Truths and Misconceptions About Viruses
Because viruses often have a
dramatic impact on the computer-using community, they are often highlighted in
the press, particularly in the business section. However, there is much
misinformation in circulation about viruses. Let us examine some of the popular
claims about them.
Viruses can infect only
Microsoft Windows systems. False. Among students and office workers, PCs
running Windows are popular computers, and there may be more people writing
software (and viruses) for them than for any other kind of processor. Thus, the
PC is most frequently the target when someone decides to write a virus.
However, the principles of virus attachment and infection apply equally to
other processors, including Macintosh computers, Unix and Linux workstations,
and mainframe computers. Cell phones and PDAs are now also virus targets. In
fact, no writeable stored-program computer is immune to possible virus attack.
As we noted in Chapter 1, this situation
means that all devices containing computer code, including automobiles,
airplanes, microwave ovens, radios, televisions, voting machines, and radiation
therapy machines have the potential for being infected by a virus.
can modify "hidden" or "read-only" files. True. We may try
to protect files by using two operating system mechanisms. First, we can make a
file a hidden file so that a user or program listing all files on a storage
device will not see the file's name. Second, we can apply a read-only
protection to the file so that the user cannot change the file's contents.
However, each of these protections is applied by software, and virus software can
override the native software's protection. Moreover, software protection is
layered, with the operating system providing the most elementary protection. If
a secure operating system obtains control before a virus contaminator has
executed, the operating system can prevent contamination as long as it blocks
the attacks the virus will make.
Viruses can appear only in
data files, or only in Word documents, or only in programs. False. What are
data? What is an executable file? The distinction between these two concepts is
not always clear, because a data file can control how a program executes and
even cause a program to execute. Sometimes a data file lists steps to be taken
by the program that reads the data, and these steps can include executing a
program. For example, some applications contain a configuration file whose data
are exactly such steps. Similarly, word-processing document files may contain
startup commands to execute when the document is opened; these startup commands
can contain malicious code. Although, strictly speaking, a virus can activate
and spread only when a program executes, in fact, data files are acted on by
programs. Clever virus writers have been able to make data control files that
cause programs to do many things, including pass along copies of the virus to
other data files.
Viruses spread only on disks or only through
e-mail. False. File-sharing is often done as one user provides a copy of a file
to another user by writing the file on a transportable disk. However, any means
of electronic file transfer will work. A file can be placed in a network's
library or posted on a bulletin board. It can be attached to an e-mail message
or made available for download from a web site. Any mechanism for sharing
filesof programs, data, documents, and so forthcan be used to transfer a virus.
Viruses cannot remain in memory after a
complete power off/power on reboot. True, but . . . If a virus is resident in
memory, the virus is lost when the memory loses power. That is, computer memory (RAM) is
volatile, so all contents are deleted when power is lost. However, viruses
written to disk certainly can remain through a reboot cycle. Thus, you can
receive a virus infection, the virus can be written to disk (or to network
storage), you can turn the machine off and back on, and the virus can be
reactivated during the reboot. Boot sector viruses gain control when a machine
reboots (whether it is a hardware or software reboot), so a boot sector virus
may remain through a reboot cycle because it activates immediately when a
reboot has completed.
Viruses cannot infect
hardware. True. Viruses can infect only things they can modify; memory,
executable files, and data are the primary targets. If hardware contains
writeable storage (so-called firmware) that can be accessed under program
control, that storage is subject to virus attack. There have been a few
instances of firmware viruses. Because a virus can control hardware that is subject
to program control, it may seem as if a hardware device has been infected by a
virus, but it is really the software driving the hardware that has been
infected. Viruses can also exercise hardware in any way a program can. Thus,
for example, a virus could cause a disk to loop incessantly, moving to the
innermost track then the outermost and back again to the innermost.
Viruses can be malevolent,
benign, or benevolent. True. Not all viruses are bad. For example, a virus
might locate uninfected programs, compress them so that they occupy less
memory, and insert a copy of a routine that decompresses the program when its
execution begins. At the same time, the virus is spreading the compression
function to other programs. This virus could substantially reduce the amount of
storage required for stored programs, possibly by up to 50 percent. However,
the compression would be done at the request of the virus, not at the request,
or even knowledge, of the program owner.
To see how viruses and other
types of malicious code operate, we examine four types of malicious code that
affected many users worldwide: the Brain, the Internet worm, the Code Red worm,
and web bugs.