit] Antivirus, mobile devices and innovative solutions
It would be no surprise when viruses that plague the desktop and laptop world quickly migrate to mobile devices. More and more vendors in this space are offering solutions to combat secure mobile handsets with antivirus solutions. Mobile devices present significant challenges for antivirus software, such as:
Processor constraints
Memory constraints
Definitions and new signature updates to these mobile handsets
[edit] SIM, flash based and USB based antivirus products
Mobile handsets are now offered with a variety of interfaces and data connection capabilities. Consumers should carefully evaluate security products before deploying on small form factor devices.
Solutions that are hardware-based, perhaps USB devices or SIM-based antivirus solutions, might work better in meeting the needs of mobile handset consumers. Technical evaluation and review on how deploying an antivirus solution on cellular mobile handsets should be considered as scanning process might impact other legitimate applications on the handheld.
SIM-based solutions with antivirus integrated on the small memory footprint might provide a basic solution to combat malware/viruses in protecting PIM and mobile user data. USB and Flash memory-based solutions give the user an advantage to swap and use these products with a range of hardware devices.
[edit] History
See also: Timeline of notable computer viruses and worms
There are competing claims for the innovator of the first antivirus product. Perhaps the first publicly known neutralization of a wild PC virus was performed by European Bernt Fix (also Bernd) in early 1987. Fix neutralized an infection of the Vienna virus.[5] [6] First edition of Polish antivirus software mks_vir started in 1987. Program was only available in Polish language version. Autumn 1988 also saw antivirus software Dr. Solomon's Anti-Virus Toolkit released by Briton Alan Solomon. By December 1990 the market had matured to the point of nineteen separate antivirus products being on sale including Norton AntiVirus and ViruScan from McAfee.
Peter Tippett made a number of contributions to the budding field of virus detection.[citation needed] He was an emergency room doctor who also ran a computer software company. He had read an article about the Lehigh virus and questioned whether they would have similar characteristics to biological viruses that attack organisms. From an epidemiological viewpoint, he was able to determine how these viruses were affecting systems within the computer (the boot-sector was affected by the Brain virus, the .com files were affected by the Lehigh virus, and both .com and .exe files were affected by the Jerusalem virus). Tippett’s company Certus International Corp. then began to create anti-virus software programs. The company was sold in 1992 to Symantec Corp, and Tippett went to work for them, incorporating the software he had developed into Symantec’s product, Norton AntiVirus.[citation needed]
A very uncommon use of the term "antivirus" is to apply it to benign viruses that spread and combated malicious viruses. This was common on the Amiga computer platform.[citation needed]
[edit] See also
List of antivirus software
List of computer viruses
List of trojan horses
List of computer virus hoaxes
List of Linux computer viruses
Timeline of notable computer viruses and worms
Virus hoax
Virus statistics
[edit] Notes
^ Raynal, Frederic (2006-05-16). Malicious cryptography, part two.
^ Why there is no global antivirus software conspiracy, by Jonathan Yarden
^ Microsoft Support
^ List of rogue software
^ Kaspersky Lab Virus list
^ IBM anti-virus research timeline
"Antivirus" redirects here. For antiviral medication, see antiviral drug.
Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).
Antivirus software typically uses two different techniques to accomplish this:
Examining (scanning) files to look for known viruses matching definitions in a virus dictionary
Identifying suspicious behavior from any computer program which might indicate infection. Such analysis may include data captures, port monitoring and other methods.
Most commercial antivirus software uses both of these approaches, with an emphasis on the virus dictionary approach.
Contents[hide]
1 Approaches
1.1 Dictionary
1.2 Suspicious behavior
1.3 Other approaches
2 Issues of concern
3 Antivirus, mobile devices and innovative solutions
4 SIM, flash based and USB based antivirus products
5 History
6 See also
7 Notes
8 External links
//
[edit] Approaches
[edit] Dictionary
In the virus dictionary approach, when the antivirus software looks at a file, it refers to a dictionary of known viruses that the authors of the antivirus software have identified. If a piece of code in the file matches any virus identified in the dictionary, then the antivirus software can take one of the following actions:
attempt to repair the file by removing the virus itself from the file
quarantine the file (such that the file remains inaccessible to other programs and its virus can no longer spread)
delete the infected file
To achieve consistent success in the medium and long term, the virus dictionary approach requires periodic (generally online) downloads of updated virus dictionary entries. As civically minded and technically inclined users identify new viruses "in the wild", they can send their infected files to the authors of antivirus software, who then include information about the new viruses in their dictionaries.
Dictionary-based antivirus software typically examines files when the computer's operating system creates, opens, closes or e-mails them. In this way it can detect a known virus immediately upon receipt. Note too that a System Administrator can typically schedule the antivirus software to examine (scan) all files on the computer's hard disk on a regular basis.
Although the dictionary approach can effectively contain virus outbreaks in the right circumstances, virus authors have tried to stay a step ahead of such software by writing "oligomorphic", "polymorphic" and more recently "metamorphic" viruses, which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.
[edit] Suspicious behavior
The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, the antivirus software can flag this suspicious behavior, alert a user and ask what to do.
Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it can also sound a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the antivirus software obviously gives no benefit to that user. This problem has worsened since 1997[citation needed], since many more nonmalicious program designs came to modify other .exe files without regard to this false positive issue. Thus, most modern antivirus software uses this technique less and less.
[edit] Other approaches
Some antivirus software use other types of heuristic analysis. For example, it could try to emulate the beginning of the code of each new executable that the system invokes before transferring control to that executable. If the program seems to use self-modifying code or otherwise appears as a virus (if it immediately tries to find other executables, for example), one could assume that a virus has infected the executable. However, this method could result in a lot of false positives.
Yet another detection method involves using a sandbox. A sandbox emulates the operating system and runs the executable in this simulation. After the program has terminated, software analyzes the sandbox for any changes which might indicate a virus. Because of performance issues, this type of detection normally only takes place during on-demand scans. Also this method may fail as viruses can be nondeterministic and result in different actions or no actions at all done when run - so it will be impossible to detect it from one run. [1]
Some virus scanners can also warn a user if a file is likely to contain a virus based on the file type.
An emerging technique to deal with malware in general is whitelisting. Rather than looking for only known bad software, this technique prevents execution of all computer code except that which has been previously identified as trustworthy by the system administrator. By following this default deny approach, the limitations inherent in keeping virus signatures up to date are avoided. Additionally, computer applications that are unwanted by the system administrator are prevented from executing since they are not on the whitelist. Since modern enterprise organizations have large quantities of trusted applications, the limitations of adopting this technique rest with the system administrators' ability to properly inventory and maintain the whitelist of trusted applications. As such, viable implementations of this technique include tools for automating the inventory and whitelist maintenance processes.
[edit] Issues of concern
The ongoing writing and spreading of viruses and of panic about them gives the vendors of commercial antivirus software a financial interest in the ongoing existence of viruses. Some theorize that antivirus companies have financial ties to virus writers, to generate their own market, though there is no evidence for this.[2]
Some antivirus software can considerably reduce performance. Users may disable the antivirus protection to overcome the performance loss, thus increasing the risk of infection. For maximum protection the antivirus software needs to be enabled all the time — often at the cost of slower performance (see also software bloat).
It is important to note that one should not have more than one antivirus software installed on a single computer at any given time. This can seriously cripple the computer and cause further damage.[3]
It is sometimes necessary to temporarily disable virus protection when installing major updates such as Windows Service Packs or updating graphics card drivers.[citation needed] Having antivirus protection running at the same time as installing a major update may prevent the update installing properly or at all.
When purchasing antivirus software, the agreement may include a clause that your subscription will be automatically renewed, and your credit card automatically billed at the renewal time without your approval. For example, McAfee requires one to unsubscribe at least 60 days before the expiration of the present subscription.[citation needed] In that case, the subscriber may contest the charges with the credit card issuer, but this recourse is likely to fail if in fact the subscriber had authorised such a "continuous payment authority".
Some antivirus programmes are actually spyware masquerading as antivirus software. It is best to double-check that the antivirus software which is being downloaded is actually a real antivirus program.[4]
Some commercial antivirus software programs contain adware. For example, the home/small business version of CA Anti-Virus 2008 displays an advert for CA products whenever the desktop is unlocked after a period of inactivity.
[edit] Antivirus, mobile devices and innovative solutions
It would be no surprise when viruses that plague the desktop and laptop world quickly migrate to mobile devices. More and more vendors in this space are offering solutions to combat secure mobile handsets with antivirus solutions. Mobile devices present significant challenges for antivirus software, such as:
Processor constraints
Memory constraints
Definitions and new signature updates to these mobile handsets
[edit] SIM, flash based and USB based antivirus products
Mobile handsets are now offered with a variety of interfaces and data connection capabilities. Consumers should carefully evaluate security products before deploying on small form factor devices.
Solutions that are hardware-based, perhaps USB devices or SIM-based antivirus solutions, might work better in meeting the needs of mobile handset consumers. Technical evaluation and review on how deploying an antivirus solution on cellular mobile handsets should be considered as scanning process might impact other legitimate applications on the handheld.
SIM-based solutions with antivirus integrated on the small memory footprint might provide a basic solution to combat malware/viruses in protecting PIM and mobile user data. USB and Flash memory-based solutions give the user an advantage to swap and use these products with a range of hardware devices.
[edit] History
See also: Timeline of notable computer viruses and worms
There are competing claims for the innovator of the first antivirus product. Perhaps the first publicly known neutralization of a wild PC virus was performed by European Bernt Fix (also Bernd) in early 1987. Fix neutralized an infection of the Vienna virus.[5] [6] First edition of Polish antivirus software mks_vir started in 1987. Program was only available in Polish language version. Autumn 1988 also saw antivirus software Dr. Solomon's Anti-Virus Toolkit released by Briton Alan Solomon. By December 1990 the market had matured to the point of nineteen separate antivirus products being on sale including Norton AntiVirus and ViruScan from McAfee.
Peter Tippett made a number of contributions to the budding field of virus detection.[citation needed] He was an emergency room doctor who also ran a computer software company. He had read an article about the Lehigh virus and questioned whether they would have similar characteristics to biological viruses that attack organisms. From an epidemiological viewpoint, he was able to determine how these viruses were affecting systems within the computer (the boot-sector was affected by the Brain virus, the .com files were affected by the Lehigh virus, and both .com and .exe files were affected by the Jerusalem virus). Tippett’s company Certus International Corp. then began to create anti-virus software programs. The company was sold in 1992 to Symantec Corp, and Tippett went to work for them, incorporating the software he had developed into Symantec’s product, Norton AntiVirus.[citation needed]
A very uncommon use of the term "antivirus" is to apply it to benign viruses that spread and combated malicious viruses. This was common on the Amiga computer platform.[citation needed]
[edit] See also
List of antivirus software
List of computer viruses
List of trojan horses
List of computer virus hoaxes
List of Linux computer viruses
Timeline of notable computer viruses and worms
Virus hoax
Virus statistics
[edit] Notes
^ Raynal, Frederic (2006-05-16). Malicious cryptography, part two.
^ Why there is no global antivirus software conspiracy, by Jonathan Yarden
^ Microsoft Support
^ List of rogue software
^ Kaspersky Lab Virus list
^ IBM anti-virus research timeline
Computer virus
Computer virus
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless until executed.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.
Contents[hide]
1 History
1.1 Replication strategies
1.2 Nonresident viruses
1.3 Resident viruses
2 Vectors and hosts
2.1 Inhospitable vectors
3 Methods to avoid detection
3.1 Avoiding bait files and other undesirable hosts
3.2 Stealth
3.3 Self-modification
3.3.1 Encryption with a variable key
3.3.2 Polymorphic code
3.3.3 Metamorphic code
4 Vulnerability and countermeasures
4.1 The vulnerability of operating systems to viruses
4.2 The role of software development
4.3 Anti-virus software and other preventive measures
4.4 Recovery methods
4.4.1 Virus removal
4.4.2 Operating system reinstallation
5 See also
6 References
7 External links
7.1 Other texts
//
[edit] History
The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s. It propagated via the TENEX operating system and could make use of any connected modem to dial out to remote computers and infect them. It would display the message "I'M THE CREEPER : CATCH ME IF YOU CAN.". It is rumored that the Reaper program, which appeared shortly after and sought out copies of the Creeper and deleted them, may have been written by the creator of the Creeper in a fit of regret.
A program called "Elk Cloner" is commonly credited with being the first computer virus to appear "in the wild" — that is, outside the single computer or lab where it was created, but that claim is false. See the Timeline of notable computer viruses and worms for other earlier viruses. It was however the first virus to infect computers "in the home". Written in 1982 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk.[1] This virus was originally a joke, created by a high school student and put onto a game. The disk could only be used 49 times. The game was set to play, but release the virus on the 50th time of starting the game. Only this time, instead of playing the game, it would change to a blank screen that read a poem about the virus named Elk Cloner. The poem that showed up on the screen is as follows: It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like a fly on a glue stick. It will modify RAM too. Send in the Cloner! The computer would then be infected.
The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written. However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus.
Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of the personal computer, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.
Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS and modem use, and software sharing. Bulletin board driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBS's. Within the "pirate scene" of hobbyists trading illicit copies of retail software, traders in a hurry to obtain the latest applications and games were easy targets for viruses.
Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in Microsoft Office by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Most of these viruses did not have the ability to send infected e-mail. Those viruses which did spread through e-mail took advantage of the Microsoft Outlook COM interface.
Macro viruses pose unique problems for detection software. For example, some versions of Microsoft Word allowed macros to replicate themselves with additional blank lines. The virus behaved identically but would be misidentified as a new virus. In another example, if two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a "mating" of the two and would likely be detected as a virus unique from the "parents".[2]
A virus may also send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.
The newest species of the virus family is the cross-site scripting virus. The virus emerged from research and was academically demonstrated in 2005 [3]. This virus utilizes cross-site scripting vulnerabilities to propagate. Since 2005 there have been multiple instances of the cross-site scripting viruses in the wild, most notable sites affected have been MySpace and Yahoo.
[edit] Replication strategies
In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.
[edit] Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.
[edit] Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.
Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach does not seem very successful, however.
[edit] Vectors and hosts
Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:
Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)
Volume Boot Records of floppy disks and hard disk partitions
The master boot record (MBR) of a hard disk
General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms).
Application-specific script files (such as Telix-scripts)
Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)
Cross-site scripting vulnerabilities in web applications
[edit] Inhospitable vectors
It is difficult, but not impossible, for viruses to tag along in source files, seeing that computer languages are built for human eyes and experienced operators. With the notable exception of WMF, it is almost impossible for viruses to tag along in data files like MP3s, MPEGs, OGGs, JPEGs, GIFs, PNGs, MNGs, PDFs, and DVI files (this is not an exhaustive list of generally trusted file types). Even if a virus were to 'infect' such a file, it would be inoperative since there would be no way for the viral code to be executed. A caveat must be mentioned from PDFs, that like HTML, may link to malicious code. Further, an exploitable buffer overflow in a program which reads the data files could be used to trigger the execution of code hidden within the data file, but this attack is substantially mitigated in computer architectures with an execute disable bit.
It is worth noting that some virus authors have written an .EXE extension on the end of .PNG (for example), hoping that users would stop at the trusted file type without noticing that the computer would start with the final type of file. See Trojan horse (computing).
[edit] Methods to avoid detection
In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however, especially that which maintains and dates Cyclic Redundancy Codes on file changes.
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.
[edit] Avoiding bait files and other undesirable hosts
A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.
Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system.
Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.
A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.
[edit] Stealth
Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.
[edit] Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.
[edit] Encryption with a variable key
A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.
[edit] Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts that static between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operate.
Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.
[edit] Metamorphic code
To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of it is part of the metamorphic engine.[4]
[edit] Vulnerability and countermeasures
[edit] The vulnerability of operating systems to viruses
Just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses.
This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit. Integrated applications (such as Microsoft Office) and applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable.
Although Windows is by far the most popular operating system for virus writers, some viruses also exist on other platforms. Any operating system that allows third-party programs to run can theoretically run viruses. Some operating systems are less secure than others. Unix-based OS's (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories.
As of 2006, there are relatively few security exploits[5] targeting Mac OS X (with a Unix-based file system); the known vulnerabilities fall under the classifications of worms and Trojans. The number of viruses for the older Apple operating systems, known as Mac OS Classic, varies greatly from source to source, with Apple stating that there are only four known viruses, and independent sources stating there are as many as 63 viruses. It is safe to say that Macs are less likely to be targeted because of low market share and thus a Mac-specific virus could only infect a small proportion of computers (making the effort less desirable). Virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising. That said Macs have also had significant critical security issues just as Microsoft Windows has.
Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, older copies of Windows such as Windows 95 and 98 do not. In 1997, when a virus for Linux was released – known as "Bliss" – leading antivirus vendors issued warnings that Unix-like systems could fall prey to viruses just like Windows.[6] The Bliss virus may be considered characteristic of viruses – as opposed to worms – on Unix systems. Bliss requires that the user run it explicitly (making it a trojan), and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked.[7]
[edit] The role of software development
Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits.
[edit] Anti-virus software and other preventive measures
Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms’ have yet to create a signature for.
Some anti-virus programs are able to scan opened files in addition to sent and received e-mails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to prevent the latest threats.
One may also prevent the damage done by viruses by making regular backups of data (and the Operating Systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus. Likewise, an Operating System on a bootable can be used to start the computer if the installed Operating Systems become unusable. Another method is to use different Operating Systems on different file systems. A virus is not likely to affect both. Data backups can also be put on different file systems. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition (and preferably only for that reason), the backup should remain safe from any Linux viruses. Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation.
[edit] Recovery methods
Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system. However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of virus.
[edit] Virus removal
One possibility on Windows XP and Vista is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files. Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt. An example of a virus that does this is CiaDoor.
Administrators have the option to disable such tools from limited users for various reasons. The virus modifies the registry to do the same, except, when the Administrator is controlling the computer, it blocks all users from accessing the tools. When an infected tool activates it gives the message "Task Manager has been disabled by your administrator.", even if the user trying to open the program is the administrator.
[edit] Operating system reinstallation
As a last ditch effort, if a virus is on your system and anti-viral software can't clean it, then reinstalling the operating system may be required. To do this properly, the hard drive is completely erased (partition deleted and formatted, not quick-formatted) and the operating system is reinstalled, and separately scanned for infection before erasing the original hard drive and reinstalling installed from media known not to be infected. Important files should first be backed up, if possible.
This does not re-install your programs. The computer is returned to its 'Out-of-the-box' state. Make sure you have all the original software disks before attempting system reinstallation.
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. However, the term "virus" is commonly used, albeit erroneously, to refer to many different types of malware programs. The original virus may modify the copies, or the copies may modify themselves, as occurs in a metamorphic virus. A virus can only spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive. Additionally, viruses can spread to other computers by infecting files on a network file system or a file system that is accessed by another computer. Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a file that appears harmless until executed.
Many personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, and file sharing systems to spread, blurring the line between viruses and worms. Furthermore, some sources use an alternative terminology in which a virus is any form of self-replicating malware.
Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are not designed to do any damage, but simply replicate themselves and perhaps make their presence known by presenting text, video, or audio messages. Even these benign viruses can create problems for the computer user. They typically take up computer memory used by legitimate programs. As a result, they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.
Contents[hide]
1 History
1.1 Replication strategies
1.2 Nonresident viruses
1.3 Resident viruses
2 Vectors and hosts
2.1 Inhospitable vectors
3 Methods to avoid detection
3.1 Avoiding bait files and other undesirable hosts
3.2 Stealth
3.3 Self-modification
3.3.1 Encryption with a variable key
3.3.2 Polymorphic code
3.3.3 Metamorphic code
4 Vulnerability and countermeasures
4.1 The vulnerability of operating systems to viruses
4.2 The role of software development
4.3 Anti-virus software and other preventive measures
4.4 Recovery methods
4.4.1 Virus removal
4.4.2 Operating system reinstallation
5 See also
6 References
7 External links
7.1 Other texts
//
[edit] History
The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the early 1970s. It propagated via the TENEX operating system and could make use of any connected modem to dial out to remote computers and infect them. It would display the message "I'M THE CREEPER : CATCH ME IF YOU CAN.". It is rumored that the Reaper program, which appeared shortly after and sought out copies of the Creeper and deleted them, may have been written by the creator of the Creeper in a fit of regret.
A program called "Elk Cloner" is commonly credited with being the first computer virus to appear "in the wild" — that is, outside the single computer or lab where it was created, but that claim is false. See the Timeline of notable computer viruses and worms for other earlier viruses. It was however the first virus to infect computers "in the home". Written in 1982 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread by floppy disk.[1] This virus was originally a joke, created by a high school student and put onto a game. The disk could only be used 49 times. The game was set to play, but release the virus on the 50th time of starting the game. Only this time, instead of playing the game, it would change to a blank screen that read a poem about the virus named Elk Cloner. The poem that showed up on the screen is as follows: It will get on all your disks. It will infiltrate your chips. Yes it's Cloner! It will stick to you like a fly on a glue stick. It will modify RAM too. Send in the Cloner! The computer would then be infected.
The first PC virus was a boot sector virus called (c)Brain, created in 1986 by two brothers, Basit and Amjad Farooq Alvi, operating out of Lahore, Pakistan. The brothers reportedly created the virus to deter pirated copies of software they had written. However, analysts have claimed that the Ashar virus, a variant of Brain, possibly predated it based on code within the virus.
Before computer networks became widespread, most viruses spread on removable media, particularly floppy disks. In the early days of the personal computer, many users regularly exchanged information and programs on floppies. Some viruses spread by infecting programs stored on these disks, while others installed themselves into the disk boot sector, ensuring that they would be run when the user booted the computer from the disk.
Traditional computer viruses emerged in the 1980s, driven by the spread of personal computers and the resultant increase in BBS and modem use, and software sharing. Bulletin board driven software sharing contributed directly to the spread of Trojan horse programs, and viruses were written to infect popularly traded software. Shareware and bootleg software were equally common vectors for viruses on BBS's. Within the "pirate scene" of hobbyists trading illicit copies of retail software, traders in a hurry to obtain the latest applications and games were easy targets for viruses.
Since the mid-1990s, macro viruses have become common. Most of these viruses are written in the scripting languages for Microsoft programs such as Word and Excel. These viruses spread in Microsoft Office by infecting documents and spreadsheets. Since Word and Excel were also available for Mac OS, most of these viruses were able to spread on Macintosh computers as well. Most of these viruses did not have the ability to send infected e-mail. Those viruses which did spread through e-mail took advantage of the Microsoft Outlook COM interface.
Macro viruses pose unique problems for detection software. For example, some versions of Microsoft Word allowed macros to replicate themselves with additional blank lines. The virus behaved identically but would be misidentified as a new virus. In another example, if two macro viruses simultaneously infect a document, the combination of the two, if also self-replicating, can appear as a "mating" of the two and would likely be detected as a virus unique from the "parents".[2]
A virus may also send a web address link as an instant message to all the contacts on an infected machine. If the recipient, thinking the link is from a friend (a trusted source) follows the link to the website, the virus hosted at the site may be able to infect this new computer and continue propagating.
The newest species of the virus family is the cross-site scripting virus. The virus emerged from research and was academically demonstrated in 2005 [3]. This virus utilizes cross-site scripting vulnerabilities to propagate. Since 2005 there have been multiple instances of the cross-site scripting viruses in the wild, most notable sites affected have been MySpace and Yahoo.
[edit] Replication strategies
In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user tries to start an infected program, the virus' code may be executed first. Viruses can be divided into two types, on the basis of their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect these targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.
[edit] Nonresident viruses
Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.
[edit] Resident viruses
Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. However, this module is not called by a finder module. Instead, the virus loads the replication module into memory when it is executed and ensures that this module is executed each time the operating system is called to perform a certain operation. For example, the replication module can be called each time the operating system executes a file. In this case, the virus infects every suitable program that is executed on the computer.
Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. For instance, a fast infector can infect every potential host file that is accessed. This poses a special problem to anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory, the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. For instance, some slow infectors only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably, and will at most infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach does not seem very successful, however.
[edit] Vectors and hosts
Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:
Binary executable files (such as COM files and EXE files in MS-DOS, Portable Executable files in Microsoft Windows, and ELF files in Linux)
Volume Boot Records of floppy disks and hard disk partitions
The master boot record (MBR) of a hard disk
General-purpose script files (such as batch files in MS-DOS and Microsoft Windows, VBScript files, and shell script files on Unix-like platforms).
Application-specific script files (such as Telix-scripts)
Documents that can contain macros (such as Microsoft Word documents, Microsoft Excel spreadsheets, AmiPro documents, and Microsoft Access database files)
Cross-site scripting vulnerabilities in web applications
[edit] Inhospitable vectors
It is difficult, but not impossible, for viruses to tag along in source files, seeing that computer languages are built for human eyes and experienced operators. With the notable exception of WMF, it is almost impossible for viruses to tag along in data files like MP3s, MPEGs, OGGs, JPEGs, GIFs, PNGs, MNGs, PDFs, and DVI files (this is not an exhaustive list of generally trusted file types). Even if a virus were to 'infect' such a file, it would be inoperative since there would be no way for the viral code to be executed. A caveat must be mentioned from PDFs, that like HTML, may link to malicious code. Further, an exploitable buffer overflow in a program which reads the data files could be used to trigger the execution of code hidden within the data file, but this attack is substantially mitigated in computer architectures with an execute disable bit.
It is worth noting that some virus authors have written an .EXE extension on the end of .PNG (for example), hoping that users would stop at the trusted file type without noticing that the computer would start with the final type of file. See Trojan horse (computing).
[edit] Methods to avoid detection
In order to avoid detection by users, some viruses employ different kinds of deception. Some old viruses, especially on the MS-DOS platform, make sure that the "last modified" date of a host file stays the same when the file is infected by the virus. This approach does not fool anti-virus software, however, especially that which maintains and dates Cyclic Redundancy Codes on file changes.
Some viruses can infect files without increasing their sizes or damaging the files. They accomplish this by overwriting unused areas of executable files. These are called cavity viruses. For example the CIH virus, or Chernobyl Virus, infects Portable Executable files. Because those files had many empty gaps, the virus, which was 1 KB in length, did not add to the size of the file.
Some viruses try to avoid detection by killing the tasks associated with antivirus software before it can detect them.
As computers and operating systems grow larger and more complex, old hiding techniques need to be updated or replaced. Defending a computer against viruses may demand that a file system migrate towards detailed and explicit permission for every kind of file access.
[edit] Avoiding bait files and other undesirable hosts
A virus needs to infect hosts in order to spread further. In some cases, it might be a bad idea to infect a host program. For example, many anti-virus programs perform an integrity check of their own code. Infecting such programs will therefore increase the likelihood that the virus is detected. For this reason, some viruses are programmed not to infect programs that are known to be part of anti-virus software. Another type of host that viruses sometimes avoid is bait files. Bait files (or goat files) are files that are specially created by anti-virus software, or by anti-virus professionals themselves, to be infected by a virus. These files can be created for various reasons, all of which are related to the detection of the virus:
Anti-virus professionals can use bait files to take a sample of a virus (i.e. a copy of a program file that is infected by the virus). It is more practical to store and exchange a small, infected bait file, than to exchange a large application program that has been infected by the virus.
Anti-virus professionals can use bait files to study the behavior of a virus and evaluate detection methods. This is especially useful when the virus is polymorphic. In this case, the virus can be made to infect a large number of bait files. The infected files can be used to test whether a virus scanner detects all versions of the virus.
Some anti-virus software employs bait files that are accessed regularly. When these files are modified, the anti-virus software warns the user that a virus is probably active on the system.
Since bait files are used to detect the virus, or to make detection possible, a virus can benefit from not infecting them. Viruses typically do this by avoiding suspicious programs, such as small program files or programs that contain certain patterns of 'garbage instructions'.
A related strategy to make baiting difficult is sparse infection. Sometimes, sparse infectors do not infect a host file that would be a suitable candidate for infection in other circumstances. For example, a virus can decide on a random basis whether to infect a file or not, or a virus can only infect host files on particular days of the week.
[edit] Stealth
Some viruses try to trick anti-virus software by intercepting its requests to the operating system. A virus can hide itself by intercepting the anti-virus software’s request to read the file and passing the request to the virus, instead of the OS. The virus can then return an uninfected version of the file to the anti-virus software, so that it seems that the file is "clean". Modern anti-virus software employs various techniques to counter stealth mechanisms of viruses. The only completely reliable method to avoid stealth is to boot from a medium that is known to be clean.
[edit] Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary programs by scanning them for so-called virus signatures. A signature is a characteristic byte-pattern that is part of a certain virus or family of viruses. If a virus scanner finds such a pattern in a file, it notifies the user that the file is infected. The user can then delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ techniques that make detection by means of signatures difficult but probably not impossible. These viruses modify their code on each infection. That is, each infected file contains a different variant of the virus.
[edit] Encryption with a variable key
A more advanced method is the use of simple encryption to encipher the virus. In this case, the virus consists of a small decrypting module and an encrypted copy of the virus code. If the virus is encrypted with a different key for each infected file, the only part of the virus that remains constant is the decrypting module, which would (for example) be appended to the end. In this case, a virus scanner cannot directly detect the virus using signatures, but it can still detect the decrypting module, which still makes indirect detection of the virus possible. Since these would be symmetric keys, stored on the infected host, it is in fact entirely possible to decrypt the final virus, but that probably isn't required, since self-modifying code is such a rarity that it may be reason for virus scanners to at least flag the file as suspicious.
An old, but compact, encryption involves XORing each byte in a virus with a constant, so that the exclusive-or operation had only to be repeated for decryption. It is suspicious code that modifies itself, so the code to do the encryption/decryption may be part of the signature in many virus definitions.
[edit] Polymorphic code
Polymorphic code was the first technique that posed a serious threat to virus scanners. Just like regular encrypted viruses, a polymorphic virus infects files with an encrypted copy of itself, which is decoded by a decryption module. In the case of polymorphic viruses however, this decryption module is also modified on each infection. A well-written polymorphic virus therefore has no parts that static between infections, making it very difficult to detect directly using signatures. Anti-virus software can detect it by decrypting the viruses using an emulator, or by statistical pattern analysis of the encrypted virus body. To enable polymorphic code, the virus has to have a polymorphic engine (also called mutating engine or mutation engine) somewhere in its encrypted body. See Polymorphic code for technical detail on how such engines operate.
Some viruses employ polymorphic code in a way that constrains the mutation rate of the virus significantly. For example, a virus can be programmed to mutate only slightly over time, or it can be programmed to refrain from mutating when it infects a file on a computer that already contains copies of the virus. The advantage of using such slow polymorphic code is that it makes it more difficult for anti-virus professionals to obtain representative samples of the virus, because bait files that are infected in one run will typically contain identical or similar samples of the virus. This will make it more likely that the detection by the virus scanner will be unreliable, and that some instances of the virus may be able to avoid detection.
[edit] Metamorphic code
To avoid being detected by emulation, some viruses rewrite themselves completely each time they are to infect new executables. Viruses that use this technique are said to be metamorphic. To enable metamorphism, a metamorphic engine is needed. A metamorphic virus is usually very large and complex. For example, W32/Simile consisted of over 14000 lines of Assembly language code, 90% of it is part of the metamorphic engine.[4]
[edit] Vulnerability and countermeasures
[edit] The vulnerability of operating systems to viruses
Just as genetic diversity in a population decreases the chance of a single disease wiping out a population, the diversity of software systems on a network similarly limits the destructive potential of viruses.
This became a particular concern in the 1990s, when Microsoft gained market dominance in desktop operating systems and office suites. The users of Microsoft software (especially networking software such as Microsoft Outlook and Internet Explorer) are especially vulnerable to the spread of viruses. Microsoft software is targeted by virus writers due to their desktop dominance, and is often criticized for including many errors and holes for virus writers to exploit. Integrated applications (such as Microsoft Office) and applications with scripting languages with access to the file system (for example Visual Basic Script (VBS), and applications with networking features) are also particularly vulnerable.
Although Windows is by far the most popular operating system for virus writers, some viruses also exist on other platforms. Any operating system that allows third-party programs to run can theoretically run viruses. Some operating systems are less secure than others. Unix-based OS's (and NTFS-aware applications on Windows NT based platforms) only allow their users to run executables within their protected space in their own directories.
As of 2006, there are relatively few security exploits[5] targeting Mac OS X (with a Unix-based file system); the known vulnerabilities fall under the classifications of worms and Trojans. The number of viruses for the older Apple operating systems, known as Mac OS Classic, varies greatly from source to source, with Apple stating that there are only four known viruses, and independent sources stating there are as many as 63 viruses. It is safe to say that Macs are less likely to be targeted because of low market share and thus a Mac-specific virus could only infect a small proportion of computers (making the effort less desirable). Virus vulnerability between Macs and Windows is a chief selling point, one that Apple uses in their Get a Mac advertising. That said Macs have also had significant critical security issues just as Microsoft Windows has.
Windows and Unix have similar scripting abilities, but while Unix natively blocks normal users from having access to make changes to the operating system environment, older copies of Windows such as Windows 95 and 98 do not. In 1997, when a virus for Linux was released – known as "Bliss" – leading antivirus vendors issued warnings that Unix-like systems could fall prey to viruses just like Windows.[6] The Bliss virus may be considered characteristic of viruses – as opposed to worms – on Unix systems. Bliss requires that the user run it explicitly (making it a trojan), and it can only infect programs that the user has the access to modify. Unlike Windows users, most Unix users do not log in as an administrator user except to install or configure software; as a result, even if a user ran the virus, it could not harm their operating system. The Bliss virus never became widespread, and remains chiefly a research curiosity. Its creator later posted the source code to Usenet, allowing researchers to see how it worked.[7]
[edit] The role of software development
Because software is often designed with security features to prevent unauthorized use of system resources, many viruses must exploit software bugs in a system or application to spread. Software development strategies that produce large numbers of bugs will generally also produce potential exploits.
[edit] Anti-virus software and other preventive measures
Many users install anti-virus software that can detect and eliminate known viruses after the computer downloads or runs the executable. There are two common methods that an anti-virus software application uses to detect viruses. The first, and by far the most common method of virus detection is using a list of virus signature definitions. This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures". The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update. The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has the ability to detect viruses that anti-virus security firms’ have yet to create a signature for.
Some anti-virus programs are able to scan opened files in addition to sent and received e-mails 'on the fly' in a similar manner. This practice is known as "on-access scanning." Anti-virus software does not change the underlying capability of host software to transmit viruses. Users must update their software regularly to patch security holes. Anti-virus software also needs to be regularly updated in order to prevent the latest threats.
One may also prevent the damage done by viruses by making regular backups of data (and the Operating Systems) on different media, that are either kept unconnected to the system (most of the time), read-only or not accessible for other reasons, such as using different file systems. This way, if data is lost through a virus, one can start again using the backup (which should preferably be recent). If a backup session on optical media like CD and DVD is closed, it becomes read-only and can no longer be affected by a virus. Likewise, an Operating System on a bootable can be used to start the computer if the installed Operating Systems become unusable. Another method is to use different Operating Systems on different file systems. A virus is not likely to affect both. Data backups can also be put on different file systems. For example, Linux requires specific software to write to NTFS partitions, so if one does not install such software and uses a separate installation of MS Windows to make the backups on an NTFS partition (and preferably only for that reason), the backup should remain safe from any Linux viruses. Likewise, MS Windows can not read file systems like ext3, so if one normally uses MS Windows, the backups can be made on an ext3 partition using a Linux installation.
[edit] Recovery methods
Once a computer has been compromised by a virus, it is usually unsafe to continue using the same computer without completely reinstalling the operating system. However, there are a number of recovery options that exist after a computer has a virus. These actions depend on severity of the type of virus.
[edit] Virus removal
One possibility on Windows XP and Vista is a tool known as System Restore, which restores the registry and critical system files to a previous checkpoint. Often a virus will cause a system to hang, and a subsequent hard reboot will render a system restore point from the same day corrupt. Restore points from previous days should work provided the virus is not designed to corrupt the restore files. Some viruses, however, disable system restore and other important tools such as Task Manager and Command Prompt. An example of a virus that does this is CiaDoor.
Administrators have the option to disable such tools from limited users for various reasons. The virus modifies the registry to do the same, except, when the Administrator is controlling the computer, it blocks all users from accessing the tools. When an infected tool activates it gives the message "Task Manager has been disabled by your administrator.", even if the user trying to open the program is the administrator.
[edit] Operating system reinstallation
As a last ditch effort, if a virus is on your system and anti-viral software can't clean it, then reinstalling the operating system may be required. To do this properly, the hard drive is completely erased (partition deleted and formatted, not quick-formatted) and the operating system is reinstalled, and separately scanned for infection before erasing the original hard drive and reinstalling installed from media known not to be infected. Important files should first be backed up, if possible.
This does not re-install your programs. The computer is returned to its 'Out-of-the-box' state. Make sure you have all the original software disks before attempting system reinstallation.
Saturday, November 10, 2007
How to get traffic for your blog
Use lists.
Be topical... write posts that need to be read right now.
Learn enough to become the expert in your field.
Break news.
Be timeless... write posts that will be readable in a year.
Be among the first with a great blog on your topic, then encourage others to blog on the same topic.
Share your expertise generously so people recognize it and depend on you.
Announce news.
Write short, pithy posts.
Encourage your readers to help you manipulate the technorati top blog list.
Don't write about your cat, your boyfriend or your kids.
Write long, definitive posts.
Write about your kids.
Be snarky. Write nearly libelous things about fellow bloggers, daring them to respond (with links back to you) on their blog.
Be sycophantic. Share linklove and expect some back.
Include polls, meters and other eye candy.
Tag your posts. Use del.ico.us.
Coin a term or two.
Do email interviews with the well-known.
Answer your email.
Use photos. Salacious ones are best.
Be anonymous.
Encourage your readers to digg your posts. (and to use furl and reddit). Do it with every post.
Post your photos on flickr.
Encourage your readers to subscribe by RSS.
Start at the beginning and take your readers through a months-long education.
Include comments so your blog becomes a virtual water cooler that feeds itself.
Assume that every day is the beginning, because you always have new readers.
Highlight your best posts on your Squidoo lens.
Point to useful but little-known resources.
Write about stuff that appeals to the majority of current blog readers--like gadgets and web 2.0.
Write about Google.
Have relevant ads that are even better than your content.
Don't include comments, people will cross post their responses.
Write posts that each include dozens of trackbacks to dozens of blog posts so that people will notice you.
Run no ads.
Keep tweaking your template to make it include every conceivable bell or whistle.
Write about blogging.
Digest the good ideas of other people, all day, every day.
Invent a whole new kind of art or interaction.
Post on weekdays, because there are more readers.
Write about a never-ending parade of different topics so you don't bore your readers.
Post on weekends, because there are fewer new posts.
Don't interrupt your writing with a lot of links.
Dress your blog (fonts and design) as well as you would dress yourself for a meeting with a stranger.
Edit yourself. Ruthlessly.
Don't promote yourself and your business or your books or your projects at the expense of the reader's attention.
Be patient.
Give credit to those that inspired, it makes your writing more useful.
Ping technorati. Or have someone smarter than me tell you how to do it automatically.
Write about only one thing, in ever-deepening detail, so you become definitive.
Write in English.
Better, write in Chinese.
Write about obscure stuff that appeals to an obsessed minority.
Don't be boring.
Write stuff that people want to read and share.
Use lists.
Be topical... write posts that need to be read right now.
Learn enough to become the expert in your field.
Break news.
Be timeless... write posts that will be readable in a year.
Be among the first with a great blog on your topic, then encourage others to blog on the same topic.
Share your expertise generously so people recognize it and depend on you.
Announce news.
Write short, pithy posts.
Encourage your readers to help you manipulate the technorati top blog list.
Don't write about your cat, your boyfriend or your kids.
Write long, definitive posts.
Write about your kids.
Be snarky. Write nearly libelous things about fellow bloggers, daring them to respond (with links back to you) on their blog.
Be sycophantic. Share linklove and expect some back.
Include polls, meters and other eye candy.
Tag your posts. Use del.ico.us.
Coin a term or two.
Do email interviews with the well-known.
Answer your email.
Use photos. Salacious ones are best.
Be anonymous.
Encourage your readers to digg your posts. (and to use furl and reddit). Do it with every post.
Post your photos on flickr.
Encourage your readers to subscribe by RSS.
Start at the beginning and take your readers through a months-long education.
Include comments so your blog becomes a virtual water cooler that feeds itself.
Assume that every day is the beginning, because you always have new readers.
Highlight your best posts on your Squidoo lens.
Point to useful but little-known resources.
Write about stuff that appeals to the majority of current blog readers--like gadgets and web 2.0.
Write about Google.
Have relevant ads that are even better than your content.
Don't include comments, people will cross post their responses.
Write posts that each include dozens of trackbacks to dozens of blog posts so that people will notice you.
Run no ads.
Keep tweaking your template to make it include every conceivable bell or whistle.
Write about blogging.
Digest the good ideas of other people, all day, every day.
Invent a whole new kind of art or interaction.
Post on weekdays, because there are more readers.
Write about a never-ending parade of different topics so you don't bore your readers.
Post on weekends, because there are fewer new posts.
Don't interrupt your writing with a lot of links.
Dress your blog (fonts and design) as well as you would dress yourself for a meeting with a stranger.
Edit yourself. Ruthlessly.
Don't promote yourself and your business or your books or your projects at the expense of the reader's attention.
Be patient.
Give credit to those that inspired, it makes your writing more useful.
Ping technorati. Or have someone smarter than me tell you how to do it automatically.
Write about only one thing, in ever-deepening detail, so you become definitive.
Write in English.
Better, write in Chinese.
Write about obscure stuff that appeals to an obsessed minority.
Don't be boring.
Write stuff that people want to read and share.
Voice over Internet Protocol
Voice over Internet Protocol
An overview of how VoIP works
A typical analog telephone adapter for connecting an ordinary phone to a VoIP network
Cisco's implementation of VoIP - IP PhoneThis image is a candidate for speedy deletion. It will be deleted after seven days from the date of nomination.
Voice over Internet Protocol, also called VoIP (pronounced voyp), IP Telephony, Internet telephony, Broadband telephony, Broadband Phone and Voice over Broadband is the routing of voice conversations over the Internet or through any other IP-based network.
Companies providing VoIP service are commonly referred to as providers, and protocols which are used to carry voice signals over the IP network are commonly referred to as Voice over IP or VoIP protocols. They may be viewed as commercial realizations of the experimental Network Voice Protocol (1973) invented for the ARPANET providers. Some cost savings are due to utilizing a single network to carry voice and data, especially where users have existing underutilized network capacity that can carry VoIP at no additional cost. VoIP to VoIP phone calls are sometimes free, while VoIP to public switched telephone networks, PSTN, may have a cost that is borne by the VoIP user.
Voice over IP protocols carry telephony signals as digital audio, typically reduced in data rate using speech data compression techniques, encapsulated in a data packet stream over IP.
There are two types of PSTN to VoIP services: Direct Inward Dialing (DID) and access numbers. DID will connect the caller directly to the VoIP user while access numbers require the caller to input the extension number of the VoIP user.
Contents[hide]
1 History
2 Functionality
3 Implementation
3.1 Reliability
3.2 Quality of Service
3.3 Difficulty with sending faxes
3.4 Emergency calls
3.5 Integration into global telephone number system
3.6 Single point of calling
3.7 Mobile phones & Hand held Devices
3.8 Security
3.9 Pre-Paid Phone Cards
3.10 Caller ID
3.11 VoIM
4 Adoption
4.1 Mass-market telephony
4.2 Corporate and telco use
4.3 Use in Amateur Radio
4.4 Click to call
5 Legal issues in different countries
5.1 IP telephony in Japan
5.1.1 Telephone number for IP telephony in Japan
6 Technical details
7 See also
8 References
9 External links
//
[edit] History
This short section requires expansion.
Voice over IP has been a subject of interest almost since the first computer network. By 1973, voice was being transmitted over the early Internet.[1] By Technology for transmitting voice conversations over the internet has been available to end users since at least the 1990's. For instance, in 1996, a shrink-wrapped software product called Vocaltec Internet Phone Release 4 provided VoIP, along with extra features such as voice mail and caller id. however, it did not offer a gateway to the analog POTS system, so it was only possible to speak to other Vocaltec Internet Phone users.[2] VocalTec is significant for their breakthroughs in realtime voice compression,[3] which was vital at a time when the majority of users had at most a 28.8 kb/s dialup modem. In 1997, Level 3 began development of its first softswitch (a term they invented in 1998); softswitches were designed to replace a traditional hardware switchboards by serving as the gateway between two telephone networks.[4]
[edit] Functionality
VoIP can facilitate tasks that may be more difficult to achieve using traditional networks that have been typically used historically:
Ability to transmit more than one telephone call down the same broadband-connected telephone line. This can make VoIP a simple way to add an extra telephone line to a home or office.
Many VoIP packages include PSTN features that most telcos (telecommunication companies) normally charge extra for, or may be unavailable from your local telco,such as 3-way calling, call forwarding, automatic redial, and caller ID.
VoIP can be secured with existing off-the-shelf protocols such as Secure Real-time Transport Protocol. Most of the difficulties of creating a secure phone over traditional phone lines, like digitizing and digital transmission are already in place with VoIP. It is only necessary to encrypt and authenticate the existing data stream.
VoIP is location independent, only an internet connection is needed to get a connection to a VoIP provider; for instance call center agents using VoIP phones can work from anywhere with a sufficiently fast and stable Internet connection.
VoIP phones can integrate with other services available over the Internet, including video conversation, message or data file exchange in parallel with the conversation, audio conferencing, managing address books and passing information about whether others (e.g. friends or colleagues) are available online to interested parties.
[edit] Implementation
Because UDP does not provide a mechanism to ensure that data packets are delivered in sequential order, or provide Quality of Service (known as QoS) guarantees, VoIP implementations face problems dealing with latency and jitter. This is especially true when satellite circuits are involved, due to long round trip propagation delay (400 milliseconds to 600 milliseconds for geostationary satellite). The receiving node must restructure IP packets that may be out of order, delayed or missing, while ensuring that the audio stream maintains a proper time consistency. This functionality is usually accomplished by means of a jitter buffer.
Another challenge is routing VoIP traffic through firewalls and address translators. Private Session Border Controllers are used along with firewalls to enable VoIP calls to and from a protected enterprise network. Skype uses a proprietary protocol to route calls through other Skype peers on the network, allowing it to traverse symmetric NATs and firewalls. Other methods to traverse firewalls involve using protocols such as STUN or ICE.
VoIP challenges:
Available bandwidth
Delay/Network Latency
Packet loss
Jitter
Echo
Security
Reliability
Pulse dialing to DTMF translation
Many VoIP providers do not translate pulse dialing from older phones to DTMF. The VoIP user may use a VoIP Pulse to Tone Converter, if needed.[citation needed]
Fixed delays cannot be controlled but some delays can be minimized by marking voice packets as being delay-sensitive (see, for example, Diffserv).
The principal cause of packet loss is congestion, which can be controlled by congestion management and avoidance. Carrier VoIP networks avoid congestion by means of teletraffic engineering.
Variation in delay is called jitter. The effects of jitter can be mitigated by storing voice packets in a buffer (called a play-out buffer) upon arrival, before playing them out. This avoids a condition known as buffer underrun, in which the playout process runs out of voice data to play because the next voice packet has not yet arrived, but increases delay by the length of the buffer.
Common causes of echo include impedance mismatches in analog circuitry, and acoustic coupling of the transmit and receive signal at the receiving end.
[edit] Reliability
Conventional phones are connected directly to telephone company phone lines, which in the event of a power failure are kept functioning by back-up generators or batteries located at the telephone exchange. However, household VoIP hardware uses broadband modems and other equipment powered by household electricity, which may be subject to outages in the absence of a uninterruptible power supply or generator. Early adopters of VoIP may also be users of other phone equipment, such as PBX and cordless phone bases, that rely on power not provided by the telephone company. Even with local power still available, the broadband carrier itself may experience outages as well. While the PSTN has been matured over decades and is typically extremely reliable, most broadband networks are less than 10 years old, and even the best are still subject to intermittent outages. Furthermore, consumer network technologies such as cable and DSL often are not subject to the same restoration service levels as the PSTN or business technologies such as T-1 connection.
[edit] Quality of Service
Some broadband connections may have less than desirable quality. Where IP packets are lost or delayed at any point in the network between VoIP users, there will be a momentary drop-out of voice. This is more noticeable in highly congested networks and/or where there are long distances and/or interworking between end points. Technology has improved the reliability and voice quality over time and will continue to improve VoIP performance as time goes on.
It has been suggested to rely on the packetized nature of media in VOIP communications and transmit the stream of packets from the source phone to the destination phone simultaneously across different routes (multi-path routing). In such a way, the temporary failures have less impact on the communication quality. In capillary routing it has been suggested to use at the packet level Fountain codes or particularly raptor codes for transmitting extra redundant packets making the communication more reliable.
A number of protocols have been defined to support the reporting of QoS/QoE for VoIP calls. These include RTCP XR (RFC3611), SIP RTCP Summary Reports, H.460.9 Annex B (for H.323), H.248.30 and MGCP extensions. The RFC3611 VoIP Metrics block is generated by an IP phone or gateway during a live call and contains information on packet loss rate, packet discard rate (due to jitter), packet loss/discard burst metrics (burst length/density, gap length/density), network delay, end system delay, signal / noise / echo level, MOS scores and R factors and configuration information related to the jitter buffer.
RFC3611 VoIP metrics reports are exchanged between IP endpoints on an occasional basis during a call, and an end of call message sent via SIP RTCP Summary Report or one of the other signaling protocol extensions. RFC3611 VoIP metrics reports are intended to support real time feedback related to QoS problems, the exchange of information between the endpoints for improved call quality calculation and a variety of other applications.
[edit] Difficulty with sending faxes
The support of sending faxes over VoIP is still limited. The existing voice codecs are not designed for fax transmission. An effort is underway to remedy this by defining an alternate IP-based solution for delivering Fax-over-IP, namely the T.38 protocol. Another possible solution to overcome the drawback is to treat the fax system as a message switching system which does not need real time data transmission - such as sending a fax as an email attachment (see Fax) or remote printout (see Internet Printing Protocol). The end system can completely buffer the incoming fax data before displaying or printing the fax image.
[edit] Emergency calls
The nature of IP makes it difficult to locate network users geographically. Emergency calls, therefore, cannot easily be routed to a nearby call center, and are impossible on some VoIP systems. Sometimes, VoIP systems may route emergency calls to a non-emergency phone line at the intended department. In the US, at least one major police department has strongly objected to this practice as potentially endangering the public.[5]
Moreover, in the event that the caller is unable to give an address, emergency services may be unable to locate them in any other way. Following the lead of mobile phone operators, several VoIP carriers are already implementing a technical work-around. [citation needed] For instance, one large VoIP carrier requires the registration of the physical address where the VoIP line will be used. When you dial the emergency number for your country, they will route it to the appropriate local system. They also maintain their own emergency call center that will take non-routable emergency calls (made, for example, from a software based service that is not tied to any particular physical location) and then will manually route your call once learning your physical location. [citation needed]
If you keep your county of residence on file with your VOIP provider, as you should for 911 taxation policies, 911 will retain all operational functionality.[citation needed]
[edit] Integration into global telephone number system
While the traditional Plain Old Telephone Service (POTS) and mobile phone networks share a common global standard (E.164) which allocates and identifies any specific telephone line, there is no widely adopted similar standard for VoIP networks. Some allocate an E.164 number which can be used for VoIP as well as incoming/external calls. However, there are often different, incompatible schemes when calling between VoIP providers which use provider specific short codes.
[edit] Single point of calling
With hardware VoIP solutions it is possible to connect the VoIP router into the existing central phone box in the house and have VoIP at every phone already connected. Software based VoIP services require the use of a computer, so they are limited to single point of calling, though telephone sets are now available, allowing them to be used without a PC. Some services provide the ability to connect WiFi SIP phones so that service can be extended throughout the premises, and off-site to any location with an open hotspot.[6]However, note that many hotspots require browser-based authentication, which most SIP phones do not support.[7]
[edit] Mobile phones & Hand held Devices
Telcos and consumers have invested billions of dollars in mobile phone equipment. In developed countries, mobile phones have achieved nearly complete market penetration, and many people are giving up landlines and using mobiles exclusively. Given this situation, it is not entirely clear whether there would be a significant higher demand for VoIP among consumers until either public or community wireless networks have similar geographical coverage to cellular networks (thereby enabling mobile VoIP phones, so called WiFi phones or VoWLAN) or VoIP is implemented over legacy 3G networks. However, "dual mode" telephone sets, which allow for the seamless handover between a cellular network and a WiFi network, are expected to help VoIP become more popular.[8]
Phones like the NEC N900iL, and later the Nokia E60, E61 have been the first "dual mode" telephone sets capable of delivering mobile VoIP. With more and more mobile phones and hand held devices using VOIP, the nicknames of "MoIP" and MVoip (Mobile VoIP) have been attributed to these mobile applications.
Hand held Devices are another type of medium whereby you can use VoIP services. Since most of these devices are limited to using GSM/GPRS type of communication mediums, almost all of the hand held devices use WiFi of some sort.
Another addition to hand held devices are ruggedized bar code type devices that are used in warehouses and retail environments. These type of devices rely on "inside the 4 walls" type of VoIP services that do not connect to the outside world and are solely to be used from employee to employee communications.
[edit] Security
Many consumer VoIP solutions do not support encryption yet, although having a secure phone is much easier to implement with VoIP than traditional phone lines. As a result, it is relatively easy to eavesdrop on VoIP calls and even change their content.[9] There are several open source solutions that facilitate sniffing of VoIP conversations. A modicum of security is afforded due to patented audio codecs that are not easily available for open source applications, however such security through obscurity has not proven effective in the long run in other fields. Some vendors also use compression to make eavesdropping more difficult. However, real security requires encryption and cryptographic authentication which are not widely available at a consumer level. The existing secure standard SRTP and the new ZRTP protocol is available on Analog Telephone Adapters(ATAs) as well as various softphones. It is possible to use IPsec to secure P2P VoIP by using opportunistic encryption. Skype does not use SRTP, but uses encryption which is transparent to the Skype provider.
The Voice VPN solution provides secure voice for enterprise VoIP networks by applying IPSec encryption to the digitized voice stream.
[edit] Pre-Paid Phone Cards
VoIP has become an important technology for phone services to travelers, migrant workers and expatriate, who either, due to not having a fixed or mobile phone or high overseas roaming charges, choose instead to use VoIP services to make their phone calls. Pre-paid phone cards can be used either from a normal phone or from Internet cafes that have phone services. Developing countries and areas with high tourist or immigrant communities generally have a higher uptake.
[edit] Caller ID
Caller ID support among VoIP providers varies, although the majority of VoIP providers now offer full Caller ID with name on outgoing calls. When calling a traditional PSTN number from some VoIP providers, Caller ID is not supported.
In a few cases, VoIP providers may allow a caller to spoof the Caller ID information, making it appear as though they are calling from a different number. Business grade VoIP equipment and software often makes it easy to modify caller ID information. Although this can provide many businesses great flexibility, it is also open to abuse.
[edit] VoIM
Voice over Instant Messaging (VoIM) presents VoIP as one communication mode among several, with a an IM user interface (contact list and presence) as the primary user experience. Many instant messenger services added client-to-client or client-to-PSTN VoIP in the mid-2000s.
[edit] Adoption
[edit] Mass-market telephony
A major development starting in 2004 has been the introduction of mass-market VoIP services over broadband Internet access services, in which subscribers make and receive calls as they would over the PSTN. Full phone service VoIP phone companies provide inbound and outbound calling with Direct Inbound Dialing. Many offer unlimited calling to the U.S., and some to Canada or selected countries in Europe or Asia as well, for a flat monthly fee.
These services take a wide variety of forms which can be more or less similar to traditional POTS. At one extreme, an analog telephone adapter (ATA) may be connected to the broadband Internet connection and an existing telephone jack in order to provide service nearly indistinguishable from POTS on all the other jacks in the residence. This type of service, which is fixed to one location, is generally offered by broadband Internet providers such as cable companies and telephone companies as a cheaper flat-rate traditional phone service. Often the phrase "VoIP" is not used in selling these services, but instead the industry has marketed the phrases "Internet Phone", "Digital Phone" or "Softphone" which is aimed at typical phone users who are not necessarily tech-savvy. Typically, the provider touts the advantage of being able to keep one's existing phone number.
At the other extreme are services like Gizmo Project and Skype which rely on a software client on the computer in order to place a call over the network, where one user ID can be used on many different computers or in different locations on a laptop. In the middle lie services which also provide a telephone adapter for connecting to the broadband connection similar to the services offered by broadband providers (and in some cases also allow direct connections of SIP phones) but which are aimed at a more tech-savvy user and allow portability from location to location. One advantage of these two types of services is the ability to make and receive calls as one would at home, anywhere in the world, at no extra cost. No additional charges are incurred, as call diversion via the PSTN would, and the called party does not have to pay for the call. For example, if a subscriber with a home phone number in the U.S. or Canada calls someone else within his local calling area, it will be treated as a local call regardless of where that person is in the world. Often the user may elect to use someone else's area code as his own to minimize phone costs to a frequently called long-distance number.
For some users, the broadband phone complements, rather than replaces, a PSTN line, due to a number of inconveniences compared to traditional services. VoIP requires a broadband Internet connection and, if a telephone adapter is used, a power adapter is usually needed. In the case of a power failure, VoIP services will generally not function. Additionally, a call to the U.S. emergency services number 9-1-1 may not automatically be routed to the nearest local emergency dispatch center, and would be of no use for subscribers outside the U.S. This is potentially true for users who select a number with an area code outside their area. Some VoIP providers offer users the ability to register their address so that 9-1-1 services work as expected.
Another challenge for these services is the proper handling of outgoing calls from fax machines, TiVo/ReplayTV boxes, satellite television receivers, alarm systems, conventional modems or FAXmodems, and other similar devices that depend on access to a voice-grade telephone line for some or all of their functionality. At present, these types of calls sometimes go through without any problems, but in other cases they will not go through at all. And in some cases, this equipment can be made to work over a VoIP connection if the sending speed can be changed to a lower bits per second rate. If VoIP and cellular substitution becomes very popular, some ancillary equipment makers may be forced to redesign equipment, because it would no longer be possible to assume a conventional voice-grade telephone line would be available in almost all homes in North America and Western-Europe. The TestYourVoIP website offers a free service to test the quality of or diagnose an Internet connection by placing simulated VoIP calls from any Java-enabled Web browser, or from any phone or VoIP device capable of calling the PSTN network.
[edit] Corporate and telco use
Although few office environments and even fewer homes use a pure VoIP infrastructure, telecommunications providers routinely use IP telephony, often over a dedicated IP network, to connect switching stations, converting voice signals to IP packets and back. The result is a data-abstracted digital network which the provider can easily upgrade and use for multiple purposes.
Corporate customer telephone support often use IP telephony exclusively to take advantage of the data abstraction. The benefit of using this technology is the need for only one class of circuit connection and better bandwidth use. Companies can acquire their own gateways to eliminate third-party costs, which is worthwhile in some situations.
VoIP is widely employed by carriers, especially for international telephone calls. It is commonly used to route traffic starting and ending at conventional PSTN telephones.
Many telecommunications companies are looking at the IP Multimedia Subsystem (IMS) which will merge Internet technologies with the mobile world, using a pure VoIP infrastructure. It will enable them to upgrade their existing systems while embracing Internet technologies such as the Web, email, instant messaging, presence, and video conferencing. It will also allow existing VoIP systems to interface with the conventional PSTN and mobile phones.
Electronic Numbering (ENUM) uses standard phone numbers (E.164), but allows connections entirely over the Internet. If the other party uses ENUM, the only expense is the Internet connection. Virtual PBX (or IP PBX) allow companies to control their internal phone network over an existing LAN and server without needing to wire a separate telephone network. Users within this environment can then use standard telephones coupled with an FXS, IP Phones connected to a data port or a Softphone on their PC. Internal VoIP phone networks allow outbound and inbound calling on standard PSTN lines through the use of FXO adapters.
[edit] Use in Amateur Radio
Sometimes called Radio Over Internet Protocol or RoIP, Amateur radio has adopted VoIP by linking repeaters and users with Echolink, IRLP, D-STAR, Dingotel and EQSO. In fact, Echolink allows users to connect to repeaters via their computer (over the Internet) rather than by using a radio. By using VoIP Amateur Radio operators are able to create large repeater networks with repeaters all over the world where operators can access the system with actual ham radios.
Ham Radio operators using radios are able to tune to repeaters with VoIP capabilities and use DTMF signals to command the repeater to connect to various other repeaters, thus allowing them to talk to people all around the world, even with "line of sight" VHF radios.
[edit] Click to call
Main article: Click-to-call
Click-to-call is a service which lets users click a button and immediately speak with a customer service representative. The call can either be carried over VoIP, or the customer may request an immediate call back by entering their phone number. One significant benefit to click-to-call providers is that it allows companies to monitor when online visitors change from the website to a phone sales channel.
[edit] Legal issues in different countries
As the popularity of VoIP grows, and PSTN users switch to VoIP in increasing numbers, governments are becoming more interested in regulating[10] VoIP in a manner similar to legacy PSTN services, especially with the encouragement of the state-mandated telephone monopolies/oligopolies in a given country, who see this as a way to stifle the new competition.
In the U.S., the Federal Communications Commission now requires all VoIP operators who do not support Enhanced 911 to attach a sticker warning that traditional 911 services aren't available. The FCC recently required VoIP operators to support CALEA wiretap functionality. The Telecommunications Act of 2005 proposes adding more traditional PSTN regulations, such as local number portability and universal service fees. Other future legal issues are likely to include laws against wiretapping and network neutrality.
Some Latin American and Caribbean countries, fearful for their state owned telephone services, have imposed restrictions on the use of VoIP, including in Panama where VoIP is taxed. In Ethiopia, where the government is monopolizing telecommunication service, it is a criminal offense to offer services using VoIP. The country has installed firewalls to prevent international calls being made using VoIP. These measures were taken after a popularity in VoIP reduced the income generated by the state owned telecommunication company.
In the European Union, the treatment of VoIP service providers is a decision for each Member State's national telecoms regulator, which must use competition law to define relevant national markets and then determine whether any service provider on those national markets has "significant market power" (and so should be subject to certain obligations). A general distinction is usually made between VoIP services that function over managed networks (via broadband connections) and VoIP services that function over unmanaged networks (essentially, the Internet).
VoIP services that function over managed networks are often considered to be a viable substitute for PSTN telephone services (despite the problems of power outages and lack of geographical information); as a result, major operators that provide these services (in practice, incumbent operators) may find themselves bound by obligations of price control or accounting separation.
VoIP services that function over unmanaged networks are often considered to be too poor in quality to be a viable substitute for PSTN services; as a result, they may be provided without any specific obligations, even if a service provider has "significant market power".
The relevant EU Directive is not clearly drafted concerning obligations which can exist independently of market power (e.g., the obligation to offer access to emergency calls), and it is impossible to say definitively whether VoIP service providers of either type are bound by them. A review of the EU Directive is under way and should be complete by 2007.
In India, it is legal to use VoIP, but it is illegal to have VoIP gateways inside India. This effectively means that people who have PCs can use them to make a VoIP call to any number, but if the remote side is a normal phone, the gateway that converts the VoIP call to a POTS call should not be inside India.
In the UAE, it is illegal to use any form of VoIP, to the extent that websites of Skype and Gizmo Project don't work.
In the Republic of Korea, only providers registered with the government are authorized to offer VoIP services. Unlike many VoIP providers, most of whom offer flat rates, Korean VoIP services are generally metered and charged at rates similar to terrestrial calling. Foreign VoIP providers such as Vonage encounter high barriers to government registration. This issue came to a head in 2006 when internet service providers providing personal internet services by contract to United States Forces Korea members residing on USFK bases threatened to block off access to VoIP services used by USFK members of as an economical way to keep in contact with their families in the United States, on the grounds that the service members' VoIP providers were not registered. A compromise was reached between USFK and Korean telecommunications officials in January 2007, wherein USFK service members arriving in Korea before June 1, 2007 and subscribing to the ISP services provided on base may continue to use their U.S.-based VoIP subscription, but later arrivals must use a Korean-based VoIP provider, which by contract will offer pricing similar to the flat rates offered by U.S. VoIP providers. [1]
[edit] IP telephony in Japan
In Japan, IP telephony (IP電話, IP Denwa ?) is regarded as a service applied VoIP technology to whole or a part of the telephone line. As from 2003, IP telephony service assigned telephone numbers has been provided. There are not voice only services, but also videophone service. According to the Telecommunication Business Law, the service category for IP telephony also implies the service provided via Internet, which is not assigned any telephone number. IP telephony is basically regulated by Ministry of Internal Affairs and Communications (MIC), as a telecommunication service. The operators have to disclose necessary information on its quality, etc, prior to making contract with customers, and have obligation to respond to their complaints cordially.
Many Internet service providers (ISP) are providing IP telephony services. The provider, which provides IP telephony service, is so-called "ITSP (Internet Telephony Service Provider)". Recently, the competition among ITSPs has been activated, by option or set sales, connected with ADSL or FTTH services.
The tariff system normally applied for Japanese IP telephony tends to be described as below;
The call between IP telephony subscribers, limited to the same group, is mostly free of charge.
The call from IP telephony subscribers to fixed line or PHS is mostly fixed rate, uniformly, all over the country.
Between ITSP, the interconnection is mostly maintained at VoIP level.
As for the IP telephony assigned normal telephone number (0AB-J), the condition for its interconnection is considered same as normal telephony.
As for the IP telephony assigned specific telephone number (050), the condition for its interconnection tends to be described as below;
Interconnection is sometimes charged. (Sometimes, it's free of charge.) In case of free of charge, mostly, the traffics are exchanged via P2P connection with the same VoIP standard. Otherwise, certain conversion is needed at the point of VoIP gateway, which needs running costs.
[edit] Telephone number for IP telephony in Japan
Since September 2002, the MIC has assigned IP telephony telephone numbers on the condition that the service falls into certain required categories of quality. Highly qualified IP telephony is assigned a telephone number. Normally the number starts with 050. But, when its quality is so high that customer almost could not tell the difference between it and a normal telephone and when the provider relates its number with a location and provides the connection with emergency call capabilities, the provider is allowed to assign a normal telephone number, which is a so-called "0AB-J" number.
[edit] Technical details
The two major competing standards for VoIP are the IETF standard SIP and the ITU standard H.323. Initially H.323 was the most popular protocol, though in the "local loop" it has since been surpassed by SIP. This was primarily due to the latter's better traversal of NAT and firewalls, although recent changes introduced for H.323 have removed this advantage.[citation needed]
However, in backbone voice networks where everything is under the control of the network operator or telco, H.323 is the protocol of choice. Many of the largest carriers use H.323 in their core backbones[citation needed], and the vast majority of callers have little or no idea that their POTS calls are being carried over VoIP.
Where VoIP travels through multiple providers' softswitches the concepts of Full Media Proxy and Signalling Proxy are important. In H.323, the data is made up of 3 streams of data: 1) H.225.0 Call Signaling; 2) H.245; 3) Media. So if you are in London, your provider is in Australia, and you wish to call America, then in full proxy mode all three streams will go half way around the world and the delay (up to 500-600 ms) and packet loss will be high. However in signaling proxy mode where only the signaling flows through the provider the delay will be reduced to a more user friendly 120-150 ms.
One of the key issues with all traditional VoIP protocols is the wasted bandwidth used for packet headers. Typically, to send a G.723.1 5.6 kbit/s compressed audio path requires 18 kbit/s of bandwidth based on standard sampling rates. The difference between the 5.6 kbit/s and 18 kbit/s is packet headers. There are a number of bandwidth optimization techniques used, such as silence suppression and header compression. This can typically save 35% on bandwidth usage.
VoIP trunking techniques such as TDMoIP can reduce bandwidth overhead even further by multiplexing multiple conversations that are heading to the same destination and wrapping them up inside the same packets. Because the packet header overhead is shared between many simultaneous streams, TDMoIP can offer near toll quality audio with a per-stream packet header overhead of only about 1 kbit/s.
[edit] See also
List of commercial voice over IP network providers
SIP
SIP Telephony
IP Multimedia Subsystem
Mobile VoIP
Comparison of VoIP software
PATS
Computer conferencing
ROIP
Differentiated services
Integrated services
Predictive dialers
Secure telephone
VoIP recording
Capillary routing
VoiceXML
ENUM
[edit] References
^ Jackson, Barry. History of VoIP. University of Texas at Dallas. Retrieved on 2007-11-07.
^ Keating, Tom. Internet Phone Release 4. Computer Telephony Interaction Magazine. Retrieved on 2007-11-07.
^ The 10 that Established VoIP (Part 1: VocalTec). iLocus (July 13, 2007). Retrieved on 2007-11-07.
^ The 10 that Established VoIP (Part 2: Level 3). iLocus (July 13, 2007). Retrieved on 2007-11-07.
^ letter from the City of New York to the Federal Communications Commission
^ Internet Phones Call on Wi-Fi. PCWorld. Retrieved on 2006-05-26.
^ WiFi phones for Skype and SIP: available now, but be careful what you buy. Voipally. Retrieved on 2006-08-22.
^ Dual-mode cellular/WiFi handset adoption. TMCnet. Retrieved on 2006-05-26.
^ Examining Two Well-Known Attacks on VoIP. CircleID. Retrieved on 2006-04-05.
^ Global VoIP Policy Status Matrix. Global IP Alliance. Retrieved on 2006-11-23.
An overview of how VoIP works
A typical analog telephone adapter for connecting an ordinary phone to a VoIP network
Cisco's implementation of VoIP - IP PhoneThis image is a candidate for speedy deletion. It will be deleted after seven days from the date of nomination.
Voice over Internet Protocol, also called VoIP (pronounced voyp), IP Telephony, Internet telephony, Broadband telephony, Broadband Phone and Voice over Broadband is the routing of voice conversations over the Internet or through any other IP-based network.
Companies providing VoIP service are commonly referred to as providers, and protocols which are used to carry voice signals over the IP network are commonly referred to as Voice over IP or VoIP protocols. They may be viewed as commercial realizations of the experimental Network Voice Protocol (1973) invented for the ARPANET providers. Some cost savings are due to utilizing a single network to carry voice and data, especially where users have existing underutilized network capacity that can carry VoIP at no additional cost. VoIP to VoIP phone calls are sometimes free, while VoIP to public switched telephone networks, PSTN, may have a cost that is borne by the VoIP user.
Voice over IP protocols carry telephony signals as digital audio, typically reduced in data rate using speech data compression techniques, encapsulated in a data packet stream over IP.
There are two types of PSTN to VoIP services: Direct Inward Dialing (DID) and access numbers. DID will connect the caller directly to the VoIP user while access numbers require the caller to input the extension number of the VoIP user.
Contents[hide]
1 History
2 Functionality
3 Implementation
3.1 Reliability
3.2 Quality of Service
3.3 Difficulty with sending faxes
3.4 Emergency calls
3.5 Integration into global telephone number system
3.6 Single point of calling
3.7 Mobile phones & Hand held Devices
3.8 Security
3.9 Pre-Paid Phone Cards
3.10 Caller ID
3.11 VoIM
4 Adoption
4.1 Mass-market telephony
4.2 Corporate and telco use
4.3 Use in Amateur Radio
4.4 Click to call
5 Legal issues in different countries
5.1 IP telephony in Japan
5.1.1 Telephone number for IP telephony in Japan
6 Technical details
7 See also
8 References
9 External links
//
[edit] History
This short section requires expansion.
Voice over IP has been a subject of interest almost since the first computer network. By 1973, voice was being transmitted over the early Internet.[1] By Technology for transmitting voice conversations over the internet has been available to end users since at least the 1990's. For instance, in 1996, a shrink-wrapped software product called Vocaltec Internet Phone Release 4 provided VoIP, along with extra features such as voice mail and caller id. however, it did not offer a gateway to the analog POTS system, so it was only possible to speak to other Vocaltec Internet Phone users.[2] VocalTec is significant for their breakthroughs in realtime voice compression,[3] which was vital at a time when the majority of users had at most a 28.8 kb/s dialup modem. In 1997, Level 3 began development of its first softswitch (a term they invented in 1998); softswitches were designed to replace a traditional hardware switchboards by serving as the gateway between two telephone networks.[4]
[edit] Functionality
VoIP can facilitate tasks that may be more difficult to achieve using traditional networks that have been typically used historically:
Ability to transmit more than one telephone call down the same broadband-connected telephone line. This can make VoIP a simple way to add an extra telephone line to a home or office.
Many VoIP packages include PSTN features that most telcos (telecommunication companies) normally charge extra for, or may be unavailable from your local telco,such as 3-way calling, call forwarding, automatic redial, and caller ID.
VoIP can be secured with existing off-the-shelf protocols such as Secure Real-time Transport Protocol. Most of the difficulties of creating a secure phone over traditional phone lines, like digitizing and digital transmission are already in place with VoIP. It is only necessary to encrypt and authenticate the existing data stream.
VoIP is location independent, only an internet connection is needed to get a connection to a VoIP provider; for instance call center agents using VoIP phones can work from anywhere with a sufficiently fast and stable Internet connection.
VoIP phones can integrate with other services available over the Internet, including video conversation, message or data file exchange in parallel with the conversation, audio conferencing, managing address books and passing information about whether others (e.g. friends or colleagues) are available online to interested parties.
[edit] Implementation
Because UDP does not provide a mechanism to ensure that data packets are delivered in sequential order, or provide Quality of Service (known as QoS) guarantees, VoIP implementations face problems dealing with latency and jitter. This is especially true when satellite circuits are involved, due to long round trip propagation delay (400 milliseconds to 600 milliseconds for geostationary satellite). The receiving node must restructure IP packets that may be out of order, delayed or missing, while ensuring that the audio stream maintains a proper time consistency. This functionality is usually accomplished by means of a jitter buffer.
Another challenge is routing VoIP traffic through firewalls and address translators. Private Session Border Controllers are used along with firewalls to enable VoIP calls to and from a protected enterprise network. Skype uses a proprietary protocol to route calls through other Skype peers on the network, allowing it to traverse symmetric NATs and firewalls. Other methods to traverse firewalls involve using protocols such as STUN or ICE.
VoIP challenges:
Available bandwidth
Delay/Network Latency
Packet loss
Jitter
Echo
Security
Reliability
Pulse dialing to DTMF translation
Many VoIP providers do not translate pulse dialing from older phones to DTMF. The VoIP user may use a VoIP Pulse to Tone Converter, if needed.[citation needed]
Fixed delays cannot be controlled but some delays can be minimized by marking voice packets as being delay-sensitive (see, for example, Diffserv).
The principal cause of packet loss is congestion, which can be controlled by congestion management and avoidance. Carrier VoIP networks avoid congestion by means of teletraffic engineering.
Variation in delay is called jitter. The effects of jitter can be mitigated by storing voice packets in a buffer (called a play-out buffer) upon arrival, before playing them out. This avoids a condition known as buffer underrun, in which the playout process runs out of voice data to play because the next voice packet has not yet arrived, but increases delay by the length of the buffer.
Common causes of echo include impedance mismatches in analog circuitry, and acoustic coupling of the transmit and receive signal at the receiving end.
[edit] Reliability
Conventional phones are connected directly to telephone company phone lines, which in the event of a power failure are kept functioning by back-up generators or batteries located at the telephone exchange. However, household VoIP hardware uses broadband modems and other equipment powered by household electricity, which may be subject to outages in the absence of a uninterruptible power supply or generator. Early adopters of VoIP may also be users of other phone equipment, such as PBX and cordless phone bases, that rely on power not provided by the telephone company. Even with local power still available, the broadband carrier itself may experience outages as well. While the PSTN has been matured over decades and is typically extremely reliable, most broadband networks are less than 10 years old, and even the best are still subject to intermittent outages. Furthermore, consumer network technologies such as cable and DSL often are not subject to the same restoration service levels as the PSTN or business technologies such as T-1 connection.
[edit] Quality of Service
Some broadband connections may have less than desirable quality. Where IP packets are lost or delayed at any point in the network between VoIP users, there will be a momentary drop-out of voice. This is more noticeable in highly congested networks and/or where there are long distances and/or interworking between end points. Technology has improved the reliability and voice quality over time and will continue to improve VoIP performance as time goes on.
It has been suggested to rely on the packetized nature of media in VOIP communications and transmit the stream of packets from the source phone to the destination phone simultaneously across different routes (multi-path routing). In such a way, the temporary failures have less impact on the communication quality. In capillary routing it has been suggested to use at the packet level Fountain codes or particularly raptor codes for transmitting extra redundant packets making the communication more reliable.
A number of protocols have been defined to support the reporting of QoS/QoE for VoIP calls. These include RTCP XR (RFC3611), SIP RTCP Summary Reports, H.460.9 Annex B (for H.323), H.248.30 and MGCP extensions. The RFC3611 VoIP Metrics block is generated by an IP phone or gateway during a live call and contains information on packet loss rate, packet discard rate (due to jitter), packet loss/discard burst metrics (burst length/density, gap length/density), network delay, end system delay, signal / noise / echo level, MOS scores and R factors and configuration information related to the jitter buffer.
RFC3611 VoIP metrics reports are exchanged between IP endpoints on an occasional basis during a call, and an end of call message sent via SIP RTCP Summary Report or one of the other signaling protocol extensions. RFC3611 VoIP metrics reports are intended to support real time feedback related to QoS problems, the exchange of information between the endpoints for improved call quality calculation and a variety of other applications.
[edit] Difficulty with sending faxes
The support of sending faxes over VoIP is still limited. The existing voice codecs are not designed for fax transmission. An effort is underway to remedy this by defining an alternate IP-based solution for delivering Fax-over-IP, namely the T.38 protocol. Another possible solution to overcome the drawback is to treat the fax system as a message switching system which does not need real time data transmission - such as sending a fax as an email attachment (see Fax) or remote printout (see Internet Printing Protocol). The end system can completely buffer the incoming fax data before displaying or printing the fax image.
[edit] Emergency calls
The nature of IP makes it difficult to locate network users geographically. Emergency calls, therefore, cannot easily be routed to a nearby call center, and are impossible on some VoIP systems. Sometimes, VoIP systems may route emergency calls to a non-emergency phone line at the intended department. In the US, at least one major police department has strongly objected to this practice as potentially endangering the public.[5]
Moreover, in the event that the caller is unable to give an address, emergency services may be unable to locate them in any other way. Following the lead of mobile phone operators, several VoIP carriers are already implementing a technical work-around. [citation needed] For instance, one large VoIP carrier requires the registration of the physical address where the VoIP line will be used. When you dial the emergency number for your country, they will route it to the appropriate local system. They also maintain their own emergency call center that will take non-routable emergency calls (made, for example, from a software based service that is not tied to any particular physical location) and then will manually route your call once learning your physical location. [citation needed]
If you keep your county of residence on file with your VOIP provider, as you should for 911 taxation policies, 911 will retain all operational functionality.[citation needed]
[edit] Integration into global telephone number system
While the traditional Plain Old Telephone Service (POTS) and mobile phone networks share a common global standard (E.164) which allocates and identifies any specific telephone line, there is no widely adopted similar standard for VoIP networks. Some allocate an E.164 number which can be used for VoIP as well as incoming/external calls. However, there are often different, incompatible schemes when calling between VoIP providers which use provider specific short codes.
[edit] Single point of calling
With hardware VoIP solutions it is possible to connect the VoIP router into the existing central phone box in the house and have VoIP at every phone already connected. Software based VoIP services require the use of a computer, so they are limited to single point of calling, though telephone sets are now available, allowing them to be used without a PC. Some services provide the ability to connect WiFi SIP phones so that service can be extended throughout the premises, and off-site to any location with an open hotspot.[6]However, note that many hotspots require browser-based authentication, which most SIP phones do not support.[7]
[edit] Mobile phones & Hand held Devices
Telcos and consumers have invested billions of dollars in mobile phone equipment. In developed countries, mobile phones have achieved nearly complete market penetration, and many people are giving up landlines and using mobiles exclusively. Given this situation, it is not entirely clear whether there would be a significant higher demand for VoIP among consumers until either public or community wireless networks have similar geographical coverage to cellular networks (thereby enabling mobile VoIP phones, so called WiFi phones or VoWLAN) or VoIP is implemented over legacy 3G networks. However, "dual mode" telephone sets, which allow for the seamless handover between a cellular network and a WiFi network, are expected to help VoIP become more popular.[8]
Phones like the NEC N900iL, and later the Nokia E60, E61 have been the first "dual mode" telephone sets capable of delivering mobile VoIP. With more and more mobile phones and hand held devices using VOIP, the nicknames of "MoIP" and MVoip (Mobile VoIP) have been attributed to these mobile applications.
Hand held Devices are another type of medium whereby you can use VoIP services. Since most of these devices are limited to using GSM/GPRS type of communication mediums, almost all of the hand held devices use WiFi of some sort.
Another addition to hand held devices are ruggedized bar code type devices that are used in warehouses and retail environments. These type of devices rely on "inside the 4 walls" type of VoIP services that do not connect to the outside world and are solely to be used from employee to employee communications.
[edit] Security
Many consumer VoIP solutions do not support encryption yet, although having a secure phone is much easier to implement with VoIP than traditional phone lines. As a result, it is relatively easy to eavesdrop on VoIP calls and even change their content.[9] There are several open source solutions that facilitate sniffing of VoIP conversations. A modicum of security is afforded due to patented audio codecs that are not easily available for open source applications, however such security through obscurity has not proven effective in the long run in other fields. Some vendors also use compression to make eavesdropping more difficult. However, real security requires encryption and cryptographic authentication which are not widely available at a consumer level. The existing secure standard SRTP and the new ZRTP protocol is available on Analog Telephone Adapters(ATAs) as well as various softphones. It is possible to use IPsec to secure P2P VoIP by using opportunistic encryption. Skype does not use SRTP, but uses encryption which is transparent to the Skype provider.
The Voice VPN solution provides secure voice for enterprise VoIP networks by applying IPSec encryption to the digitized voice stream.
[edit] Pre-Paid Phone Cards
VoIP has become an important technology for phone services to travelers, migrant workers and expatriate, who either, due to not having a fixed or mobile phone or high overseas roaming charges, choose instead to use VoIP services to make their phone calls. Pre-paid phone cards can be used either from a normal phone or from Internet cafes that have phone services. Developing countries and areas with high tourist or immigrant communities generally have a higher uptake.
[edit] Caller ID
Caller ID support among VoIP providers varies, although the majority of VoIP providers now offer full Caller ID with name on outgoing calls. When calling a traditional PSTN number from some VoIP providers, Caller ID is not supported.
In a few cases, VoIP providers may allow a caller to spoof the Caller ID information, making it appear as though they are calling from a different number. Business grade VoIP equipment and software often makes it easy to modify caller ID information. Although this can provide many businesses great flexibility, it is also open to abuse.
[edit] VoIM
Voice over Instant Messaging (VoIM) presents VoIP as one communication mode among several, with a an IM user interface (contact list and presence) as the primary user experience. Many instant messenger services added client-to-client or client-to-PSTN VoIP in the mid-2000s.
[edit] Adoption
[edit] Mass-market telephony
A major development starting in 2004 has been the introduction of mass-market VoIP services over broadband Internet access services, in which subscribers make and receive calls as they would over the PSTN. Full phone service VoIP phone companies provide inbound and outbound calling with Direct Inbound Dialing. Many offer unlimited calling to the U.S., and some to Canada or selected countries in Europe or Asia as well, for a flat monthly fee.
These services take a wide variety of forms which can be more or less similar to traditional POTS. At one extreme, an analog telephone adapter (ATA) may be connected to the broadband Internet connection and an existing telephone jack in order to provide service nearly indistinguishable from POTS on all the other jacks in the residence. This type of service, which is fixed to one location, is generally offered by broadband Internet providers such as cable companies and telephone companies as a cheaper flat-rate traditional phone service. Often the phrase "VoIP" is not used in selling these services, but instead the industry has marketed the phrases "Internet Phone", "Digital Phone" or "Softphone" which is aimed at typical phone users who are not necessarily tech-savvy. Typically, the provider touts the advantage of being able to keep one's existing phone number.
At the other extreme are services like Gizmo Project and Skype which rely on a software client on the computer in order to place a call over the network, where one user ID can be used on many different computers or in different locations on a laptop. In the middle lie services which also provide a telephone adapter for connecting to the broadband connection similar to the services offered by broadband providers (and in some cases also allow direct connections of SIP phones) but which are aimed at a more tech-savvy user and allow portability from location to location. One advantage of these two types of services is the ability to make and receive calls as one would at home, anywhere in the world, at no extra cost. No additional charges are incurred, as call diversion via the PSTN would, and the called party does not have to pay for the call. For example, if a subscriber with a home phone number in the U.S. or Canada calls someone else within his local calling area, it will be treated as a local call regardless of where that person is in the world. Often the user may elect to use someone else's area code as his own to minimize phone costs to a frequently called long-distance number.
For some users, the broadband phone complements, rather than replaces, a PSTN line, due to a number of inconveniences compared to traditional services. VoIP requires a broadband Internet connection and, if a telephone adapter is used, a power adapter is usually needed. In the case of a power failure, VoIP services will generally not function. Additionally, a call to the U.S. emergency services number 9-1-1 may not automatically be routed to the nearest local emergency dispatch center, and would be of no use for subscribers outside the U.S. This is potentially true for users who select a number with an area code outside their area. Some VoIP providers offer users the ability to register their address so that 9-1-1 services work as expected.
Another challenge for these services is the proper handling of outgoing calls from fax machines, TiVo/ReplayTV boxes, satellite television receivers, alarm systems, conventional modems or FAXmodems, and other similar devices that depend on access to a voice-grade telephone line for some or all of their functionality. At present, these types of calls sometimes go through without any problems, but in other cases they will not go through at all. And in some cases, this equipment can be made to work over a VoIP connection if the sending speed can be changed to a lower bits per second rate. If VoIP and cellular substitution becomes very popular, some ancillary equipment makers may be forced to redesign equipment, because it would no longer be possible to assume a conventional voice-grade telephone line would be available in almost all homes in North America and Western-Europe. The TestYourVoIP website offers a free service to test the quality of or diagnose an Internet connection by placing simulated VoIP calls from any Java-enabled Web browser, or from any phone or VoIP device capable of calling the PSTN network.
[edit] Corporate and telco use
Although few office environments and even fewer homes use a pure VoIP infrastructure, telecommunications providers routinely use IP telephony, often over a dedicated IP network, to connect switching stations, converting voice signals to IP packets and back. The result is a data-abstracted digital network which the provider can easily upgrade and use for multiple purposes.
Corporate customer telephone support often use IP telephony exclusively to take advantage of the data abstraction. The benefit of using this technology is the need for only one class of circuit connection and better bandwidth use. Companies can acquire their own gateways to eliminate third-party costs, which is worthwhile in some situations.
VoIP is widely employed by carriers, especially for international telephone calls. It is commonly used to route traffic starting and ending at conventional PSTN telephones.
Many telecommunications companies are looking at the IP Multimedia Subsystem (IMS) which will merge Internet technologies with the mobile world, using a pure VoIP infrastructure. It will enable them to upgrade their existing systems while embracing Internet technologies such as the Web, email, instant messaging, presence, and video conferencing. It will also allow existing VoIP systems to interface with the conventional PSTN and mobile phones.
Electronic Numbering (ENUM) uses standard phone numbers (E.164), but allows connections entirely over the Internet. If the other party uses ENUM, the only expense is the Internet connection. Virtual PBX (or IP PBX) allow companies to control their internal phone network over an existing LAN and server without needing to wire a separate telephone network. Users within this environment can then use standard telephones coupled with an FXS, IP Phones connected to a data port or a Softphone on their PC. Internal VoIP phone networks allow outbound and inbound calling on standard PSTN lines through the use of FXO adapters.
[edit] Use in Amateur Radio
Sometimes called Radio Over Internet Protocol or RoIP, Amateur radio has adopted VoIP by linking repeaters and users with Echolink, IRLP, D-STAR, Dingotel and EQSO. In fact, Echolink allows users to connect to repeaters via their computer (over the Internet) rather than by using a radio. By using VoIP Amateur Radio operators are able to create large repeater networks with repeaters all over the world where operators can access the system with actual ham radios.
Ham Radio operators using radios are able to tune to repeaters with VoIP capabilities and use DTMF signals to command the repeater to connect to various other repeaters, thus allowing them to talk to people all around the world, even with "line of sight" VHF radios.
[edit] Click to call
Main article: Click-to-call
Click-to-call is a service which lets users click a button and immediately speak with a customer service representative. The call can either be carried over VoIP, or the customer may request an immediate call back by entering their phone number. One significant benefit to click-to-call providers is that it allows companies to monitor when online visitors change from the website to a phone sales channel.
[edit] Legal issues in different countries
As the popularity of VoIP grows, and PSTN users switch to VoIP in increasing numbers, governments are becoming more interested in regulating[10] VoIP in a manner similar to legacy PSTN services, especially with the encouragement of the state-mandated telephone monopolies/oligopolies in a given country, who see this as a way to stifle the new competition.
In the U.S., the Federal Communications Commission now requires all VoIP operators who do not support Enhanced 911 to attach a sticker warning that traditional 911 services aren't available. The FCC recently required VoIP operators to support CALEA wiretap functionality. The Telecommunications Act of 2005 proposes adding more traditional PSTN regulations, such as local number portability and universal service fees. Other future legal issues are likely to include laws against wiretapping and network neutrality.
Some Latin American and Caribbean countries, fearful for their state owned telephone services, have imposed restrictions on the use of VoIP, including in Panama where VoIP is taxed. In Ethiopia, where the government is monopolizing telecommunication service, it is a criminal offense to offer services using VoIP. The country has installed firewalls to prevent international calls being made using VoIP. These measures were taken after a popularity in VoIP reduced the income generated by the state owned telecommunication company.
In the European Union, the treatment of VoIP service providers is a decision for each Member State's national telecoms regulator, which must use competition law to define relevant national markets and then determine whether any service provider on those national markets has "significant market power" (and so should be subject to certain obligations). A general distinction is usually made between VoIP services that function over managed networks (via broadband connections) and VoIP services that function over unmanaged networks (essentially, the Internet).
VoIP services that function over managed networks are often considered to be a viable substitute for PSTN telephone services (despite the problems of power outages and lack of geographical information); as a result, major operators that provide these services (in practice, incumbent operators) may find themselves bound by obligations of price control or accounting separation.
VoIP services that function over unmanaged networks are often considered to be too poor in quality to be a viable substitute for PSTN services; as a result, they may be provided without any specific obligations, even if a service provider has "significant market power".
The relevant EU Directive is not clearly drafted concerning obligations which can exist independently of market power (e.g., the obligation to offer access to emergency calls), and it is impossible to say definitively whether VoIP service providers of either type are bound by them. A review of the EU Directive is under way and should be complete by 2007.
In India, it is legal to use VoIP, but it is illegal to have VoIP gateways inside India. This effectively means that people who have PCs can use them to make a VoIP call to any number, but if the remote side is a normal phone, the gateway that converts the VoIP call to a POTS call should not be inside India.
In the UAE, it is illegal to use any form of VoIP, to the extent that websites of Skype and Gizmo Project don't work.
In the Republic of Korea, only providers registered with the government are authorized to offer VoIP services. Unlike many VoIP providers, most of whom offer flat rates, Korean VoIP services are generally metered and charged at rates similar to terrestrial calling. Foreign VoIP providers such as Vonage encounter high barriers to government registration. This issue came to a head in 2006 when internet service providers providing personal internet services by contract to United States Forces Korea members residing on USFK bases threatened to block off access to VoIP services used by USFK members of as an economical way to keep in contact with their families in the United States, on the grounds that the service members' VoIP providers were not registered. A compromise was reached between USFK and Korean telecommunications officials in January 2007, wherein USFK service members arriving in Korea before June 1, 2007 and subscribing to the ISP services provided on base may continue to use their U.S.-based VoIP subscription, but later arrivals must use a Korean-based VoIP provider, which by contract will offer pricing similar to the flat rates offered by U.S. VoIP providers. [1]
[edit] IP telephony in Japan
In Japan, IP telephony (IP電話, IP Denwa ?) is regarded as a service applied VoIP technology to whole or a part of the telephone line. As from 2003, IP telephony service assigned telephone numbers has been provided. There are not voice only services, but also videophone service. According to the Telecommunication Business Law, the service category for IP telephony also implies the service provided via Internet, which is not assigned any telephone number. IP telephony is basically regulated by Ministry of Internal Affairs and Communications (MIC), as a telecommunication service. The operators have to disclose necessary information on its quality, etc, prior to making contract with customers, and have obligation to respond to their complaints cordially.
Many Internet service providers (ISP) are providing IP telephony services. The provider, which provides IP telephony service, is so-called "ITSP (Internet Telephony Service Provider)". Recently, the competition among ITSPs has been activated, by option or set sales, connected with ADSL or FTTH services.
The tariff system normally applied for Japanese IP telephony tends to be described as below;
The call between IP telephony subscribers, limited to the same group, is mostly free of charge.
The call from IP telephony subscribers to fixed line or PHS is mostly fixed rate, uniformly, all over the country.
Between ITSP, the interconnection is mostly maintained at VoIP level.
As for the IP telephony assigned normal telephone number (0AB-J), the condition for its interconnection is considered same as normal telephony.
As for the IP telephony assigned specific telephone number (050), the condition for its interconnection tends to be described as below;
Interconnection is sometimes charged. (Sometimes, it's free of charge.) In case of free of charge, mostly, the traffics are exchanged via P2P connection with the same VoIP standard. Otherwise, certain conversion is needed at the point of VoIP gateway, which needs running costs.
[edit] Telephone number for IP telephony in Japan
Since September 2002, the MIC has assigned IP telephony telephone numbers on the condition that the service falls into certain required categories of quality. Highly qualified IP telephony is assigned a telephone number. Normally the number starts with 050. But, when its quality is so high that customer almost could not tell the difference between it and a normal telephone and when the provider relates its number with a location and provides the connection with emergency call capabilities, the provider is allowed to assign a normal telephone number, which is a so-called "0AB-J" number.
[edit] Technical details
The two major competing standards for VoIP are the IETF standard SIP and the ITU standard H.323. Initially H.323 was the most popular protocol, though in the "local loop" it has since been surpassed by SIP. This was primarily due to the latter's better traversal of NAT and firewalls, although recent changes introduced for H.323 have removed this advantage.[citation needed]
However, in backbone voice networks where everything is under the control of the network operator or telco, H.323 is the protocol of choice. Many of the largest carriers use H.323 in their core backbones[citation needed], and the vast majority of callers have little or no idea that their POTS calls are being carried over VoIP.
Where VoIP travels through multiple providers' softswitches the concepts of Full Media Proxy and Signalling Proxy are important. In H.323, the data is made up of 3 streams of data: 1) H.225.0 Call Signaling; 2) H.245; 3) Media. So if you are in London, your provider is in Australia, and you wish to call America, then in full proxy mode all three streams will go half way around the world and the delay (up to 500-600 ms) and packet loss will be high. However in signaling proxy mode where only the signaling flows through the provider the delay will be reduced to a more user friendly 120-150 ms.
One of the key issues with all traditional VoIP protocols is the wasted bandwidth used for packet headers. Typically, to send a G.723.1 5.6 kbit/s compressed audio path requires 18 kbit/s of bandwidth based on standard sampling rates. The difference between the 5.6 kbit/s and 18 kbit/s is packet headers. There are a number of bandwidth optimization techniques used, such as silence suppression and header compression. This can typically save 35% on bandwidth usage.
VoIP trunking techniques such as TDMoIP can reduce bandwidth overhead even further by multiplexing multiple conversations that are heading to the same destination and wrapping them up inside the same packets. Because the packet header overhead is shared between many simultaneous streams, TDMoIP can offer near toll quality audio with a per-stream packet header overhead of only about 1 kbit/s.
[edit] See also
List of commercial voice over IP network providers
SIP
SIP Telephony
IP Multimedia Subsystem
Mobile VoIP
Comparison of VoIP software
PATS
Computer conferencing
ROIP
Differentiated services
Integrated services
Predictive dialers
Secure telephone
VoIP recording
Capillary routing
VoiceXML
ENUM
[edit] References
^ Jackson, Barry. History of VoIP. University of Texas at Dallas. Retrieved on 2007-11-07.
^ Keating, Tom. Internet Phone Release 4. Computer Telephony Interaction Magazine. Retrieved on 2007-11-07.
^ The 10 that Established VoIP (Part 1: VocalTec). iLocus (July 13, 2007). Retrieved on 2007-11-07.
^ The 10 that Established VoIP (Part 2: Level 3). iLocus (July 13, 2007). Retrieved on 2007-11-07.
^ letter from the City of New York to the Federal Communications Commission
^ Internet Phones Call on Wi-Fi. PCWorld. Retrieved on 2006-05-26.
^ WiFi phones for Skype and SIP: available now, but be careful what you buy. Voipally. Retrieved on 2006-08-22.
^ Dual-mode cellular/WiFi handset adoption. TMCnet. Retrieved on 2006-05-26.
^ Examining Two Well-Known Attacks on VoIP. CircleID. Retrieved on 2006-04-05.
^ Global VoIP Policy Status Matrix. Global IP Alliance. Retrieved on 2006-11-23.
Subscribe to:
Posts (Atom)