 |
After reading this article, feel free to add your comments at the end. We'd love to hear from you.
|
A Look At Computer Viruses
by Mike Blaszczak
Over the last year, writers for regular columns in magazines have devoted a great deal of attention, and column space, to "computer viruses".
A great sub-culture has emerged in America ... and that is the online community. Daily, billions of kilobytes of data, programs, and text change hands over local-area, wide-area, and pulblic data networks. Some people talk about religion, and some people use the systems for business -- as the hub of their interdepartmental communication efforts. Other folks are here for the fun of it; to talk to other people, make some telefriends, and swap a program or two.
We all know this.
But the authors of these columns write for the average member of the computing public; and many of them don't spend all that much time online. So the hype they spread about this small problem falls on the ears of people who are ready to believe what they hear -- after all, if this guy writes a column, he *must* be an expert.
Then, a "bored but brilliant" undergraduate student released a virus just to see how far it would get. It was real, but it was very benevolent. Perhaps it would best be called a "parasite", instead of a "virus". It just hung around on the system until it could go someplace else. It moved through "the wires"; attatching itself to another computer whenever the first computer made a move to do some communications.
Managers of any public-access system know the problems associated with keeping system security at a workable level. Legitimate users should not be inconvenienced with the problem of verification, but the resources of the system should be comprimised under no cirucmstances. Systems that are regularly installed in public-contact applications are given great system protection utilities, and volumous tomes of information are written for the system manager to control system access.
But individual PC's are subject to much more abuse because they don't have these tools. They are often run by people who don't have much computer literacy, and wouldn't know a virus as it did its work.
This is one of the most important parts of virus protection for the PC user. When a user does work with a mainframe, the computer is almost always at a different physical location than the terminal. The user can't tell when the disk drive is running, or when the modem has switched on. Even if the user could see this happening, they might not know when it was doing *their* work. But the PC user can tell. From experience, and from common sense, the user should be able to tell that something is not normal.
One of the first virus programs installed itself in the COMMAND.COM program that interprets MS-DOS commands. When the user used any system command to look at another disk, the program would copy itself to that disk, and then execute the command as if nothing happened. After the program made four or five copies of itself, it would reformat all the active disk drives on the system.
Now, it would seem that the user should have noticed that the system was taking a little bit too long to get a directory, or that there was a lot of disk activity when they used the TYPE command.
Many programs provide different levels of protection against viruses. A very simple check is to watch the file date and time stamp of important system files. It is equally effective to watch the size of the file in the directory.
While very well-written programs can alter the system files without changing their date or time, it is likely that the programs will be too big to fit into the normal size of the command file that it is hosting it.
Write-protect stickers can often trip up viruses. Lengthy and unreliable low-level disk calls can be made to trick the system into writing to the drive, even with the write protect notch covered, but they are difficult to write and likely beyond the realm of reality for the typical at-home computer crook.
Programs that compute checksums, file patterns, or cyclic-redundancy checks, can also be applied. The beauty of these is that they may be done each and every time the computer is powered up, automatically, as well as when the user "just wants to check".
To cirumvent this, the devious programmer would also have to be a mathemetician -- changing the numbers without changing the checksum or cyclic-redunancy check value would be quite a feat.
Using utilities to write protect, reset, or monitor the system calls made to disk drives is also a good idea. In many operating systems, files can be "write protected", and any calls to access the file through the operating system will not be successful. Many utilities are available to snag "format" calls to the disk, and to watch for "write" operations on disk information that is not normally changed -- namely, the operating system's own storage area.
But even without these tools, by far the most useful protection against a virus is common sense. If your run a program that should draw a pretty picture, you should not stand by idly as the program reads from your disk drive. Why would it manipulate disk information, if all it were doing is working on the screen? Stop the program, and report the problem to the bulletin board where you got it!
Viruses that change and "mutate" to protect themselves from the smart user are a long way off. Once the virus is gone, it is no longer something to worry about.
The virus that infiltrated parts of academic computers around the country is not a threat to personal comptuer systems. And you can not get a virus by just reading text or mail on electronic mail systems or computer conferencing systems.
But if you use software, keep an eye on the operation of the program. If it does something that it seemingly shouldn't, you should suspect that there's a problem.
Some Common Questions Networkers Have About Viruses
===================================================
Can you "catch" of virus by:
1. Downloading a comment in an online conference? NO.
Absolutely not.
2) Having someone post a note on your conferencing or BBS
system? If it's just a note? Absolutely not. If there's a
program there, and that program is infected and you run it, yes,
there is a chance.
3) Reading things anywhere (without downloading)? No chance.
As you know, computers interchange information by using ASCII codes. There are some extensions to the ASCII codes that allow computers to send special instructions to each other. For example,
Using these special codes, it is possible, on some terminals, to redefine keyboard keys. Now, a devious user might send you codes to redefine one of your keys as "ERASE EVERYTHING". If you press that key, you could erase everything in sight.
It's possible to do this online. And you'd hardly notice it, if you weren't paying attention to everything that was happening, and it would probably be too late to do something about it.
ProComm, Crosstalk Mark IV, and Smartcomm, which are the three most popular terminal programs for IBM's, do not allow this to be done. But it can be done on "dumb terminals", like DEC's VT series terminals, and any look-alikes that are out there.
The odds of it happening are unlikely.
But, while using a BBS or online service, and not downloading programs, you're completely safe. There are very very few things that can go wrong.