Truth and Lies About the Computer Virus
Walk into any computer store today and there will be at least twenty or thirty computer
virus programs. From the looks of it computer viruses have gotten out of hand and so has
the business of stopping it. The computer user must cut through the media hype of
apocoliptic viruses and shareware programs and discover the real facts.
Before we even start the journey of exploring the computer virus we must first
eliminate all the "fluff." The computer user needs to understand how information about
viruses reaches the public. Someone creates the virus and then infects at least one
computer. The virus crashes or ruins the infected computer. A anti-virus company
obtains a copy of the virus and studies it. The anti-virus company makes an "unbiased"
decision about the virus and then disclose their findings to the public. The problem
with the current system is that there are no checks and balances. If the anti-virus
company wants to make viruses seem worse all they have to do is distort the truth. There
is no organization that certifies wheather or not a virus is real. Even more potentially
harmful is that the anti-virus companies could write viruses in order to sell their
programs.
Software companies have and do distort the truth about viruses.
"Antivirus firms tend to count even the most insignificant variations of viruses for
advertising purposes. When the Marijuana virus first appeared, for example, it contained
the word "legalise," but a miscreant later modified it to read "legalize." Any program
which detects the original virus can detect the version with one letter changed -- but
antivirus companies often count them as "two" viruses. These obscure differentiations
quickly add up." http://www.kumite.com/myths/myth005.htm
Incidentally the Marijuana virus is also called the "Stoned" virus there by making it yet
another on the list of viruses that companies protect your computer against.
I went to the McAfee Anti-virus Web site looking for information on the Marijuana virus
but was unable to obtain that information. I was however able to get a copy of the top
ten viruses of their site. On specific virus called Junkie:
"Junkie is a multi-partite, memory resident, encrypting virus. Junkie specifically
targets .COM files, the DOS boot sector on floppy diskettes and the Master Boot Record
(MBR). When initial infection is in the form of a file infecting virus, Junkie infects
the MBR or floppy boot sector, disables VSafe (an anti-virus terminate-and-stay-resident
program (TSR), which is included with MS-DOS 6.X) and loads itself at Side 0, Cylinder 0,
Sectors 4 and 5. The virus does not become memory resident, or infect files at this time.
Later when the system is booted from the system hard disk, the Junkie virus becomes
memory resident at the top of system memory below the 640K DOS boundary, moving interrupt
12's returns. Once memory resident, Junkie begins infecting .COM files as they are
executed, and corrupts .COM files. The Junkie virus infects diskette boot sectors as
they are accessed. The virus will write a copy of itself to the last track of the
diskette, and then alter the boot sector to point to this code. On high density 5.25 inch
diskettes, the viral code will be located on Cylinder 79, Side 1, Sectors 8 and 9."
Junkie's description is that of a basic stealth/Trojan virus which have been in existance
for 10 years. They also listed Anti-exe as one of the top ten viruses but did not
acknowlege the fact that it has three aliases. It's no wonder that the general public is
confused about computer viruses!
I decided to investigate the whole miss or diss-information issue a little further. I
went to the Data Fellows Web site to what the distributors of F-prot had to say about
viruses. It is to no surprise that I found them trying to see software with the typical
scare tactics:
Quite recently, we read in the newspapers how CIA and NSA (National
Security Agency) managed to break into the EU Commission's systems and
access confidential information about the GATT negotiations. The stolen
information was then exploited in the negotiations. The EU Commission denies the
allegation, but that is a common practice in matters involving information security
breaches. At the beginning of June, the news in Great Britain told the public about an
incident where British and American banks had paid 400 million pounds in ransom to keep
the criminals who had broken into their systems from publicizing the systems' weaknesses
[London Times, 3.6.1996]. The sums involved are simply enormous, especially since all
these millions of pounds bought nothing more than silence. According to London Times, the
banks' representatives said that the money had been paid because "publicity about such
attacks could damage consumer confidence in the security of their systems". Criminal
hackers are probably encouraged by the fact that, in most cases, their victims are not at
all eager to report the incidents to the police. And that is not all; assuming that the
information reported by London Times is correct, they may even get paid a "fee" for
breaking in... a computer is broken into in Internet every 20 seconds... Whatever the
truth about these incidents may be, the fact remains that current information systems are
quite vulnerable to penetration from
outside. As Internet becomes more popular and spreads ever wider,
criminals can break into an increasing number of systems easily and
without a real risk of being caught."
Then the next paragraph stated:
"Even at their initial stages, Data Fellows Ltd's F-Secure products meet many of these
demands. It is the goal of our continuing product development to eventually address all
such information security needs." In other words nothing is safe unless you buy their
products.
Now that we have cleared the smoke on viruses we know that there are only roughly 500
basic viruses. These viruses are tweaked, renamed, and re-cycled.
So, what is a virus? First of all, we must be aware that there is no universally
accepted naming practice or discovery method for viruses. Therefore all virus
information is subjective and subject to interpretation and constant dispute.
To define a virus we must ask an expert. According to Fred Cohen a computer virus is a
computer program that can infect other computer programs by modifying them in such a way
as to include a (possibly evolved) copy of itself. This does not mean that a virus has
to cause damage because a virus may be written to gather data and obtain hidden files in
your system.
Now that you are aware of the hoaxes and miss-information about viruses you will be
better equipped to deal with viral information. The next time you hear of a killer virus
just remember what you have learned. You know that all viruses have the same roots.
|