The Computer Flu Blues
Slayden, Phillip V. H., II, Security Management
The COMPUTER FLU BLUES
COMPUTER VIRUSES ARE A NEW AWARENESS OF AN OLD problem. The first virus--though not called that--rightfully belonged to John Van Neumann, the father of modern day sequential computing systems. He presented a paper in 1948 on the mathematical concepts of a self-replicating code. His experiments with the replicating code were the forerunner of viruses and defined the mechanism by which viruses spread.
A computer virus is a programming code written specifically to copy itself over and over again into other programs. It replicates in such a way that it becomes part of the infected program and is activated every time the targeted program runs. Once running, the virus attempts to contaminate all other programs.
Data is not programming code. Viruses are pieces of programs that infect other programs. Viruses attach to data, thereby destroying integrity. The virus stops in that data and cannot spread further unless the data becomes a program. Therefore, computer systems that only pass data between separate systems cannot perpetuate the virus.
A computer virus has the same characteristics as a viral disease.
* It is target specific.
* It is harmful, either consuming valuable resources or destroying information and programs.
* It is infectious because it spreads by replicating itself.
* It can ride other agents such as mainframe computers and local area networks (LANs). Yet, it cannot infect these agents unless they are specific targets.
* It can lie dormant within the carrier agent until it connects to a system that it can infect.
There are two types of viruses: benign and malignant. The benign virus can infect a system without destroying it. It is often designed to consume resources--taking up memory space, slowing down the computer, using up permanent storage space.
The benign virus does not attempt to erase or change the data. Often the benign type passes a message to the operator at a predetermined time or circumstance such as was the case with the IBM virus. Unfortunately, the benign virus more often destroys data and can cost an indeterminable amount of money and computer resources to fix.
The malignant virus intends to do damage. A Palestinian student at the Hebrew University in Jerusalem programmed a virus to destroy all records and data on a particular date. This virus managed to consume a lot of storage space and affect the computers' timing so that they where only able to run at one fifth their normal speed. Had the virus completed all its designed functions, half a billion dollars could have been lost.
Any programmable, general use computer is subject to a virus attack. Computer viruses fall into the following three attack styles:
* Boot infectors. The initial loading sequence that allows computers to function as computers typically starts executing instructions at a predefined location. The instructions following this predefined location are the administrative and technical operations necessary to allow users to interact with the computer system.
Boot infector programs embed themselves in this bootstrap instruction sequence and capture the operation. The virus code replaces the original bootstrap code in its permanent memory. In addition, many boot infectors are capable of trapping warm boots. (A warm boot resets the computer without going through the entire startup process.) The boot infector always remains in control infecting any other system that comes in contact with it.
* System infectors. These viruses attach themselves to system files necessary for the normal operation of the computer. In personal computers (PCs), system files often remain memory resident. System infectors may contaminate these files. They remain dormant until a specific event occurs, such as a preassigned date or time before causing damage.
* Utility and program infectors. …