Monday, May 29, 2006

Computer Virus: The Threat is Real

It is not overstating the case to say that viruses could interrupt the free flow of information that has been built up by the personal computer in the last 10 years. Indeed, the prevalence of viruses has ushered in a new era of safe computer to the point where those that ignore the guidelines run grave risks. Considering the extreme warnings of danger and the incidents already on record, it is a mystery that there are those in the computing industry who claim news reports of viruses are exaggerated.

A computer virus is a program designed to replicate and spread on its own, mostly without your knowledge. Computer viruses spread by attaching themselves to another program (such as your word processing or spreadsheet programs) or to the boot sector of a diskette. When an infected file is executed, or the computer is started from an infected disk, the virus itself is executed. Often, it lurks in memory, waiting to infect the next program that is run, or the next disk that is accessed. In addition, many viruses also perform a trigger event, such as displaying a message on a certain date, or deleting files after the infected program is run a certain number of times. While some of these trigger events are benign (such as those that display messages), other can be detrimental. The majority of viruses are harmless, displaying messages or pictures, or doing nothing at all. Other viruses are annoying, slowing down system performance, or causing minor changes to the screen display of your computer. Some viruses, however, are truly menacing, causing system crashes, damaged files and lost data.

A virus is inactive until the infected program is run or boot record is read. As the virus is activated it loads into the computers memory where it can perform a triggered event or spread itself. Disks used in an infected system can then carry the virus to another machine. Programs downloaded from bulletin boards can also spread a virus. Data files, however, cannot transfer a virus but they can become damaged.

Viruses spread when you launch an infected application or start up your computer from a disk that has infected system files. For example, if a word processing program contains a virus, the virus activates when you run the program. Once a virus is in memory, it usually infects any application you run, including network applications (if you have write access to network folders or disks).

Different viruses behave differently. Some viruses stay active in memory until you turn off your computer. Other viruses stay active only as long as the infected application is running. Turning off your computer or exiting the application removes the virus from memory, but does not remove the virus from the infected file or disk. Hence, the virus will activate again the next time you run the application.

Virus attacks are growing rapidly these days. According to Business Week, the 76,404 assaults reported in the first half of 2003, which nearly match previous year's entire tally. As new anti-virus tools are emerging, the virus writers are also getting smarter with newer and creative ways to clog and bring down networked systems. Some common types of viruses are discussed as under:

1. Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting. Some of the examples of this type of virus include: Disk Killer, Michelangelo, and Stone virus.

2. Program viruses: These viruses infect executable program files, such as those with extensions like .BIN, .COM, .EXE, .OVL, .DRV (driver) and .SYS (device driver). These programs are loaded in memory during execution, taking the virus with them. The virus becomes active in memory, making copies of it and infecting files on disk. Some of the examples of this type of virus include: Sunday and Cascade.

3. Multipartite viruses: These viruses are hybrid of Boot and Program viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then starts infecting other program files on the disk. Some of the examples of this type of virus include: Invader, Flip, and Tequila.

4. Stealth viruses: These viruses use certain techniques to avoid detection. They may either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For instance, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory. Some of the examples of this type of virus include: Frodo, Joshi and Whale.

5. Polymorphic viruses: These viruses can encrypt their code in different ways so as to appear differently in each infection. These viruses are more difficult to detect. Some of the examples of this type of virus include: Involuntary, Stimulate, Cascade, Phoenix, Evil, Proud and Virus 101.

6. Macro Viruses: These viruses infect the macros within a document or template. When you open a word processing or spreadsheet document, the macro virus is activated and it infects the Normal template file that stores default document format settings. Every document you open refers to the Normal template, and hence gets infected with the macro virus. Since this virus attaches itself to documents, the infection can spread if such documents are opened on other computers. Some of the examples of this type of virus include: DMV, Nuclear and Word Concept.

Some of the symptoms commonly reported after the virus attacks are as under:
• "My program takes longer to load suddenly."
• "The program size keeps changing."
• "My disk keeps running out of free space."
• "I keep getting 32 bit errors in Windows."
• "The drive light keeps flashing when I'm not doing anything."
• "I can't access the hard drive when booting from the A: drive."
• "I don't know where these files came from."
• "My files have strange names I don't recognize."
• "Clicking noises keep coming from my keyboard."
• "Letters look like they are falling to the bottom of the screen."
• "My computer doesn't remember CMOS settings, the battery is new."

In order to combat viruses, the software vendors should focus on making their products less vulnerable. This may ask for a trade-off between user-friendliness and security. In specific cases it may require line-by-line inspection, code retooling and even systems automation to bulletproof the installed programs.