Peter Lewis
New York Times, Technology, p. C-11
ISSN 0362-4331
June 1988
AS long as programmers write programs, some unscrupulous people will concoct lethal ''computer viruses,'' software programs that use computer code to enter other programs and re-program them or destroy data. And some experts have concluded that no protection exists against such viruses. Imagine Wall Street's computers suddenly going berserk, executing thousands of bogus trades until the market is paralyzed, or your company's financial records being wiped out or altered into incoherence - or a space shuttle or a space-based weapon executing orders from such a program.
These are not fantasies. Rather, many industry experts say, these viruses are a reality, and they are bound to change the way we think about computer systems and open links between them. Viruses could potentially halt the flow of information spawned by the personal computer in the 1980's, these experts say. As a result, some companies are beginning to instruct their employees in the practice of ''safe computing.'' Guidelines are still being drawn, and those who are not paying attention run grave risks. Some preventative measures can be effective, experts say, but dealing with viruses after the fact is a frustrating business. In light of these warnings, it is hard to understand those people who say news reports of viruses exaggerate the threat.
The viruses are snippets of computer code that are deliberately, surreptitiously introduced into a host system by way of a ''Trojan horse.'' Typically the Trojan horse is a software program ''down-loaded'' - received captured electronically - from another computer. But some viruses have turned up in commercial software packages. The most common of the destructive viruses are those that infect a hard disk, scrambling or erasing files. Others are used to open ''trap doors'' in a computer system, allowing outside hackers to gain secret information or otherwise exploit the system.
What makes these viruses particularly deadly is that they reproduce once they are inside the host computer. As more and more businesses connect their mainframe, mini and personal computers on vast unified networks, the potential damage from viruses will increase. The risk is staggering for the large corporate networks that sometimes link thousands of computers.
Dr. Harold J. Highland, editor in chief of Computers & Security magazine, said he had collected 13 viruses so far. Some, he said, are extremely difficult to detect; the smallest one he has discovered to date, found inside a copy of Unix operating system software, is just eight characters long. Others consist of a few lines of code.
Not only would most of us not know where to look for viruses, we would not recognize them even if we stumbled across them. Some viruses are so sophisticated that, when probed, they instruct the computer to display a bogus ''healthy'' version of their code as a disguise. Others are more brazen. One virus that has spread from Pakistan to the United States, Britain, Norway and the Netherlands even prints a ''copyright'' notice and taunts the victim with the message, ''Welcome to the dungeon.''
Viruses do not become active until the program in which they reside is executed. Even then, though, the virus may remain dormant for weeks, months or even years before causing its damage. Some are designed with trigger mechanisms that wait, for example, until the hard disk is at least 80 percent full before wiping it out, maximizing the damage. Other viruses are programmed to cause their damage only after they have reproduced themselves at least four times. Others are set like time bombs, to destroy the system at a specified time far in the future.
''If you suspect you've been hit by one of these, the only way to tell if you've been hit is to reset the time and date in your computer 20 years in the future, hold your breath and wait to see if your hard disk vanishes,'' said Bernard P. Zajac Jr., data security manager for the ABC Rail Corporation, a railway company based in Chicago.
Mr. Zajac contends that no amount of money spent on hardware or software ''virus filters'' can stop a virus with total certainty. Two dozen filters are on the market, and a combination of them will catch most viruses. But there is no assurance that all of them together would catch every virus.
Viruses are often inserted into a system by a disgrunted employee. Others are written as stunts, as with the widely reported ''message of world peace'' that was written by a University of Arizona student and knowingly distributed on diskettes by a Canadian Macintosh magazine. Sometimes viruses are used in extortion schemes, as with the British programmer who wrote three viruses into code he wrote for a company and later demanded a ransom to remove them.
Overseas, viruses are emerging as a tool for political terrorism. A virus is believed to have been inserted into a National Aeronautics and Space Administration network in West Germany last summer; another was reportedly designed to knock out all the PC's at an Israeli university.
Belden Menkus, editor of Edpacs, a newsletter for information systems managers that is based in Middleville, N.J., said viruses herald the end of the era of open computing systems. ''You can no longer have people running barefoot through fields of data,'' he said. ''We've got to change the way we design and implement computer systems.'' Greatly restricting access to systems is one proposed remedy, he said, but the idea ''terrifies some people who think it would destroy the future of free thought in Western culture.''
YET the alternative, he believes, is certain disaster. ''It is just a matter of months, I believe, before someone blows a major network just to see it pop,'' he said. ''Dropping a virus into a network that uses screen trading, where millions of dollars in transactions are handled instantly with no buffers, no backups and no paper confirmation of trades, would be like rolling a live hand grenade down the hall,'' he said.
So what can companies do?
''My company has a directive that no one downloads software,'' Mr. Zajac said. ''If anyone is caught using downloaded software, there are serious consequences.'' Such preventative steps are essential, Mr. Zajac said, because there is no known solution to an infected system.
And Mr. Menkus, the Edpacs editor, said: ''We have got to face the fact that we can no longer maintain user friendly systems and maintain security at the same time.''