 Introduction to Computer Viruses
Mr. Akira Sasabe of Generation 7 experienced a computer virus problem towards the end of the course and reported in an email message: With over a decade of computer experience, I have been extremely fortunate to not have personally contracted a computer virus. I have, however, witnessed numerous incidences in which colleagues were not as lucky. The virus encounters ranged from irritating macro viruses to the destructive Ripper virus. The macro viruses simply replicate and consume disk space. The Ripper virus infects the hard disk boot record and any floppy boot records for diskettes that are used in the same computer. Although I haven?t personally contracted a computer virus, I remain extremely cautious and vigilant in my prevention techniques. I am concerned about the possibility of incurring a computer virus, yet I am not consumed with worry. To alleviate potential anxiety, I err on the side of caution by ensuring that all of my computers have a variety of anti-virus software running in background ranging from scanners to applications known as monitor and behavior blockers. The TSR (terminate and stay resident) scanners basically remain in memory and constantly check for viruses while other programs are running. As for the monitor and behavior blockers, they are also TSR programs which monitor behavior that might indicate that a virus is present. In addition to overall anti-virus software which check all file management operations, there are also program-specific anti-virus software which target distinct applications such as email and web-based downloads. |
 Interpretation of Edupage Online article
The following news item appeared in Edupage Online during December 1997: My first reaction upon reading this message was to verify it?s validity. By checking with the CERT (Computer Emergency Response Team) Coordination Center, I was able to confirm that the Teardrop and Land attack tools are not hoaxes. Incidentally, the CERT Coordination Center "studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to help. . .improve security at your site". CERT?s Advisory from December 16, 1997 provides sections with a description of the Teardrop and Land attack tools, a discussion of the potential impact that an attack from these tools might cause, and practical solutions to prevent attacks from these two tools. My interpretation of this news item is that the Teardrop and Land attack tools are using various means to tire a server so that it temporarily denies access to all of the information held on that particular server. When a machine requests access to a server a packet of information is sent to the server with the address of the petitioning system. If entry is granted to the requesting system, then a packet of information is relayed from the server to the soliciting machine. The server then holds a port open for the petitioning system until either a confirmation packet is received from that system or a pre-designated time-out period has been reached. Two main methods are employed with the "denial-of-service" strategy. In the first method, when a request for access is made to a server and the server responds that access has been granted, the inquiring machine does not respond and the allotted port is held open until the time-out period arrives. In the second scenario, an invalid return address is provided by the soliciting system so that once again the allotted port remains open until the time-out period expires. With the Teardrop and Land attack tools, "infinite" queries are sent to targeted servers so that the machines become overwhelmed with information and open ports while "legitimate" inquires are denied access. I personally feel that it is unfortunate that individuals with the talent to devise attack tools such as Teardrop and Land do not spend their time creating programming tools which will further benefit society instead of causing irritations and inconveniences for civilization.
|
What are Computer Viruses? Computer Viruses (by my own definition) are basically pieces of code that perform functions which were unintended and unexpected by the user of the computer system. These viruses can be benign and cause minimal damage by merely replicating thereby consuming disk space. The viruses can also be very detrimental by infecting the boot sector of a computer and all floppy boot sectors of diskettes that are used by that contaminated machine. The most commonly spread computer virus is the boot sector virus. Brief descriptions of some types of computer viruses are shown in a table in the next section. Based on the impact of each computer virus, the intended purpose may differ. For example, the virus which displays the creator?s name or a special symbol for the originator may be a way for the author to be "famous" and make an impression on others. Another virus which corrupts the boot sectors of infected drives and diskettes might be the product of someone who is angry at the world for a perceived injustice. Other reasons for creating a computer virus according to the alt.comp.virus FAQs (Frequently Asked Questions) include:
Based on these reasons from the alt.comp.virus FAQs, I would have to conclude that the primary creators of computer viruses are those who have too much time to waste and are being positively reinforced for activities that are normally seen as maladaptive by mainstream society. Possibly the propagation of these computer viruses is the only source of pride for her/him, and in order to maintain her/his self-esteem further viruses are created.
|
How do they work? Computer viruses work differently based on it?s type. The virus could merely reproduce itself as in file viruses. Malicious viruses such as boot sector viruses can potentially cause a user to use an anti-virus software to clean the hard drive, run utility programs to repair the boot sector, then clean each floppy disk with the anti-virus software?causing a user to waste many valuable hours. Although the exact operation of each virus differs, the virus itself is normally executed through various means before it can begin it?s method of "destruction". For example, in the case of the Word Macro virus mentioned earlier, in order for this virus to be activated an infected file must be opened with the Microsoft Word application. If the tainted file is not opened in Microsoft Word, then the virus will not replicate. As another example, boot sector viruses are contracted by booting a computer with a contaminated diskette. If the system is always booted with clean diskettes (or a clean hard drive), then it will remain uninfected from boot sector viruses. The nature in which the computer viruses spread also depends on the type of virus. Using the same examples, a Word Macro virus will spread to other Word documents only if a corrupted file was opened in Microsoft Word and the virus was not eliminated from the system. As for the boot sector viruses, once a computer has been tainted by booting with an infected diskette, all future disks used on this system will contract the virus until the virus has been cleared from the machine. Brief descriptions of some types of computer viruses are shown in the following table: |
What are some famous viruses? The Michaelangelo virus was first discovered in the summer of 1991. On the trigger date of March 6, which is Michaelangelo's birthday, this virus destroys data by overwriting the medium from which the computer was booted. This computer virus was an obscure threat until January 1992 when 500 personal computers contaminated with the virus were shipped from a major manufacturer in the United States. Within a week, another major manufacturer admitted to the accidental distribution of 900 floppy disks with the Michaelangelo virus. Media frenzy reported that "one out of four PCs in the U.S. would fall prey" to the virus. In actuality, the worldwide reports ranged from ten thousand to twenty thousand computers. The Hare virus has been spread under various names including HDEuthanasia, Krsna, Krishna, and RD Euthanasia. It is a stealth and polymorphic virus which corrupts the boot sector of the hard disk and floppy disks that are used with this system. A strain of this virus became famous in 1996 when numerous media reports were published which stated (falsely) that most anti-virus scanners are unable to detect it. The Ripper virus is another well-known virus due to the maliciousness of it?s conduct. It is a stealth virus which attempts to reformat the hard drive when the system is rebooted sixteen times after being infected.
|
What are virus myths? Virus myths are untrue beliefs about viruses which are spread from user to user. Some of my "favorite" myths are:
In my opinion, these and other myths are propagated for two main reasons?out of fear, and due to what Rob Rosenberger calls False Authority Syndrome (FAS). Fear causes individuals who receive information on viruses to readily believe that horrendous consequences will result if s/he does not follow the prescribed instructions. As for FAS, this results when people with "little or no genuine expertise" speak with an aura of authority on the subject. According to the U.S. Air Force publication Tongue & Quill (quoted in Mr. Rosenberger?s article):
Mr. Rosenberger points out in his article that the media contributes greatly to FAS. When attempting to report on other topics, reporters generally seek interviews with "experts" in that particular field. When it comes to the topic of computer viruses, however, "they?ll quote almost anybody with a job in the computer industry." This is quite significant when we consider that an Empirical Research Systems survey in 1991 reflected that 43% of corporate employees working in the area of computer security "formed their opinions about viruses just by reading newspapers!"
|
Significance of computer viruses.
The existence and evolution of computer viruses have at minimum kept pace with advances in technology. As new systems and protocols are developed, new strains of viruses have been created which attempt to outsmart the latest technical accomplishments. Similar to biological viruses, computer viruses replicate and evolve. Only the most potent viruses which are able to replicate and spread quickly while mutating to fit the current environment survive and prosper. With the rapid adaptation of the virus to it?s environment, antibodies/anti-virus software which are developed to combat the numerous strains are not always able to completely eliminate the viruses so remaining portions continue to thrive and progress.
Another parallel between biological and computer viruses is that each virus attacks a system when that entity is at it?s most vulnerable point (from the perspective of the virus). Organic systems which are not maintained at a healthy level through proper nutrition and exercise of both the mind and body are susceptible to infection by a biological virus. Healthy sustenance of a computer system to prevent contracting a computer virus includes:
There is definitely the capability of an evolution in cyberspace of virtual entities from computer viruses. Prior to the popularity of the internet, computer viruses have mutated and thrived from system to system primarily through diskettes. Due to the interconnected nature of cyberspace, it becomes easier to share information. Unfortunately, with the sharing of useful data viruses can also be easily spread.
Viewing anti-virus software that will actively seek out and nullify computer viruses as a cyberspace immune system would be logical considering my previous discussion on the correlation between biological and computer viruses. Vaccinations for biological viruses are continuously being updated and modified to combat the latest strains that are encountered. In the same manner, computer anti-viruses must perpetually be enhanced and adjusted.
Although it can be argued that the majority of computer viruses require(d) a human for it?s initial creation, I don?t discount the possibility that computer viruses can and will mutate and self-propagate. Programming in artificial intelligence has been available for over a decade. Software created with these programming languages allow the computer to "learn" from previous sessions and accumulate knowledge based on the manner in which the software interacts with it?s computing environment. A program could conceivably be written that would detect weaknesses in the current system and then plan and execute an attack on that system. Fortunately, with the same technology, anti-virus software can be compiled to foil these attacks.
Another argument might be posed that computer viruses can only spread with the aid of humans through using diskettes, downloading files, etc. In this fashion, biological viruses would differ from computer viruses. However, I would also like to point out that biological viruses are also transmitted with the aid of humans. In order for humans to contract a biological virus, their system must be vulnerable to the toxin. Then they must come into contact with the virus. Almost any environmental contact could result in contracting a virus?from eating tainted food, to touching an infected surface. Therefore, biological viruses and computer viruses are currently both contracted through interfacing with humans.
|
How do people react to viruses? When a computer virus initially receives wide-spread attention, people normally react with a general state of panic and over-dramatize the potential consequences. A good case in point is the Hare virus, which is beautifully articulated by Rob Rosenberger in his Historical Timeline which covers the rough period of June through September 1996. An initial online report is given on June 18 stating that "some users may be not aware they have it" because the virus is activated on a trigger date in the future (August 22). Although the author of this report may have been well-intentioned, a new computer user may panic from the innocence of that statement. Seasoned users would understand that having a computer virus and being unaware of the infection is always a possibility, so s/he would be able to handle news of a "new" virus prudently by attempting to obtain signature files for the virus instead of being overcome with apprehension. Unfortunately, the media capitalizes (intentionally?) on public misinformation by continuing to provide accounts of how the virus is "a severe and highly destructive threat", with "the potential for very rapid distribution". Supposed authorities of computer viruses add to the disillusionment on the opposite end by remarking that "You?re only going to get it if you play in bad neighborhoods." It is deplorable that a new computer user would receive false information on both sides of the spectrum without doing some research on computer viruses on her or his own. It is also shameful that the president of a computer firm would propagate such extremely bad advice on a topic that is within the scope of her/his company?s operation. Possibly the only "winners" of the immense confusion that resulted from the conflicting reports are the manufacturers of the anti-virus software. With a good public-relations mindset, several companies offered free versions of the anti-virus software.
|
How others in this generation compiled their findings
Overall, I feel that Generation 8 has done a decent job on their Computer Virus Reports. The reports which particularly impressed me were: the one by Aaron Libed, I liked his general layout and conversational tone and especially his personal anecdotes. Roy Macaraeg had a very inviting overall presentation of material with clear delineation of sections and subsections. He also had a casual style of writing. Although Thaddeus Oba?s sections and sub-sections weren?t clearly demarcated, I found his content to be very thorough and thoughtful. Greg Suguitan seemed to put a lot of effort into his sections (although there were various mid-sentence breaks that I felt he overlooked). As of May 7th, 1998, however, there were still various portions that didn?t have information. One segment which truly surprised me was the one entitled "Describe some you find astonishing". The "viruses" mentioned were merely jokes that were circulated online for many years. At first, I thought that Greg Suguitan was being humorous, however, he remarked "I also find them very funny, interesting, but yet very serious." Serious? I would have thought that since his report was on computer viruses that he would have been more skeptical of the finding, or at least verified the accuracy while researching the report online. Others who also worked on the Computer Virus report for Generation 8 are: Brandon Lee, Kyle Kaneshiro, David Chang, Brandon Suetsugu, and Alona Lei Tabios.
|
Suggesstions offered for future generations In studying the psychology of computer viruses, I would suggest that future generations begin by reading the reports completed by those from Generation 8 mentioned in the previous section. After gaining a general idea of the scope of computer viruses, I would advocate studying the links contained in the instructions for this report in addition to the links referenced in the reports. To actually take this report to the "next step", I would investigate the current operations of various virus labs to determine the directions and focus of recent research. Another direction could be to discover the magical world of artificial intelligence (AI) and artificial life (aLife), and explore the current applications of these technologies to computer viruses. For an introduction to AI and aLife, you can start with my report on this area.
|
Conclusions To be completely honest, I have not acquired entirely new information while creating this report. I have been familiar with the concepts of computer viruses for many, many years. The main reason that I chose this topic was because I was not only very familiar with the subject, but I also have a great interest in computer viruses (especially in their prevention). Computer viruses fascinate me because I have a passion for programming and I can appreciate the coding that is required to accomplish the deeds that a virus may undertake. I have learned however, that there are innumerable masses of sites devoted to computer viruses (I have not previously searched online for this topic). My basic recommendations to prevent computer viruses are:
To review a deeper discussion on maintaining a healthy computing environment, see the section on Significance of Computer Viruses.
|
