// you’re reading...

Software

Computer Virus: mostly harmless by definition

virus warning sign
Original image by Totoro!

There seems to be a lot of misconception about computer viruses. While many think that it’s anything that damages one’s computer, it is not entirely so. The fallacy likely originates from the misuse of the term in mass media (similar to how the hacker culture, as in MIT, Stanford, Waterloo, has been getting bad rep over kids running ready-to-cause-damage scripts and getting caught).

A computer virus, on its own, is just a mechanism for a program to replicate itself. Much like in biology, it usually embeds itself into a host program. In the realm of academic study, that is all a program does. Though “in the wild” viruses typically carry some payload code, and that is what we should be most concerned with.

The anti-virus virus

If a virus is able to spread some malicious code, then another virus should be able to spread the fix against it just as well. The is exactly what the, now historic, Creeper / Reaper pair of viruses has done (the latter removing the former).

More recently, a Welchia worm has spread itself to patch the vulnerable systems and attempted to remove the Blaster worm and then itself.

It should be noted that a vast amount of traffic was still generated as a side-effect of the program’s activity, but from an individual computer’s perspective it was better off to have been patched (that is, other than an unexpected reboot during the patch process).

The ‘hello world’ viruses

elk cloner output

Most of the early viruses had the sole purpose of spreading a message. One of the very first viruses — Elk Cloner, simply printed a short poem about itself on startup, and was intended as a joke. Viruses could also be used to spread political messages or bring attention to other issues.

Adware

Adware is software that displays advertisement. And while there are, arguably, legitimate adware programs (mostly IM chat clients such as Yahoo! or MSN messanger), this is one of the driving forces behind viruses — an installed adware program == a tiny revenue stream.

Spyware

Unlike adware, spyware does not display ads to you directly, but tracks your activities for “marketing” research. It could then be coupled with adware to, oddly enough, send you more relevant spam.

A different approach to spyware is to simply attempt to steal your identity and/or creditcard numbers. Just a few successful hits are required to make this operation worthwhile.

Trojans

trojan horse
Original image by ccarlstead

A trojan, much like it’s greek mythology counterpart, is a backdoor access program delivered by a virus (or other means, such as social engineering — when a user is tricked into downloading a trojan, thinking it is something else).

Capable of doing anything, it is commonly used for a remote access to injected computers to buildup botnets — networks used to send out spam or deliver DDoS attacks.

Cryptovirology

Cryptovirology is a “fun” one, in a matter of originality. The idea here is to encrypt the user’s hard-drive and demand a ransom to be paid for the data. Though this is more likely to be executed by a trojan than a virus.

Malware

Malware is where the serious damage comes from. This is the payload designed to break things — delete files, corrupt systems, etc. So while I could stretch my ethical boundaries and imagine the reasoning behind any other sort of an exploit (that being profit), malware does nothing but provide the knowledge of indiscriminatory raw damage done to the systems.

This is unacceptable.

This is also the type of outbreaks that mass media gets all worked up about, but it takes a computer worm to spread so much so fast, not a computer virus (the difference being that a computer worm will propagate itself, instead of having to piggyback on a host program, like viruses do).

So lets get the terminology straight. Malware — very bad. Computer worms — also bad. Computer virus — mostly harmless by definition, it’s the payload that determines just how annoying the result is.

Read more

Uhh... nothing else appears to be relevant enough.

Discussion

  1. Posted by Dot Com Mogul | May 7, 2008, 9:21 am

    I’m using McAfee but it’s due to expire soon. What anti-virus program do you recommend?

    Reply to comment

  2. Posted by Den | May 7, 2008, 3:58 pm

    Yeah, all of the described above is a total disaster on Windows. But, it is already over 2 years since I use Linux and also FreeBSD. Since then, I forgot about viruses, malware, trojans, etc. AFAIK, there are only rootkits available for UNIX-like, UNIX-based systems and they are mostly found on servers. The only real danger are ill minded people that like to destroy and not to build. But life is life, one must be aware, that any computer connected to the internet is already not safe.

    Reply to comment

  3. Posted by Tony | May 7, 2008, 5:12 pm

    As Den (kind of) points out, the best anti-virus is to simply not run every single application with administrator user privileges. Which might mean using an Operating System that is anything but Windows.

    Reply to comment

  4. Posted by Funked | May 7, 2008, 6:13 pm

    I always thought adware, malware and spyware were more or less the same thing. Shows how naive I am when it comes to securing my p.c. It makes me want to move over to mac. Then again, I’m sure that mac users suffer from the same types of thing?

    Reply to comment

  5. Posted by Ty Hurd | May 7, 2008, 7:44 pm

    I have been virus free for sometime, I recommend using Kaspersky AV. Probably the best AV out there, and it’s cheap.

    Reply to comment

  6. Posted by Tony | May 7, 2008, 9:23 pm

    If a user downloads and executes an untrusted application, then obviously any system is vulnerable. The difference is that on Unix based systems (so that includes Macs), users don’t log in as administrators by default, so any damage done is significantly reduced in scope.

    Reply to comment

  7. Posted by Visualizator | May 7, 2008, 10:46 pm

    Kaspersky AV isn’t best )
    I use Avira AntiVir, its much better than Kaspersky and its absolutely free

    Reply to comment

  8. Posted by SMS laen | May 9, 2008, 10:20 am

    The ELK cloner was pretty catchy.

    Reply to comment

  9. Posted by shanker Bakshi | May 9, 2008, 12:13 pm

    I always find it very hard fighting with spyware and malware – Once it had crushed my system for a whole week.

    Reply to comment

  10. Posted by Mark | May 9, 2008, 5:12 pm

    Very informative, I definitely learned something here today. What is everyone’s virus/malware/worm protection of choice?

    Reply to comment

  11. Posted by Ben | May 11, 2008, 10:10 am

    Cryptovirology???
    Never heard of it… but all i can say is…. AWESOME!!!
    Who would have thought of an idea like that? Its actually pretty cool.

    Reply to comment

  12. Posted by jernst | May 13, 2008, 10:02 am

    Nice post, should send it to my parents who seem to think everything bad on a computer is a virus :P .

    Reply to comment

  13. Posted by Ankit | May 15, 2008, 4:13 am

    I dont use any antivirus or firewall and its upto 5 years of now my system never got infected with virus !!
    I think if you have much knowledge about virus and all you can never get infected !!

    Reply to comment

  14. Posted by Tony | May 18, 2008, 1:06 am

    You can never get infected only if you never allow access to any outside system. If you download any file from anywhere, you are putting trust in the sender (or host) to be just as knowledgeable and secure.

    Besides, you are still leaving yourself vulnerable to other methods of distribution. Zero-day worm exploits might breach your system before you even get a chance to get all the right patches.

    Reply to comment

  15. Posted by Mark | May 21, 2008, 1:24 am

    Good post but great replies …. this is exactly true.. windows has great deal of valnurabilities in its operating and even the best reviews antivirus won’t be much effective at windows platform.

    However, what the users can do is be more carefull while instalations of softwares , addon, plugins etc. If you have doubts about any publisher of the software or the location from where you are downloading then save yourself cause it might not be worth taking the risk.

    Reply to comment

  16. Posted by Tony | May 21, 2008, 12:46 pm

    There’s a reason why some downloads come with an md5 signature, and that is to verify that the file has not been altered on hosts’ servers or anywhere in transfer. I suppose that could add some confidence into the downloaded file, but assumes you trust the signature key itself.

    As the advices go — know what you are downloading and where from.

    Reply to comment

  17. Posted by Heather | May 22, 2008, 7:22 pm

    Interesting post…which leaves me thinking!!! I use windows XP..you are saying this system leaves the computer susceptible to all kinds of viruses etc.??

    I’ve had problems in the past…but for the last year or so I’ve been good…”touch wood”…
    I have McAfee… I love my computer and would be lost without it… I don’t know much about other operating systems. What would you suggest??
    Thanks so much…
    Cheers

    Reply to comment

  18. Posted by west158 | May 23, 2008, 4:35 pm

    i reccomend all people use zonealarm security suite, its the best!

    i use it, aint had 1 virus in 10 years, and i use limewire ;)

    Reply to comment

  19. Posted by Sangram | May 24, 2008, 1:49 am

    To keep malware at bay here are some tricks :
    1.Use good firewall
    2.Stop using IE if ur are on Windows(I personally recommend Unix/Linux OS) ,
    3.Dont use any Anti viruses too long (dont depend on only one anti viruses).
    4.Dont download any executable program from untrusted source.
    5.Always get fill of ur Computer Speed. If u experience some sluggishness, its high probability that u had something to worry for.
    6.keep eye on Process CPU usage and their memory consumption
    (U can use Task Manager in Windows and top/gtop/ps in unix based systems)

    I dont recommend MAC OS ( Worst OS )

    Reply to comment

  20. Posted by LINFAG | May 24, 2008, 8:48 pm

    Linux eliminates 100% of Windows viruses, worms, and adware.

    Reply to comment

  21. Posted by Tony | May 25, 2008, 3:39 pm

    @Sangram

    I personally recommend Unix/Linux OS

    I dont recommend MAC OS

    Mac OS X is Unix. Way to show your ignorance and to contradict yourself. Your comment was quite spot on, with plenty of good advice (keeping an eye on the resource consumption is a good idea as it could be quite telling — my CPU idles at 0~2%, so any active background processes will be easily spotted).

    Though you’ve ruined it for yourself with that last line. You have no basis to make such a statement.

    Reply to comment

  22. Posted by Leafy | May 26, 2008, 11:42 am

    NOD32 epicly wins. Takes up barely any resources and almost always wins the VB100% award.

    @LINFAG
    Of course switching to a different operating system would eliminate the need to run virus scanners for a different platform’s viruses.

    Reply to comment

  23. Posted by Text | May 26, 2008, 6:18 pm

    Personally, I have become aware that the biggest security hole in my computer is coming from the Ethernet cord. The internet is where 99% of all damage comes from for most people…unless of course you let random people use your computer on a daily basis in which case this doesn’t apply to you. Nonetheless, if you’re really interested in fighting off malware, viruses, trojans, etc etc, try using Sandboxie. :D

    Basically, Sandboxie creates a virtual “sandbox” for you to play in while you’re using your computer. Almost ANY program can run in the sandbox and once you’re done you empty your sandbox and tada~ it’s like it never happened! I run Firefox in a sandbox and I don’t even use an anti-virus program. I am sort of tech-savvy and for the last year, I haven’t had one single problem with my computer. Haven’t caught one single piece of malicious code in any shape or form thanks to Sandboxie. I install almost every new piece of software into a new sandbox from now on and I no longer need to worry about this crap. It’s about time a better idea came out.

    Point is…TRUST NO PROGRAM. Even ones created by reputable sources because I can’t tell you how many times incompatibility issues have given me headaches.

    Check out Sandboxie when you get the chance. It’s pretty fking sweet. I’d be lost without it.
    http://www.sandboxie.com

    njoy
    -Text

    Reply to comment

  24. Posted by Text | May 26, 2008, 7:24 pm

    Almost forgot to mention…

    because of Sandbox I can intentionally or unintentionally install just about any virus, trojan, malware, or anything and never have to worry about it infecting my computer. Sandboxie makes it like it never happened.

    In fact just the other day I was installing a stolen copy of a video game and unintentionally caught a trojan that wasn’t picked up by this so-called virus scanner. However, I just emptied my sandbox and it was gone. Kinda sweet not having to worry about what to download and what not to download. What to install, what not to install…what email to open, what email not to open, how to ensure you remove every detail of an installed program, etc etc etc…

    Lol, not to mention it enables me to be able to rerun trial software over and over and over again without paying. I just love Sandbox…so far it’s the best computer defense (aside from unplugging) I’ve ever tried.

    Reply to comment

  25. Posted by Haspel | May 27, 2008, 4:40 am

    I have been using AVG free edition for some time now and Im very happy with the results,in the past my anti-virus favorite was Avast! but it wasnt able to detect a few trojans that I had so I switched :) .
    I was also thinking of locking my windows folder some people say it helps what do you guys think?

    Reply to comment

  26. Posted by Harry | May 27, 2008, 10:17 am

    I have a few things to say to all of this.

    First, don’t take computer advice from someone with horrid spelling and grammar. If they can’t even type out ‘your’ ‘you’re’ or any other word for that matter, he or she probably is only repeating secondhand information that he or she heard from other similarly ignorant people.

    Second, ANY OS IS SUSCEPTIBLE TO MALWARE. Yes, that’s right. Windows XP is just as vulnerable to Linux. If you know how to secure your own box, then Windows is just as secure as pretty much anything. If you don’t know how, then you probably are not going to know how to run Unix. On that note, the Macintosh OS is actually good software, but as I said, if you don’t know how to secure it, then it doesn’t matter what you’re running.

    Third, there’s more then just one good antiviral software. McAfee and Norton are not good at all. Anyone who says otherwise is an idiot or ignorant. If you still use either of them after reading this, then you can’t claim ignorance. They both are resource hogs, cost money to renew, and quite frankly, don’t do a very good job at what they’re supposed to do. I would highly recommend ditching either or them.
    Back to good software. Most of the suggestions on here have been good. NOD32 and Kaspersky are very good, if you want commercial software. If you don’t like paying for software and have the decency to not pirate either of these, then AVG is what I’d personally recommend. Other then that, Antivir is good, along with others. A simple google search will find more software, although you need to watch out for Rouge Antivirus software – those that pretend to be legit, only to fill your computer with more malware, and attempt to trick you into purchasing with false positives. I’ve never tried Zonealarm, so I cannot vouch for that.

    Fourth, you need more then just antivirus software. Most antivirus only protects against trojans, worms, and viruses. Spyware, adware, rootkits, malicious data hidden in Alternate Data Streams, etc… generally arn’t covered. Most people can argue about various antivirus software, but Spybot Search & Destroy is pretty much the standard for antispyware software. It works fantastically. Of course, there are still other very good solutions available. I personally use Malwarebytes Antimalware, along with Comodo BOClean, but Spysweeper (not freeware) is also quite good.
    A firewall is also a great addition. By great addition, I mean if you don’t have one, you’re quite vulnerable. Again, may companies make good firewalls. Comodo, Outpost, AVG, there are plenty. Again, using google common sense will find you a good one. (I personally recommend Comodo).
    …Do not use Windows firewall. The only thing I’ve ever seen it block is Windows
    Update.

    Fifth: “i use it, aint had 1 virus in 10 years, and i use limewire”
    Don’t be that guy.

    Sixth: “Linux eliminates 100% of Windows viruses, worms, and adware.”
    Or him.

    Seventh (to tony): Good, informative article. Thank you for posting.

    Reply to comment

  27. Posted by Ken | May 28, 2008, 9:36 am

    I am a Windows user who gave up on anti-everything software. Running Vista SP1 with UAC turned on. Do not run an admin account and neither do my family.

    I do run a scan periodically, but do not have any anti-badware running continuously.

    I work for a company that has a number of computers exposed to the Internet for various reasons. One of them is a monitoring PC I set up to have access to a remote system. WinXP Pro SP2, Windows firewall with a number of open ports, no anti-virus, public IP address. I watch this machine fairly closely and have had no problems at all.

    Reply to comment

  28. Posted by Adie | January 8, 2009, 3:33 pm

    I have a huge question for anyone who would know which is the best of the best antivirus and what nots for a new laptop that i’m going to buy. what would be the best one to get? please comment back!!! ^_____^
    i know that there’s macacfy and notron but they don’t stop all the viruses and trojans and what nots thanks

    Reply to comment

Post a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>