Infection and Protection
How does a computer become infected with a virus? in the past the
majority of computers were standalone computers which were not connected
to a network (such as the Internet). Therefore, for the majority
of computers, it was difficult for viruses to find a way to infect
them. The first ever virus (Creeper) was spread across a computer
network. In the past, viruses were mostly spread by removable media
like floppy disk and CD's. Pirate software was stored on floppy
disk and CD's: the ideal place to install a virus.
However, it is fair to say that during that era - 1970's and 1980's
- virus creation was a "cottage industry" and a hobby
of software writers. Only by the late 1980's and early 1990's did
computer users slowly begin to use computers networks - like the
Internet - on a daily basis. Computer networks provide far more
opportunities for virus infection, and far more opportunities to
steal important private information like financial details.
The popularity of the Internet, and the services provided by the
Internet, has given virus writers many "vehicles" by which
to spread their work. Email attachments are a common route by which
a computer can become infected by a virus. The World Wide Web is
another prominent Internet service where users can become infected
with a virus: a growing number of websites have been unwittingly
comprised, and viruses embedded into their content: for example,
infected ActiveX elements.
It is difficult to classify how a virus infects a computer system:
some viruses will infect executable files (.exe); some viruses will
infect the hard disk boot sector; and other viruses will infect
data files (wordprocessor files). Likewise, some viruses will reside
in the memory (ram) of a computer system, whereas other viruses
will only remain in the memory (ram) of a computer system until
it has found a file to infect. Viruses also attempt to hide themselves
from anti-virus detection, some basic stealth strategies are: not
increasing the size of the file, and, ensuring the modification
date of the file remains the same.
So, how does a user protect their computer system against a virus?
the first step is to install an anti-virus program. When a virus
attaches itself to a file or program, and modifies that file it
leaves a signature. Anti-virus software scans each file to detect
the signature of a virus; therefore, anti-virus software is good
for detecting virus signature's it knows, but has no protection
against viruses it does not know, or for new viruses. Therefore,
it is important to install the latest update for an anti-virus program:
so that it's database of virus signature's is as extensive as possible.
To recap, a user should try to:
- Install anti-virus software to
quarantine and remove any viruses.
- Keep anti-virus software up-to-date.
- Install a personal firewall.
- Use Windows / Apple / Linux updates. (patch security holes)
- Install the latest version of a web browser. (patch security
- Keep any program which connects to the Internet up-to-date.
(patch security holes)
How a user operates their computer will also dictate the likelihood
of their computer being infected with a virus. If a user does not
connect to computer networks - like the Internet - and only installs
software from trusted software vendors: then the likelihood of being
infected by a virus is virtually nonexistent. If a user only uses
Internet services they have verified can be trusted, then the likelihood
of downloading a file which contains a virus is low. However, if
a user visits websites they have not verified are secure, they download
files from unknown sources, and install questionable plugins and
programs: then the likelihood of being infected by a virus are increased
Viruses and Operating Systems
The vast majority of viruses tend to attack vulnerabilities in
the Windows operating system: as it's the most widely used platform.
The first virus which attacked the Windows operating system is believed
to be WinVir (Windows 3.0). Security experts are usually in agreement
that other operating systems - Unix, Linux and MacOS - are more
secure than Windows and have a more robust and standarised environment.
However, it may be the case that the vulnerabilities in these operating
system have not been explored because virus writers are primarily
focused on writing viruses to infect the Windows operating system.
Computer viruses have an extensive history, and it is believed
that John von Neumann first outlined a theory for computer viruses
in an article named "The theory of self-reproducing automata"
in 1949. The first computer virus is believed to be Creeper, which
was released in 1971. The Creeper virus infected ARPANET; which
was one of the first computer networks to use packet switching and
the first computer network to use TCP/IP. The technological underpinning
of ARPANET is used on the Internet (TCP/IP). ARPANET was a computer
network which connected nodes (computers) using a variety of operating
systems. The Creeper virus tended to attack ARPANET nodes which
used the TENEX, TOPS-20, TOPS-10, ITS and WAITS operating systems.
The Unix operating system was infected in 1988 by the first computer
worm; a worm is similar to a virus. The Morris worm infected computers
that ran the BSD UNIX operating system; Berkeley Software Distribution
of Unix, also referred to as Berkeley Unix. During 1988, the Ping-Pong
virus infected computers running the MS-DOS operating system, and
the Festering Hate virus infected computers running the ProDOS operating
system (Apple version of DOS). However, by the 1990's, and the release
of Windows, the majority of viruses infected computers running Windows;
one such example being the Happy99 virus.
In 2004, out of all the viruses identified by McAfee, only a handful
targeted the Macintosh platform. However, there has been some notable
viruses which have attacked the Macintosh platform, such as: INIT-29-B
and Hypercard HC-9507. One of the first viruses to target an Apple
operating system was Elk Cloner, which was created by Richard Skrenta
in 1982. The most famous Apple Macintosh virus/worm is AutoStart
- which originated in Asia in 1998. AutoStart was first identified
on Hong Kong computer systems, and then spread across global computer
systems. AutoStart used QuickTime's AutoStart function, and infected
any PowerPC system that ran MacOS. The AutoStart virus added invisible
files to every disk partition and also overwrote data files with
random data. The fallout caused by the AutoStart virus led to John
Norstad shutting down Disinfectant: a shareware program, which was
a popular alternative to commercial anti-virus packages.
Therefore, while viruses tend to focus on security "holes"
within the Windows operating system, it should not be assumed that
other operating systems are immune to viruses.