A decade or so ago, viruses were pretty simple. They got into a system and infected a file or two. It was a basic as ordering coffee when coffee was easy to order. "One coffee pleaseblack." Today, the catalog of viruses you have to defend yourself against is frighteningly complex. In fact, it's become as complex as, well, ordering coffee. "Looks like you've been infected by a dropper that's put a Trojan on your system, which deployed a multi-partite that opened a backdoor and also infected the master boot record." Sounds like an order at Starbucks, don't you think? These days a discussion about a virus can actually occur without using the word virus because sometimes viruses are worms or Trojan horses, which are virus-like nasties that act a little different than their infectious cousins. | Why are they called computer viruses ? Well, because they have similar characteristics to biological viruses that infect humansin at least one way. The computer variety jumps from computer to computer much like a cold virus jumps from your kids to you and from you to your spouse. | Don't let all this frighten you, though. It's not that hard to figure out and defending your computer against viruses is pretty straightforward. Still, if the idea makes you queasy, skip ahead to the part of the chapter about how to easily protect yourself from viruses. But I hope you stick around because the more you know, the geekier you will be. Okay, not really. But understanding them makes them much less scary. Viruses were one of the first real security threats people had to deal with when personal computers started appearing in homes a couple of decades ago. The first computer viruses were written in the 1980s; however, they really didn't become a big threat until the late 1990s when everyone who owned a personal computer started connecting to the Internet. Before then viruses spread via floppy disks or CDs. They would ride on the back of files stored on a disk or in the boot area of the floppy and replicate when the disk was inserted into the computer. The Internet's popularity has also become the chief reason that security on personal computers has become such a hot topic. A Net connection is the off-ramp from the Internet into your computer for all data. And guess what? For viruses it's an express lane. Before we go any further, let's define what a computer virus is because it's important to understand that before we start smacking them with a hammer . Here's a basic definition: A computer virus is a malicious computer program that, when executed by an unsuspecting human, performs tasks that primarily include replicating itself and in some cases deploying a payload. Not so hard, right? Let's break it down into easy-to-chew pieces. | Interestingly, viruses were first conceived in 1949, when computer pioneer John von Neumann wrote a paper theorizing that programs could become self-replicating. Von Neumann's theories came to life in the 1950s at Bell Labs where programmers created a game called "Core Wars" in which two players could unleash software "organisms" into the mainframe computer and watch as they competed for control of the machine. It would take more than 30 years for computer viruses to become a threat, but when PCs started becoming commonplace in homes and schools in the early 1980s, computer viruses could replicate and move from computer to computerfirst by infected floppies, and later via networked PCs. Now you know... | What Is It? A computer virus is a malicious computer program... A virus is just a program, but it's written by a person of questionable character who wants to do harm. It's made up of lines of programming instructions and runs like any other program. Who Triggers a Computer Virus? ...an unsuspecting human... For a virus to be successful, it has to be executed on a computer by a human. That means a file has to be opened, a program has to be run, or a computer has to be booted . In other words, programming code has to be run by a human action. That could be you, me, friends , or familyanyone who uses a computer. This is not to say that anyone executes a virus on purpose. Usually we're tricked into it. But a virus requires a human's help to proliferate. Remembering this fact goes a long way to preventing viruses from ever running amuck on your computer. How Does It Spread? (It) performs tasks that primarily include replicating itself... To steal a little lingo from Star Trek, replicating is a virus's prime directive. For a computer virus to be successful by any definition, it must clone itself, make its way into other computers, and repeat the replication cycle. This is how it spreads . Of course, it uses many tricks to do this, including riding on other programs' backs, moving in email as a file attachment, and even downloading from a web page. Virus writers use many methods to move a virus between computers, but you can categorize them into two types: -
External media Any storage device that can contain a computer file, such as a floppy disk, DVD, or CD, and be connected or inserted into a computer. -
A network connection A network is a group of computers connected so they can exchange data. The Internet, which is the most common source of viruses these days, is a large network. Viruses can use the connection to move in chat, in email, via the Web, and via specialty computer-to-computer connections. | In 1984, University of New Haven professor Fred Cohen first used the term computer virus in a research paper "Experiments with Computer Viruses." Although Cohen is sometimes credited with coining the term, he credits theoretical computer scientist Leonard Adleman with inventing the term. | Don't Sneeze on my PC and Give it a Virus! In the early 1990s, when people started buying personal computers for the home, a very concerned woman stopped me in the hall at work one day in a bit of a tizzy. Her home computer had been infected by a virus and her husband was blaming her. But she couldn't understand how that might have happened . "I didn't sneeze on the computer," she said, puzzled. "I had a cold, but I was very careful. How did it jump from me and get into the computer?" Of course, a computer virus and a human virus are not the same thing. The virus that gives you the sniffles is a tiny living organism that gets inside your body and makes you sick. A computer virus, on the other hand, is a program. It's designed to find its way inside a computer, often without your permission or knowledge, using a very specific set of instructions. I explained that to her, and calmer, she later when home to tell her husband, who refused to believe the explanation and continued to keep sick people away from his precious virus-free computer. | What Damage Can It Do? ...in some cases (it can) deploy a payload. This last piece of the definition is the scariest part. A virus can be (and often is) programmed to do bad things. This part of the virus is called a payload , or sometimes referred to as a bomb . Here are the most common payloads: -
Jokes or vandalism Sometimes virus writers just want you to know they have succeeded in getting a virus into your computer. So they post messages or alerts to your computer. It's the equivalent of writing "Andy has a cute bum" on a bus shelter. It might not be true, but it's slightly amusing (at least to its author). | There's an exception to this rulecomputer worms. They are a type of virus that selfexecutes and can spread without human intervention. Worms are discussed in more detail later in "Worms: Network-Savvy Viruses," p. 18 . | -
Data destruction or corruption Viruses can infect files and damage them or make them unusable. They can also wipe out entire hard drives . -
Spam distribution Some virus writers engineer their viruses to send spam from your computer. This takes the heat off them when angry spam recipients trace unwanted email back to its source. Spam gets sent from your computer and you get the blame. Or a virus can also open up a door so someone can come along later to take control of your computer and use it remotely for their purposes. The mass-mailing worm known as Sober.P sends an email enticing people to open an email attachment. The worm then steals email addresses from the victim and blasts spam at the victim's contacts. -
Data or information theft Viruses can monitor and steal data or personal information from your computer or open up security holes so malicious people on the Internet can remotely connect and snoop around inside your computer and steal information themselves . -
Hijacking Your computer can be turned into what is called a zombie by a virus. If your computer is zombified, it can later be used to bombard another computer with nonsense data. When thousands of computer zombies are harnessed simultaneously , they can crash major web servers. CNN, Yahoo!, and Amazon.com have all been victims of an attack like this, which is called a Distributed Denial of Service (DDoS) attack. It can also be hijacked for use as a file server (storing pirated software) or do tasks for someone who remotely controls it from the Internet. -
Ransomware A new nasty payload has been detected that holds your data ransom. It encrypts (scrambles) part of your hard drive so you can't get at it without typing in a password. The virus leaves a ransom note for you that says the data will be unlocked if you pay a ransom. So far this technique was an isolated incident discovered in May 2005, but it's feared that it could become more widespread as virus writers figure out how to perfect the extortion and cover their tracks so the ransom payment can't be tracked to them. -
Virus distribution Your computer can be harnessed to redistribute the virus to your friends, family and business contacts. Tip | A worm called the KakWorm embeds itself in an HTML email (an email that works like a web page to display pictures and layout). All you need to do to execute it is to preview the email in either Microsoft Outlook or Microsoft Outlook Express. The security hole that allowed this has now been patched, so if you have all your Windows security patches installed you won't get Kakked. But should you turn off your email preview feature just in case? I'll leave that up to you to decide. Personally, I've left mine on because it is such a handy feature. But then again, I am fastidious about keeping my security patches and virus signatures up to date. | |