Viruses

 

Background.  One definition for a computer virus is

A virus is a self replicating computer program that interferes with the operations of

  • a computer's hardware, software and/or operating system
  • a network's hardware, software and/or operating system

Viruses are designed to be difficult to detect.

Viruses often replicate by attaching to another piece of executable code.  When the executable code with the attached virus is run it gives the virus the chance to attach itself to other executables and/or engage in whatever activities it was designed for. 

A virus must be executed in order to function.  This is one of the few aspects of viruses that can help prevent their spread.  There are more and more ways to detect viruses and deal with them before they are executed.  If a virus is executed, it is loaded into the host device's memory and its instructions will be followed.

Viruses are usually classified based on a number of characteristics

  • the types of files it infects
  • the ways it infects other files and/or devices
    • writing itself to floppy disks
    • writing itself to hard drives
    • attaching itself to emails
    • get distributed through legitimate software programs
    • across the Internet
    • across some other network
  • where it locates

There are a number of different basic types of viruses that can be identified. 

  • parasitic - infect executable files or programs.  Parasitic viruses usually leave the contents of the host file unchanged.  But they almost always append in such a way to guarantee they execute before the host.
  • boot sector - infects the boot sector of either a floppy or hard drive.  Such a virus replaces either the programs that start the computer or the information about the disk contents.
    • this type of virus is almost always transmitted by the exchange of floppy disks
  • multi-partite - these exhibit characteristics of both boot sector viruses and parasitic viruses and can infect wither files/executables and/or boot sectors.
  • companion - instead of modifying an existing program, companion viruses create a new program with the same name as an already existing program.  A companion virus is designed to trick the operating system into running this companion program which delivers the virus payload.
  • link - these function by modifying the ways an operating systems finds a program.  The operating system will be tricked into first running the link virus and then the desired program.  Entire directories can be infected since any executable program accessed within the host directory will cause the virus to execute.
  • data file - these viruses can open, manipulate and then close data files.  Data file viruses are almost always written in some macro language and designed to automatically execute when a legitimate program is accessed.
    • some data file viruses
      • Melissa - which operated within the Microsoft Word 97 and/or Word 2000 framework.
  • macro - these did not appear until the late 1990's, but they account for most of the viruses.  The proliferation of macro languages accounts for the increasing number of these viruses.
  • virus hoaxes - Internet users have become so cautious and suspicious that even rumors of viruses can diminish system functioning
    • some hoaxes have warned users to delete certain files that were actually important to system function
    • some virus hoaxes
      • Good Times - this caused widespread panic as users read about the sorts of destruction it could do.  It threatened to put your processing into an "nth complexity infinite binary loop" and overheat your systems.

More About Boot Sector Viruses.  Whenever a computer is first turned on a small portion of the operating system is loaded from the hardware.  Once this portion has been loaded it looks to find the remainder of the operating system in particular boot sectors of the hard or floppy drive.  A virus can be placed in one of these boot sectors so that it supplants what should be there.

Some examples,

  • Stoned Virus - placed itself in sector one of the MBR - Master Boot Record and moved what was supposed to be there to sector seven.  It then would usually do fairly silly things such as print a "stoned" message on the monitor.  It would also try to spread to other sectors and computers.

More About Macro Viruses.  Microsoft has made a lot of money from developing their Windows based systems.  Regardless of whether you think they ripped many of their ideas off from others such as Apple and/or Xerox, the Windows approach has proliferated around the world.

Microsoft was also one of the first companies to unify much of their productivity software within a single larger framework.  Microsoft calls their system Microsoft Office.  For example, Microsoft Office can contain the following productivity software

  • Word - word processing
  • Excel - spreadsheets
  • PowerPoint - presentations
  • Outlook - email
  • Access - client databases
  • FrontPage - web development

In order to improve the functionality of this productivity software, Microsoft developed something called macros.  It is my opinion that Microsoft was generally very intelligent when they developed their macro capabilities based on VisualBasic since this meant more proficient users could do more and more with their macros and programming across the entire suite of Office products as they learned more.

Unfortunately, this also gives undue influence to people who understand VisualBasic and how macros can be used.  It is possible to attach and/or embed macros into certain Microsoft products so that they will execute when other users receive certain files.  This means that someone can spread a malicious macro based virus when they share things such as emails and spreadsheets and so on.

I think it is important to remember that Microsoft's biggest money earning products are

  • Windows Operating System
  • Office Suite

But you also need to remember that these were largely developed within a context of a single user on their own computer.  When thinking about so many of the features they think users will want they were often very sloppy about assessing the implications these developments would have on networks of computers that might often contain users with malicious intentions.

While not all macro viruses take advantage of Microsoft systems, they seem to be the vast majority.

Virus Protection.  There are a number of basic approaches that help ensure a system is not infected with viruses.  One of the most basic and universal tents is

if you don't know where something came from or where it has been -
DO NOT OPEN OR RUN IT!

  • be careful about opening documents
  • be careful about executing programs
  • install and run antivirus software
  • keep your antivirus software up to date
  • make sure you have source executables on CDs whenever reasonable
  • make sure your software sources are legitimate and can be verified
  • test software on a test machine before installing on other machines
  • create regular backups of what is on your computer
    • data files
    • documents
  • use write only secondary storage

More will be added.