Truth And Lies About The Computer Virus

Essay, Research Paper

Truth and Lies About the Computer Virus

Walk into any computer store today and there will be at least twenty or

thirty computer virus programs. From the looks of it computer viruses have

gotten out of hand and so has the business of stopping it. The computer user

must cut through the media hype of apocoliptic viruses and shareware programs

and discover the real facts.

Before we even start the journey of exploring the computer virus we must

first eliminate all the “fluff.” The computer user needs to understand how

information about viruses reaches the public. Someone creates the virus and

then infects at least one computer. The virus crashes or ruins the infected

computer. A anti-virus company obtains a copy of the virus and studies it. The

anti-virus company makes an “unbiased” decision about the virus and then

disclose their findings to the public. The problem with the current system is

that there are no checks and balances. If the anti-virus company wants to make

viruses seem worse all they have to do is distort the truth. There is no

organization that certifies wheather or not a virus is real. Even more

potentially harmful is that the anti-virus companies could write viruses in

order to sell their programs. Software companies have and do distort the truth

about viruses. “Antivirus firms tend to count even the most insignificant

variations of viruses for advertising purposes. When the Marijuana virus first

appeared, for example, it contained the word “legalise,” but a miscreant later

modified it to read “legalize.” Any program which detects the original virus can

detect the version with one letter changed — but antivirus companies often

count them as “two” viruses. These obscure differentiations quickly add up.”

http://www.kumite.com/myths/myth005.htm Incidentally the Marijuana virus is also

called the “Stoned” virus there by making it yet another on the list of viruses

that companies protect your computer against.

I went to the McAfee Anti-virus Web site looking for information on the

Marijuana virus but was unable to obtain that information. I was however able

to get a copy of the top ten viruses of their site. On specific virus called

Junkie: “Junkie is a multi-partite, memory resident, encrypting virus. Junkie

specifically targets .COM files, the DOS boot sector on floppy diskettes and the

Master Boot Record (MBR). When initial infection is in the form of a file

infecting virus, Junkie infects the MBR or floppy boot sector, disables VSafe

(an anti-virus terminate-and-stay-resident program (TSR), which is included with

MS-DOS 6.X) and loads itself at Side 0, Cylinder 0, Sectors 4 and 5. The virus

does not become memory resident, or infect files at this time. Later when the

system is booted from the system hard disk, the Junkie virus becomes memory

resident at the top of system memory below the 640K DOS boundary, moving

interrupt 12’s returns. Once memory resident, Junkie begins infecting .COM files

as they are executed, and corrupts .COM files. The Junkie virus infects

diskette boot sectors as they are accessed. The virus will write a copy of

itself to the last track of the diskette, and then alter the boot sector to

point to this code. On high density 5.25 inch diskettes, the viral code will be

located on Cylinder 79, Side 1, Sectors 8 and 9.” Junkie’s description is that

of a basic stealth/Trojan virus which have been in existance for 10 years. They

also listed Anti-exe as one of the top ten viruses but did not acknowlege the

fact that it has three aliases. It’s no wonder that the general public is

confused about computer viruses!

I decided to investigate the whole miss or diss-information issue a

little further. I went to the Data Fellows Web site to what the distributors of

F-prot had to say about viruses. It is to no surprise that I found them trying

to see software with the typical scare tactics: Quite recently, we read in the

newspapers how CIA and NSA (National Security Agency) managed to break into the

EU Commission’s systems and access confidential information about the GATT

negotiations. The stolen information was then exploited in the negotiations.

The EU Commission denies the allegation, but that is a common practice in

matters involving information security breaches. At the beginning of June, the

news in Great Britain told the public about an incident where British and

American banks had paid 400 million pounds in ransom to keep the criminals who

had broken into their systems from publicizing the systems’ weaknesses [London

Times, 3.6.1996]. The sums involved are simply enormous, especially since all

these millions of pounds bought nothing more than silence. According to London

Times, the banks’ representatives said that the money had been paid because

“publicity about such attacks could damage consumer confidence in the security

of their systems”. Criminal hackers are probably encouraged by the fact that,

in most cases, their victims are not at all eager to report the incidents to the

police. And that is not all; assuming that the information reported by London

Times is correct, they may even get paid a “fee” for breaking in? a computer is

broken into in Internet every 20 seconds? Whatever the truth about these

incidents may be, the fact remains that current information systems are quite

vulnerable to penetration from outside. As Internet becomes more popular and

spreads ever wider, criminals can break into an increasing number of systems

easily and without a real risk of being caught.”

Then the next paragraph stated:

“Even at their initial stages, Data Fellows Ltd’s F-Secure products meet

many of these demands. It is the goal of our continuing product development to

eventually address all such information security needs.” In other words nothing

is safe unless you buy their products.

Now that we have cleared the smoke on viruses we know that there are

only roughly 500 basic viruses. These viruses are tweaked, renamed, and re-

cycled.

So, what is a virus? First of all, we must be aware that there is no

universally accepted naming practice or discovery method for viruses. Therefore

all virus information is subjective and subject to interpretation and constant

dispute.

To define a virus we must ask an expert. According to Fred Cohen a

computer virus is a computer program that can infect other computer programs by

modifying them in such a way as to include a (possibly evolved) copy of itself.

This does not mean that a virus has to cause damage because a virus may be

written to gather data and obtain hidden files in your system.

Now that you are aware of the hoaxes and miss-information about viruses

you will be better equipped to deal with viral information. The next time you

hear of a killer virus just remember what you have learned. You know that all

viruses have the same roots.