home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 11
/
Cream of the Crop 11-1.iso
/
program
/
cpc2.zip
/
VIRUS.DOC
< prev
next >
Wrap
Text File
|
1996-01-06
|
21KB
|
533 lines
Geist Microsystems CodePrint for C/C++
C o d e P r i n t f o r C / C + +
V e r s i o n 2 . x x
C o m p u t e r V i r u s M y t h s
Copyright (c) 1988,90 Rob Rosenberger & Ross M. Greenberg
by Rob Rosenberger
with Ross M. Greenberg
A number of myths have popped up recently about the threat of
computer "viruses". There are myths about how widespread they
are, how dangerous they are, and even myths about what a
computer virus really is. We'd like the facts to be known.
The first thing to learn is that a virus is a malicious
programming technique falling in the realm of "Trojan horses."
All viruses are Trojan horses, but few Trojan horses can be
called a virus.
That having been said, it's time to go over the terminology we
use when we lecture:
BBS:
----
Bulletin Board System. If you have a modem, you can call a BBS
and leave messages, transfer computer files back & forth, and
learn a lot about computers. (What you're reading right now,
for example, most likely came to you from a BBS.)
Bug:
----
An accidental flaw in the logic of a program which makes it do
things it shouldn't really be doing. Programmers don't mean to
put bugs in their program, but they always creep in.
Programmers tend to spend more time debugging their programs
than they do writing them in the first place. Inadvertent bugs
have caused more data loss than all the viruses combined.
Computer Virus Myths Page 1 of 9
Geist Microsystems CodePrint for C/C++
Hacker:
-------
Someone who really loves computers and who wants to push them to
the limit. Hackers have a healthy sense of curiosity: they try
doorknobs just to see if they're locked, and they tinker with a
piece of equipment until it's "just right." The computer
revolution itself is a result of hackers.
Shareware:
----------
A distribution method for quality software available on a "try
before you buy" basis. You pay for the program only if you find
it useful. Shareware programs can be downloaded from BBSs and
you are encouraged to give evaluation copies to friends. Many
shareware applications rival the power of off-the-shelf
counterparts, at just a fraction of the price. (You must pay
for the shareware you continue to use ── otherwise you're
stealing software.)
Trojan Horse:
-------------
A generic term describing a set of computer instructions
purposely hidden inside a program. Trojan horses tell a program
to do things you don't expect it to do. The term comes from a
legendary battle in which the ancient city of Troy was offered
the "gift" of a large wooden horse that secretly held soldiers
in its belly. The Trojans rolled it into their fortified city...
Virus:
------
A term for a very specialized Trojan horse which spreads to
other computers by secretly "infecting" programs with a copy of
itself. A virus is the only type of Trojan horse which is
contagious, like the common cold. If it doesn't meet this
definition, then it isn't a virus.
Worm:
-----
A term similar to a Trojan horse, but there is no "gift"
involved. If the Trojans had left that wooden horse outside the
city, they wouldn't have been attacked. Worms, on the other
hand, can bypass your defenses without having to deceive you
into dropping your guard. An example is a program designed to
spread itself by exploiting bugs in a network software package.
Worms are usually released by someone who has normal access to a
computer or network.
Wormers the name given to the people who unleash destructive
Trojan horses. Let's face it, these people aren't angels. What
they do hurts us. They deserve our disrespect.
Computer Virus Myths Page 2 of 9
Geist Microsystems CodePrint for C/C++
Viruses, like all Trojan horses, are purposely designed to make
a program do things you don't expect it to do. Some viruses are
just an annoyance, perhaps only displaying a "Peace on earth"
greeting. The viruses we're worried about are designed to
destroy your data (the most valuable asset of your computer!)
and waste your valuable time in recovering from an attack.
Now you know the difference between a virus and a Trojan horse
and a bug. Let's get into some of the myths:
- "All purposely destructive code comes as a virus."
Wrong. Remember, "Trojan horse" is the general term for
purposely destructive code. Very few Trojan horses are actually
viruses.
- "Viruses and Trojan horses are a recent phenomenon."
Trojan horses have been around since the first days of the
computer. Hackers toyed with viruses in the early 1960s as a
form of amusement. Many different Trojan horse techniques were
developed over the years to embezzle money, destroy data, etc.
The general public wasn't aware of this problem until the IBM PC
revolution brought it out into the spotlight. Banks were still
covering up computerized embezzlements six years ago because
they believed they'd lose customers if word got out.
- "Viruses are written by hackers."
Yes, hackers have written viruses. So has a computer magazine
publisher. Trojan horses were written for decades by middle-
aged men wearing business suits. We call people "wormers" when
they abuse their knowledge of computers. You shouldn't be
afraid of hackers just because they know how to write viruses.
This is an ethics issue, not a technology issue. Hackers know a
lot about computers; wormers abuse this knowledge. Hackers (as
a whole) got a bum rap when the mass media corrupted the term.
- "Computer viruses are reaching epidemic proportions."
Wrong again. Viruses may be spread all over the planet but they
won't take over the world. There are about 150 or so known
"strains" at this time and some of them have been completely
eliminated. Your chances of being infected are slim if you take
the proper precautions. Yes, it's still safe to turn on your
computer!
- "Viruses could destroy all the files on my disks."
Yes, and a spilled cup of coffee will do the same thing. If you
have adequate backup copies of your data, you can recover from
any virus/coffee attack. Backups mean the difference between a
nuisance and a disaster. It is safe to presume there has been
more accidental loss of data than loss by viruses and Trojan
horses.
Computer Virus Myths Page 3 of 9
Geist Microsystems CodePrint for C/C++
- "Viruses have been documented on over 400,000 computers."
This statistic comes from John McAfee, a self-styled virus
fighter who seems to come up with all the quotes the media love
to hear. If you assume it takes five minutes to adequately
document a viral infection, you have to wonder where Mr. McAfee
got almost four man-years to document a problem which is less
than four years old. We further assume his statistics include
every floppy disk ever infected with a virus, as well as all of
the computers participating in the Christmas & InterNet worm
attacks. (Worms cannot be included in virus infection
statistics.) The press doesn't really understand computer
crimes, so they tend to call almost anything a virus.
- "Viruses can be hidden inside a data file."
Data files can't wreak havoc on your computer ── only an
executable program file can do that. If a virus were to infect
a data file, it would be a wasted effort. But let's be
realistic: what you think is 'data' may actually be an
executable program file. For example, batch files are text
files, yet the MSDOS operating system treats them like a program.
- "Most BBSs are infected with viruses."
Here's another scary myth drummed up in the big virus panic.
Very few BBSs are really infected. It's possible a dangerous
file may be available on a BBS but it doesn't mean the BBS
itself is infected. If a BBS were knowingly infected with a
virus, it wouldn't stay open too long after word got out, would
it?
- "BBSs and shareware programs spread viruses."
"The truth," says PC Magazine publisher Bill Machrone, "is that
all major viruses to date were transmitted by [retail] packages
and private mail systems, often in universities." (PC Magazine,
October 11, 1988.)
The Peace virus, for example, made its way into a retail product
sold to thousands of customers. Machrone goes on to say
"bulletin boards and shareware authors work extraordinarily hard
at policing themselves to keep viruses out." Reputable sysops
check every file for Trojan horses; nation-wide sysop networks
help spread the word about dangerous files. You should be wary
of the software you get from BBSs, that's true ── but you should
also be wary of the software you get from store shelves. (By
the way, some stores now have return policies for software. Do
you know for sure you were the first person to use those master
disks?)
Computer Virus Myths Page 4 of 9
Geist Microsystems CodePrint for C/C++
- "My computer could be infected if I call an infected BBS."
BBSs can't write information on your disks ── that's handled by
the communications software you use. You can only transfer a
dangerous file if you let your software do it. (This might be
different if your computer is hooked up to a network, but it
requires special hardware & software.) And there is no "300bps
subcarrier" that lets a virus slip through a high speed modem.
The rumor was started by a joker named Mike RoChenle (IBM's
"micro channel" PS/2 architecture, get it?) who left a techy-
joke message on a public BBS. Unfortunately, a few highly
respected journalists were taken in by this joke.
- "My files are damaged, so it must have been a virus attack."
It also could have been caused by a power flux, or static
electricity, or a fingerprint on a floppy disk, or a bug in your
software, or perhaps a simple error on your part. Power
failures and spilled cups of coffee have destroyed more data
than all the viruses combined.
- "Donald Burleson was convicted of releasing a virus."
A recent Texas computer crime trial was hailed all over the
country as a "virus" trial. Donald Burleson was in a position
to release a complex, destructive worm on his employer's
mainframe computer. This particular worm couldn't spread to
other computers, so it couldn't possibly have been a virus.
Davis McCown, the prosecuting attorney, claims he "never brought
up the word virus" in the trial. So why did the media call it
one?
1. David Kinney, a witness testifying for the defense (oddly
enough), claimed he believed Burleson unleashed a virus.
The prosecuting attorney didn't argue the point and we don't
blame him ── Kinney's bizarre claim probably helped sway the
jury to convict Burleson, and it was the defense's fault for
letting him testify.
2. McCown gives reporters the facts behind the case and lets
them come up with their own definitions. The Associated
Press and USA Today, among others, used such vague
definitions that any program could be called a virus. If we
applied their definitions to the medical world, we could
safely claim penicillin is a biological virus (which is, of
course, absurd).
3. McCown claims many quotes attributed to him "are misleading
or fabricated" and identified one in particular which "is
total fiction." Reporters sometimes print a quote out of
context, and McCown apparently fell victim to it. (It's
possible a few bizarre quotes from David Kinney or John
McAfee were accidentally attributed to McCown.)
Geist Microsystems Page 5 of 9
- "Robert Morris Jr. released a benign virus on a defense
network." It may have been benign, but it wasn't a virus.
Morris, the son of a chief computer scientist at the National
Security Agency, allegedly became bored and took advantage of a
bug in the Defense Department's networking software. This tiny
bug let him send a worm through the network. Among other
things, Morris's "InterNet" worm was able to send copies of
itself to other computers in the network. Due to some bugs in
the worm module itself, the network became clogged in a matter
of hours. The press originally called it a "virus," like it
called the Christmas worm a virus, because it spread to other
computers. Yet it didn't infect any computers. A few notes:
1. Reporters finally started calling it a worm (a year after the
fact), but only because lawyers in the case were constantly
referring to it as such. The difference between a worm and a
virus is subtle, but profound.
2. This worm worked only on Sun-3 & Vax computers which run a
UNIX operating system and were specifically linked into the
InterNet network at the time.
3. The 6,200 affected computers cannot be counted in any virus
infection statistics (they weren't infected).
4. It cost way less than $96 million to clean up the attack. An
official Cornell University report claims the group behind
this wild estimate "was probably serving itself" in an effort
to drum up business. People familiar with the case estimated
the final figure to be under $1 million.
5. Yes, Morris could easily have added some infection code to
make it a worm/virus if he'd had the urge.
6. The network bug exploited in the attack has since been fixed.
7. Morris went to trial for launching the InterNet worm and was
recently handed a federal conviction.
- "Viruses can spread to all sorts of computers."
All Trojan horses are limited to a family of computers, and this
is especially true for viruses. A virus designed to spread on
IBM PCs cannot infect an IBM 4300-series mainframe, nor can it
infect a Commodore C64, nor can it infect an Apple MacIntosh.
- "My backups will be worthless if I back up a virus."
No, they won't. Let's suppose a virus does get backed up with
your files. You can restore important documents and databases
without restoring an infected program. You just reinstall
programs from master disks. It's tedious work but it's not as
hard as people claim.
Computer Virus Myths Page 6 of 9
Geist Microsystems CodePrint for C/C++
- "Anti-virus software will protect me from viruses."
There is no such thing as a foolproof anti-virus program: Trojan
horses and viruses can be (and have been) designed to bypass
them. Anti-virus products themselves can be tricky to use at
times. You may make a crucial mistake deciding whether to let a
"flagged" event occur. Your first line of defense should always
be a good set of backups. Anti-virus software is a good second
line of defense.
- "Read-only files are safe from virus infections."
This is a common myth among IBM PC users, and it has even been
published (erroneously) in some computer magazines. Supposedly,
you can protect yourself by using the DOS ATTRIB command to set
the read-only attribute on program files. However, ATTRIB is
software ── and what it can do, a virus can undo. The ATTRIB
command seldom halts the spread of viruses.
- "Viruses can infect files on write-protected disks."
Here's another common IBM PC myth. If viruses can modify read-
only files, people assume they can modify write-protected
floppies. What they don't realize is the disk drive itself
knows when a floppy is protected and refuses to write to it.
You can physically disable the drive's sensor but you can't
override it with a software command.
We hope this dispels the many computer virus myths. Viruses DO
exist, many of them will destroy files, and all of them can
spread to other computers. But you can defend yourself with a
cool head and a good set of backups.
The following guidelines can shield you from Trojan horses and
viruses. They will lower your chances of being infected and
raise your chances of recovering from an attack.
1. Set up a procedure to regularly back up your files and
follow it religiously. Consider purchasing a user-friendly
program to take the drudgery out of this task. (There are
plenty to choose from.)
2. Rotate between at least two sets of backups for better
security (use set #1, then set #2, then set #1...). The more
sets you use, the better protected you are. Many people take
a "master" backup of their entire hard disk, then take
"incremental" backups of those files which changed since the
last time they backed up. Incremental backups might only
require five minutes of your time each day.
3. Download files only from reputable BBSs where the sysop
checks every program for Trojan horses. If you're still
afraid, consider getting programs from a BBS or "disk vendor"
company which gets them direct from the authors.
Computer Virus Myths Page 7 of 9
Geist Microsystems CodePrint for C/C++
4. Let newly uploaded files "mature" on a BBS for one or two
weeks before you download it (others will put it through
it's paces).
5. Consider using a program that creates a unique "signature" of
all the programs on your computer. Run this program once in
awhile to see if any of your applications have been modified
── either by a virus or by a stray gamma ray.
6. DON'T PANIC if your computer starts acting weird. It may be
a virus, but then again maybe not. Immediately turn off all
power to your computer and disconnect it from any local area
networks. Reboot from a write-protected copy of your master
DOS disk. Do NOT run any programs on a "regular" disk (you
might activate a Trojan horse). If you don't have adequate
backups, try to bring them up to date. Yes, you might back
up a virus as well, but it can't hurt you if you don't use
your normal programs. Set your backups off to the side.
Only then can you safely hunt for problems.
7. If you can't figure out what's wrong and you aren't sure what
to do next, turn off your computer and call for help.
Consider calling a local computer group before you call for
an expert. If you need a professional, consider a regular
computer consultant first. Some "virus removal experts" sell
their services for prices far in excess of their actual value.
8. [This should only be considered as a last resort.] If you
can't figure out what's wrong and you are sure of yourself,
execute both a low-level and a high-level format on all your
regular disks. Next, carefully reinstall all software from
the master disks (not from the backups). Then, carefully
restore only the data files (not the program files) from your
backup disks.
We'd appreciate it if you would mail us a copy of any Trojan
horse or virus you discover. (Be careful you don't damage the
data on your hard disk while trying to do this!) Include as
much information as you can and put a label on the disk saying
it contains a malicious program. Send it to Ross M. Greenberg,
594 Third Avenue, New York, NY 10016. Thank you.
Ross M. Greenberg is the author of both shareware and retail
virus detection programs. Rob Rosenberger is the author of
various phone bill analysis applications. (Products are not
mentioned by name because this isn't the place for
advertisements.) They each write for national computer
magazines. These men communicated entirely by modem while
writing this treatise.
Copyright (c) 1988,90 Rob Rosenberger & Ross M. Greenberg
Computer Virus Myths Page 8 of 9
Geist Microsystems CodePrint for C/C++
Rosenberger can be reached electronically on CompuServe as
[74017,1344], on GEnie as R.ROSENBERGE, on InterNet as
`74017.1344@compuserve.com', and on various national BBS linkups.
Greenberg can be reached on MCI and BIX as `greenber', on UseNet
as `c-rossgr@microsoft.com', and on CompuServe as [72461,3212].
You may give copies of this to anyone if you pass it along in
its entirety. Publications may reprint this for free if they
obtain prior written permission. Write to Rob Rosenberger, P.O.
Box 643, O'Fallon, IL 62269.
Computer Virus Myths Page 9 of 9