Printer Friendly

The computer flu blues.


COMPUTER VIRUSES ARE A NEW AWARENESS OF AN OLD problem. The first virus--though not called that--rightfully belonged to John Van Neumann, the father of modern day sequential computing systems. He presented a paper in 1948 on the mathematical concepts of a self-replicating code. His experiments with the replicating code were the forerunner of viruses and defined the mechanism by which viruses spread.

A computer virus is a programming code written specifically to copy itself over and over again into other programs. It replicates in such a way that it becomes part of the infected program and is activated every time the targeted program runs. Once running, the virus attempts to contaminate all other programs.

Data is not programming code. Viruses are pieces of programs that infect other programs. Viruses attach to data, thereby destroying integrity. The virus stops in that data and cannot spread further unless the data becomes a program. Therefore, computer systems that only pass data between separate systems cannot perpetuate the virus.

A computer virus has the same characteristics as a viral disease.

* It is target specific.

* It is harmful, either consuming valuable resources or destroying information and programs.

* It is infectious because it spreads by replicating itself.

* It can ride other agents such as mainframe computers and local area networks (LANs). Yet, it cannot infect these agents unless they are specific targets.

* It can lie dormant within the carrier agent until it connects to a system that it can infect.

There are two types of viruses: benign and malignant. The benign virus can infect a system without destroying it. It is often designed to consume resources--taking up memory space, slowing down the computer, using up permanent storage space.

The benign virus does not attempt to erase or change the data. Often the benign type passes a message to the operator at a predetermined time or circumstance such as was the case with the IBM virus. Unfortunately, the benign virus more often destroys data and can cost an indeterminable amount of money and computer resources to fix.

The malignant virus intends to do damage. A Palestinian student at the Hebrew University in Jerusalem programmed a virus to destroy all records and data on a particular date. This virus managed to consume a lot of storage space and affect the computers' timing so that they where only able to run at one fifth their normal speed. Had the virus completed all its designed functions, half a billion dollars could have been lost.

Any programmable, general use computer is subject to a virus attack. Computer viruses fall into the following three attack styles:

* Boot infectors. The initial loading sequence that allows computers to function as computers typically starts executing instructions at a predefined location. The instructions following this predefined location are the administrative and technical operations necessary to allow users to interact with the computer system.

Boot infector programs embed themselves in this bootstrap instruction sequence and capture the operation. The virus code replaces the original bootstrap code in its permanent memory. In addition, many boot infectors are capable of trapping warm boots. (A warm boot resets the computer without going through the entire startup process.) The boot infector always remains in control infecting any other system that comes in contact with it.

* System infectors. These viruses attach themselves to system files necessary for the normal operation of the computer. In personal computers (PCs), system files often remain memory resident. System infectors may contaminate these files. They remain dormant until a specific event occurs, such as a preassigned date or time before causing damage.

* Utility and program infectors. By far the most dangerous, these are also the most common. Any program can spread this infection to almost any other program. The newly infected programs can spread the virus further. The process continues exponentially until all programs are victims.

The spreading process occurs in one of two ways: The virus copies itself to every other program in the computer system, thus gaining control each time the infected program executes. This is the most common method. Or, once executed, the virus remains resident and infects each program used after the virus is in control.

Some viruses change the infected file or program's size. They may circumvent the creation date and time. Others hide in the dead space of programs and are invisible to anything other than a binary compare routine. Some reinfect all programs continuously. The most common forms check for infection before attaching themselves.

Viruses are target specific. In nearly every case there must be specific knowledge of the target to develop the virus. It is precisely the widely established standards in PC software that make viruses infectious.

A PC-targeted virus will not infect a mainframe. The mainframe can still be a source or agent of the virus, spreading the disease to other targets.

Even if a virus cannot infect a particular computer system, it can still destroy data files or programs on that system. The virus destroys by erasing or otherwise modifying any information or program it can get to. Destruction by the virus occurs only while the virus is connected to the unaffectable computer system and only to areas it has permission to access.

HOW SUSCEPTIBLE ANY SYSTEM OR PC is to a virus depends on how good the electronic data processing (EDP) security approach is. Vulnerability is directly related to EDP security controls.

The advent of networks and PCs has enlarged the field of users and abusers. Fortunately, the solutions are the same as they always have been: secure computer software and hardware systems that protect against all attacks whether intentional or accidental.

The potential for infection could be significant because of the following facts:

* PCs are not very secure. Most of these systems cannot protect themselves. Administrative rules are the only effective method of minimizing infections.

* Although much better than PCs, most mainframe computer systems are a long way from being secure systems. They are still highly vulnerable. There are secure systems available but limited in application. This scarcity of proven secure systems is being reduced as more vendors respond to business demands.

* PCs and systems have modems. They may upload or download contaminated information from outside sources such as bulletin boards or electronic mail.

* Personnel can bring infected software into the organization disguised as shareware or public domain software.

* A virus can spread via the LANs or wide area networks (WANs).

* Without comprehensive and effective EDP security, malicious users can intentionally create a virus. Detection often occurs only after the virus has spread and caused damage.

Virus prevention should be focused on both the inside and the outside of a system. To reduce virus vulnerability from the outside, adhere to the following suggestions:

* Treat public domain and shareware software with caution.

* Do not use software from bulletin boards or electronic mail.

* Do not connect to a WAN.

* Use password protected computer dial-up telephones to reduce the possibility of an unauthorized user source of contamination.

* Maintain a large source of licensed software to minimize the need for shareware or public domain software.

Reducing the vulnerability or at least minimizing the chance of inside infection can be done by adhering to the following suggestions:

* Never boot from any floppy disk other than the original write-protected diskette from the original distribution package. (Although this still is no guarantee of complete protection, it cuts out everyone but the distributor or developer.) This includes systems with fixed hard disks booting with a floppy.

* Use volume labels when formatting. Develop a habit of checking volume labels for changes each time using the DIR command (display directory in a PC's disk operating system).

* Watch for changes in the pattern of the system's activities or responses. Immediately investigate anything strange that has not happened before.

* Minimize the exchange of executable code between systems wherever possible.

* Write-protect all boot floppies.

* Remove floppies from drive slots and store them in filing cases when they are not being referenced.

* Educate users on the symptoms of viruses.

* Isolate new software until it is tested thoroughly.

* Control new programs on the computer if they have unknown origins.

Determining a virus infection can be technical. It is different for each type of machine. New viruses will differ. Preventing viruses, however, is simple though not necessarily easy. There are no invulnerable systems, just ones not yet broken. Resources should be focused on the most likely targets of viruses. The chances of preventing a virus infection can be increased by complying with the following suggestions:

* Secure the PCs and LANs with both software and hardware.

* Before loading new software, make a complete backup and store it in a safe place.

* Do not allow public domain or shareware programs in a common file server directory accessible by other PCs on the network.

* Do not connect dial-ups to the system without using thoroughly trusted procedures.

* Allow only the system administrator to use the file server node of the LAN.

* Use write-protection hardware systems for hard disks. These hardware systems add processing time to information retrieval and can restrict overall performance. The hardware may limit the types of programs that can be used. However, the protection factor is relatively high for the flexibility lost.

* Use software programs that identify and prevent viruses from infecting or destroying information. Unfortunately, using antiviral software is probably like trying to cure the common cold; no one software will cure all viruses.

* Limit access to the computer and implement solid EDP security policies and procedures.

* Buy trusted network software and hardware that reduces the possibility of virus infections. Unfortunately, trusted network systems will probably be unavailable until after 1990.

While viruses make big news, these programs account for less than one third of the computer crime in the United States (see accompanying chart). The benefit is that the methods used for preventing computer viruses are the same methods that also help prevent other computer crimes. [Chart Omitted]

Lieutenant Commander Phillip V.H. Slayden II is the quality control, configuration management, and software security officer of the Navy Software Maintenance and Development Command in San Diego, CA. He is a member of ASIS.
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Slayden, Phillip V.H., II
Publication:Security Management
Date:Aug 1, 1989
Previous Article:Take the stress out of success.
Next Article:Why don't we get off the fence?

Related Articles
Bird flu frenzy.
A shot against pandemic flu: vaccines would play pivotal role in response.
APHA debuts new Web site, resources, logo for national Get Ready campaign.
New APHA podcasts focus on pandemic, seasonal flu.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters