home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hackers Underworld 2: Forbidden Knowledge
/
Hackers Underworld 2: Forbidden Knowledge.iso
/
VIRUS
/
GLATH
< prev
next >
Wrap
Text File
|
1989-04-26
|
21KB
|
553 lines
COMPUTER VIRUSES: A RATIONAL VIEW
by: Raymond M. Glath
President
RG Software Systems, Inc.
2300 Computer Ave.
Suite I-51
Willow Grove, PA 19090
(215) 659-5300
April 14, 1988
WHAT ARE COMPUTER VIRUSES?
(a.k.a. Trojan Horses, Worms, Time Bombs, Sabotage)
Any software that has been developed specifically for the purpose
of interfering with a computer's normal operations.
WHAT DO THEY DO?
There are two major categories of viruses.
Destructive viruses, that cause:
Massive destruction...
ie: Low level format of disk(s), whereby any programs
and data on the disk are not recoverable.
Partial destruction...
ie: Erasure or modification of a portion of a disk.
Selective destruction...
ie: Erasure or modification of specific files or file
groups.
Random havoc... The most insidious form of all.
ie: Randomly changing data on disk or in RAM during
normal program applications, or changing keystroke
values, or data from other input/output devices,
with the result being an inordinate amount of time
to discover and repair the problem, and damage
that may never be known about.
Non-Destructive viruses, intended to cause attention to the
author or to harass the end user.
a. Annoyances...
ie: Displaying a message, changing display colors,
changing keystroke values such as reversing the
effect of the Shift and Unshift keys, etc.
WHAT IS THE IMPACT OF A VIRUS ATTACK BEYOND THE OBVIOUS?
Lost productivity time !!!
In addition to the time and skills required to re-construct
damaged data files, viruses can waste a lot of time in many other
ways.
With either type of virus, the person subjected to the attack as
well as many support personnel from the attacked site and from
various suppliers, will sacrifice many hours of otherwise
productive time:
Time to determine the cause of the attack.
The removal of the virus code from the system.
The recovery of lost data.
The detective work required to locate the original source of
the virus code.
Then, there's the management time required to determine how
this will be prevented in the future.
WHO DEVELOPS VIRUSES?
This individual, regardless of his specific motivation, will most
probably want to see some form of publicity resulting from his
handiwork. Anywhere from a "Gotcha" message appearing on the
computer's screen after the attack, to major press coverage of
that particular virus' spread and wake of damage.
Some of the reasons for someone to spend their time developing a
virus program are:
A practical joke.
A personal vendetta against a company or another person.
ie: a disgruntled employee.
The computer-literate political terrorist.
Someone trying to gain publicity for some cause or
product.
The bored, un-noticed "genius," who wants attention.
The mentally disturbed sociopath.
IS THE THREAT REAL?
Yes, however thus far the destructive ones have primarily been in
the Academic environment. Several attacks have been documented by
the press, and, from first hand experience, I can attest to the
fact that those reported do exist. We have seen some of them and
successfully tested our Disk Watcher product against them.
Reputable individuals have reported additional viruses to us, but
these have not reached the scale of distribution achieved by the
now infamous "Lehigh," "Brain," "Israeli," and "MacIntosh"
viruses.
We do expect the situation to worsen due to the attention it's
received. Taking simple lessons from history, a new phenomenon,
once given attention, will be replicated by individuals who
otherwise have no opportunity for personal attention.
Now that there are products for defense from viruses, the virus
writers have been given a challenge; and for those people who
have always wanted to anonymously strike out at someone but
didn't know of a method to do so, the coverage has provided a
"How To" guide.
HOW DOES A VIRUS GET INTO YOUR COMPUTER SYSTEM?
A virus may be entered into a system by an unsuspecting user who
has been duped by the virus creator (Covert entry), or it may be
entered directly by the creator. (Overt entry.)
Examples of Covert entry of a virus into a computer
system.
A "carrier" program such as a "pirate" copy of a
commercial package that has been tampered with, is
utilized by the un-suspecting user, and thus
enters the virus code into the system.
Other types of carriers could be programs from
Bulletin Boards that have been either tampered
with or specifically designed as viruses, but
disguised as useful programs. There has even been
a destructive virus disguised as a "virus
protection" program on a BBS.
The user unknowingly acquires an "infected" disk
and uses it to boot the system.
The virus has been hidden in the system files and
then hides itself in system RAM or other system
files in order to reproduce, and later, attack.
Examples of Overt entry into a computer system.
An individual bent on harassing the user or
sabotaging the computer system, modifies an
existing program on that computer or copies a
virus program onto someone's disk during their
absence from their work station.
HOW DOES A VIRUS SPREAD?
A virus may reproduce itself by delaying its attack until it has
made copies of itself onto other disks (Active reproduction,) or
it may depend entirely on unsuspecting users to make copies of it
and pass them around (Passive reproduction). It may also use a
combination of these methods.
WHAT TRIGGERS THE VIRUS ATTACK?
Attacks begin upon the occurrence of a certain event, such as:
On a certain date.
At a certain time of day.
When a certain job is run.
After "cloning" itself n times.
When a certain combination of keystrokes occurs.
When the computer is restarted.
One way or another, the virus code must put itself into a
position to either start itself when the computer is turned on,
or when a specific program is run.
HOW DOES ONE DISTINGUISH A VIRUS FROM A "BUG" IN A PROGRAM OR A
HARDWARE MALFUNCTION?
This can be a tough one. With the publicity surrounding viruses,
many people are ready to believe that any strange occurrence
while computing may have been caused by a virus, when it could
simply be an operational error, hardware component failure, or a
software "bug."
While most commercial software developers test their products
exhaustively, there is always the possibility that some
combination of hardware; mix of installed TSR's; user actions; or
slight incompatibilities with "compatible" or "clone" machines or
components; can cause a problem to surface.
We need to remember some key points here:
1. Examine the probabilities of your having contacted a virus.
2. Don't just assume that you've been attacked by a virus and
abandon your normal troubleshooting techniques or those
recommended by the product manufacturers.
3. When in doubt contact your supplier or the manufacturer for
tech support.
4. Having an effective "Virus Protection" system installed may
help you determine the cause of the problem.
HOW