Sixteen Bits Online

JUNE 1996

Computer Viruses

by Ken Livingston

Do we really need to worry?

What are Computer Viruses? According to Dr Fred Cohen, a pioneer in virus research, a computer virus is "any software which can modify other programs to include a (possibly evolved) version of itself." In everyday usage, however, the term "virus" is routinely applied to all manner of undesirable code that is either destructive, self-replicating, or prankish in nature. A common misconception is that most viruses are designed to harm your system by maliciously corrupting files or reformatting your hard drive. Deadly viruses do exist, but few viruses are capable of inflicting severe damage. Most often, a viral infection is analogous to having weeds in your garden. This is not to imply that any virus is inherently benign.Viruses are parasites that consume system resources while providing no useful function to the user. At the very least, in order for a virus to exist, it must occupy space on your hard drive and/or memory - which is sufficient reason to disdain any virus.

How Viruses Spread

Viruses have been found on brand-new PCS, direct from the manufacturer, and on shrink-wrapped software, including CD ROMS, direct from the publisher. Viruses are commonly spread by booting from an infected diskette. Keep in mind that viruses are often hidden within the boot sector, so a blank diskette does not indicate a virus-free diskette.

In order for a virus to spread, it must be executed. A virus can theoretically attach itself to data files, but cannot replicate unless it has control of the CPU. This does not limit the threat only to EXE and COM files, however. A virus has recently emerged that is spread by opening a contaminated MS Word document. The file is actually a template with a DOC extension. This virus, called "Concept" takes advantage of the macro capability built into MS Word. Written in Word Basic, Concept is thus enabled merely by opening a document.

Viruses cannot be spread by reading ordinary email. However, viruses can be attached to an email message in the form of an attached executable file. Only when the attached program is run can your system be subject to infection.

Any executable file downloaded from the internet or a BBS may contain a virus. While files downloaded from the PCUG BBS are pre-scanned for viruses and relatively safe, no anti-virus scan can ever be 100% failsafe.

Sun Microsystem's Java programming language might be exploited to introduce viruses or perform other mischief on the internet. If your browser supports Java, you could be affected merely by visiting certain web sites. Netscape is now releasing software to fix this problem.

Types of Viruses

Trojan Horse - Strictly speaking, a Trojan Horse is not a virus as it does not replicate itself. A Trojan horse is a program that is disguised as an innocuous one. For example, a Trojan horse has been circulated with the name PKZIP300.ZIP or PKZIP300.EXE. At first glance, these files appear to be new versions of the popular file compression utility. Installing either of these files, however, can release a Trojan horse that may erase your hard drive and possibly even damage your modem. Trojan horses are some times used on UNIX systems to change file permissions and the like, in order to compromise security.

Stealth virus - A stealth virus eludes detection by redirecting disk reads (int 13h) to a bogus copy of the boot record. This type of virus is less successful on OS/2 because disk accesses are not implemented via system interrupts. More generally, any virus that infects a program without changing the file length or checksum may be called a stealth virus.

Polymorphic virus - Polymorphic means "having many forms." When a polymorphic virus replicates, it introduces a change into the new code in order to avoid detection. Some polymorphic viruses use various encryption schemes, while others simply insert random, non-executable garbage into their offspring.

Worm - A worm is not really a virus because it doesn't attach itself to other programs. A worm is a program that typically gains access to your computer through a network. Once in control, a worm can trash your system.

Logic Bomb - A logic bomb lies dormant until triggered by some event. The trigger can be a specific date, the number of times executed, a random number, or an event such as the reading of a certain file. When the logic bomb goes off, it usually will do nasty things to your data.

How To Protect Your PC

While we have every reason to be concerned about the threat posed by viruses, our precious data suffers a much greater risk from more mundane threats such as software bugs, power glitches, and silly mistakes. There are many causes for data corruption more commonplace than viruses. Nevertheless, there are several steps you can take if you are concerned about protecting your PC from viruses:

Sixteen Bits Online Index