David Buerger
Infoworld, Vol. 10, No. 10, p.16
ISSN 0199-6649
March 1988
Download PDF (226.33Kb) (You need to be registered on forum)PC viruses are in the news. A spate of recent articles has left many users with the impression that a mysterious cancer is gobbling up computer data left and right.
It's time for network managers, bulletin board enthusiasts, and anyone who shares programs or data with other PC users to understand how viruses work and how to confront them.
A computer virus operates like a biological virus. It is a program file containing logic that replicates by attaching the viral code to another program file. Viruses are transmitted when infected files are copied to your computer disk. Each time the infected program executes, the virus can attach itself to other programs or perform whatever its designer intended it to do.
Benevolent viruses sometimes are deliberately used for friendly purposes: file security (encryption/decryption), file transfer and storage (compression/decompression). copy protection, and commercial program enhancement (third-party add-ons).
Malevolent viruses wreak computer system havoc without a user's consent. These intruders can randomly contaminate data or programs, erase files, and format disks. Their secret operation can even spread similar mischief to coworkers' computers.
More insidious viruses lie dormant before spreading their destruction. Their trigger may be a predetermined date, time, or system configuration, or a preset number of executions of the infected program. Network viruses might look for the absence of a user ID or a security clearance change.
Motivations for spreading malevolent viruses may include taking revenge on an employer, espionage, or simply the thrill of vast destruction.
The apparent rise of computer terrorism requires everyone to consider exposure and devise protection strategies.
The first step is to consider how much you are at risk of exposure to malevolent viruses. Your risk is minimal if:
Risk increases as more of these categories do not apply to you.
If you think your risk is high enough to warrant a protective strategy, there are many ways to decrease the chances of viral infection.
Nontechnical tactics include: limiting access to your computer by locking your computer or office and by logging off a network account when you step away from your desk; using only commercial software purchased in a sealed, shrink-wrapped package; using only known public domain or shareware software; and letting someone else be a guinea pig who runs suspected software on another system before you copy it to your own disk.
If you are a bulletin board addict who loves to download the newest utilities, you are at a high risk of exposure to infected "Trojan horse" software. Terrorist programmers like to hide viruses in popular utilities. I have recently seen reports of two well-known utilities. ARC and List, which were infected with a virus. Other potential carriers are public domain programs that break copy protection and unauthorized copics of commercial software or operating systems.
Don't be lulled into a false sense of security merely because you use a "good" bulletin board. Despite system operators' best attempts to flag down Trojan horse software, a few programs do slip by. One recent example is the virus found in a Macintosh program on Compuserve's HyperCard forum. Although the virus was exterminated in one day, about 40 people unsuspectingly downloaded the virus.
The surest remedy is to download only source code files, examine every line of code to verify the absence of mischievous programmed logic, and then compile the code yourself.
If this tactic is not practical or possible, you still can take additional technical steps to protect your computer from viral contamination. "Anti-virus" software can be used to help prevent the intrusion of unknown viruses, along with "vaccine" software to eliminate known viruses. My next column will look at how several of these programs work to reduce the risk of destruction caused by virus software.
David J. Buerger is director of the Personal Computer Center at Santa Clara University, in California. E-Mail comments may be sent to: dbuerger@scu.bitnet or MCI Mail ID 304-0160; start the MCI "Subject" line with [DDBJDB]Buerger). The views expressed are his own.