IN THE NAME OF BUSINESS OR FOR MALICE
A look into the computer virus
January 22, 1997
Most of us swap disks with friends and browse the Net looking for downloads. Rarely do
we ever consider that we are also exchanging files with anyone and everyone who has ever
handled them in the past. If that sounds like a warning about social diseases, it might
as well be. Computer viruses are every bit as insidious and
destructive, and come in a vast variety of strains. A computer virus tears up your hard
drive and brings down your network. However, computer viruses are almost always curable
diagnosed, and cures for new strains are usually just a matter of days, not months or
years, away.
Virus, a program that "infects" computer files (usually other executable programs) by
inserting in those files' copies of itself. This is usually done in such a manner that
the copies will be executed when the file is loaded into memory, allowing them to infect
still other files, and so on. Viruses often have damaging side effects, sometimes
intentionally, sometimes not. (Microsoft Encarta 1996)
Most viruses are created out of curiosity. Viruses have always been viewed as a well
written, creative product of software engineering. I admit there are many out there who
create them out of malice, but far more people are just meeting a challenge in software
design. The people who make anti-virus software have much more to benefit from the
creation of new virii. This is not a slam, just an observation. A common type of virus
would be a Trojan Horse, or a destructive program disguised as a game, a utility, or an
application. When run, a Trojan Horse does something devious to the computer system while
appearing to do something useful (Microsoft Encarta, 1996). A Worm is also a popular
type of virus. A worm is a program that spreads itself across computers, usually by
spawning copies of itself in each computer's memory. A worm might duplicate itself in one
computer so often that it causes the computer to crash. Sometimes written in separate
"segments," a worm is introduced secretly into a host system either for "fun" or with
intent to damage or destroy information. The term 'Worm' comes from a science-fiction
(Microsoft Encarta 1996).
Some viruses destroy programs on computers although, the better virii do not. Most virus
authors incorporate code that specifically destroys data after the virus determines
certain criteria have been met, that is, a date, or a certain number of replications.
Many virus do not do a good job of infecting other programs and end up corrupting, or
making the program they are trying to infect completely unusable. The purpose of a
virus, in many cases, is to infect as many files, with little or no noticeable difference
to the user.
How does a virus scanner work?
Most virus scanners use a very simple method of searching for a particular sequence of
bytes that make every virus unique, like a DNA sequence. When a new virus is discovered,
a fairly long sequence of bytes from it is inserted into the anti-virus software
database. That's why you need to keep them updated. Any virus scanner you buy should
handle at least three tasks: virus detection, prevention, and removal. There are some
virus scanners that use a method called heuristic scanning. They use 'rules of thumb'
that can be used to identify some virii that has not even been put in the virus database
yet. What are the rules of thumb? Well, they are basic assembly language clues that make
the file suspicious, such as a JMP instruction at the top of the file. No virus scanner
is infallible and anyone that tells you so have no idea what they are talking about. The
two best virus scanners in my opinion are F-PROT and THUNDERBYTE. They use the heuristic
method described above.
In conclusion; viruses are, and always will be, a part of the computing world. They
have been around since programming began and will continue to thrive as long as computers
are used. Technology will force us to adapt and be aware that any information we place
on a computer may not be safe.
References
Deadly New Computer Viruses Want To Kill Your PC usability.
By James Daley http://www.headlines.yahoo.com/news/stories
originally published in Computer Shopper December 1996
Microsoft Encarta 96; Reference Material Microsoft corporation
|