A plethora of negative magazine articles and books have
catalyzed a new kind of hypochondria among computer users: an
unreasonable fear of computer viruses. This hypochondria is pos-sible because a) computers are very complex machines which will
often behave in ways which are not obvious to the average user, and
b) computer viruses are still extremely rare. Thus, most computer
users have never experienced a computer virus attack. Their only
experience has been what they’ve read about or heard about (and
only the worst problems make it into print). This combination of
ignorance, inexperience and fear-provoking reports of danger is the
perfect formula for mass hysteria.
Most problems people have with computers are simply
their own fault. For example, they accidentally delete all the files
in their current directory rather than in another directory, as they
intended, or they format the wrong disk. Or perhaps someone
routinely does something wrong out of ignorance, like turning the
computer off in the middle of a program, causing files to get
scrambled. Following close on the heels of these kinds of problems
are hardware problems, like a misaligned floppy drive or a hard
disk failure. Such routine problems are made worse than necessary
when users do not plan for them, and fail to back up their work on
a regular basis. This stupidity can easily turn a problem that might
have cost $300 for a new hard disk into a nightmare which will
ultimately cost tens of thousands of dollars. When such a disaster
happens, it is human nature to want to find someone or something
else to blame, rather than admitting it is your own fault. Viruses
have proven to be an excellent scapegoat for all kinds of problems.
Of course, there are times when people want to destroy
computers. In a time of war, a country may want to hamstring their
enemy by destroying their intelligence databases. If an employee
is maltreated by his employer, he may want to retaliate, and he may
not be able to get legal recourse. One can also imagine a totalitarian
state trying to control their citizens’ every move with computers,
and a group of good men trying to stop it. Although one could smash
a computer, or physically destroy its data, one does not always have
access to the machine that will be the object of the attack. At other
times, one may not be able to perpetrate a physical attack without
facing certain discovery and prosecution. While an unprovoked
attack, and even revenge, may not be right, people still do choose
such avenues (and even a purely defensive attack is sure to be
considered wrong by an arrogant agressor). For the sophisticated
programmer, though, physical access to the machine is not neces-sary to cripple it.
People who have attacked computers and their data have
invented several different kinds of programs. Since one must obvi-ously conceal the destructive nature of a program to dupe somebody
into executing it, deceptive tricks are an absolute must in this game.
The first and oldest trick is the “trojan horse.” The trojan horse may
appear to be a useful program, but it is in fact destructive. It entices
you to execute it because it promises to be a worthwhile program
for your computer—new and better ways to make your machine
more effective—but when you execute the program, surprise! Sec-ondly, destructive code can be hidden as a “logic bomb” inside of
an otherwise useful program. You use the program on a regular
basis, and it works well. Yet, when a certain event occurs, such as
a certain date on the system clock, the logic bomb “explodes” and
does damage. These programs are designed specifically to destroy
computer data, and are usually deployed by their author or a willing
associate on the computer system that will be the object of the
attack.
There is always a risk to the perpetrator of such destruction.
He must somehow deploy destructive code on the target machine
without getting caught. If that means he has to put the program on
11 The Little Black Book of Computer Viruses
the machine himself, or give it to an unsuspecting user, he is at risk.
The risk may be quite small, especially if the perpetrator normally
has access to files on the system, but his risk is never zero.
With such considerable risks involved, there is a powerful
incentive to develop cunning deployment mechanisms for getting
destructive code onto a computer system. Untraceable deployment
is a key to avoiding being put on trial for treason, espionage, or
vandalism. Among the most sophisticated of computer program-mers, the computer virus is the vehicle of choice for deploying
destructive code. That is why viruses are almost synonymous with
wanton destruction.
However, we must realize that computer viruses are not
inherently destructive. The essential feature of a computer program
that causes it to be classified as a virus is not its ability to destroy
data, but its ability to gain control of the computer and make a fully
functional copy of itself. It can reproduce. When it is executed, it
makes one or more copies of itself. Those copies may later be
executed, to create still more copies, ad infinitum. Not all computer
programs that are destructive are classified as viruses because they
do not all reproduce, and not all viruses are destructive because
reproduction is not destructive. However, all viruses do reproduce.
The idea that computer viruses are always destructive is deeply
ingrained in most people’s thinking though. The very term “virus”
is an inaccurate and emotionally charged epithet. The scientifically
correct term for a computer virus is “self-reproducing automaton,”
or “SRA” for short. This term describes correctly what such a
program does, rather than attaching emotional energy to it. We will
continue to use the term “virus” throughout this book though,
except when we are discussing computer viruses (SRA’s) and
biological viruses at the same time, and we need to make the
difference clear.
If one tries to draw an analogy between the electronic world
of programs and bytes inside a computer and the physical world we
know, the computer virus is a very close analog to the simplest
biological unit of life, a single celled, photosynthetic organism.
Leaving metaphysical questions like “soul” aside, a living organ-ism can be differentiated from non-life in that it appears to have
two goals: (a) to survive, and (b) to reproduce. Although one can
The Basics of the Computer Virus 12
raise metaphysical questions just by saying that a living organism
has “goals,” they certainly seem to, if the onlooker has not been
educated out of that way of thinking. And certainly the idea of a
goal would apply to a computer program, since it was written by
someone with a purpose in mind. So in this sense, a computer virus
has the same two goals as a living organism: to survive and to
reproduce. The simplest of living organisms depend only on the
inanimate, inorganic environment for what they need to achieve
their goals. They draw raw materials from their surroundings, and
use energy from the sun to synthesize whatever chemicals they need
to do the job. The organism is not dependent on another form of life
which it must somehow eat, or attack to continue its existence. In
the same way, a computer virus uses the computer system’s re-sources like disk storage and CPU time to achieve its goals. Spe-cifically, it does not attack other self-reproducing automata and
“eat” them in a manner similar to a biological virus. Instead, the
computer virus is the simplest unit of life in this electronic world
inside the computer. (Of course, it is conceivable that one could
write a more sophisticated program which would behave like a
biological virus, and attack other SRA’s.)
Before the advent of personal computers, the electronic
domain in which a computer virus might “live” was extremely
limited. Computers were rare, and they had many different kinds
of CPU’s and operating systems. So a tinkerer might have written
a virus, and let it execute on his system. However, there would have
been little danger of it escaping and infecting other machines. It
remained under the control of its master. The age of the mass-pro-duced computer opened up a whole new realm for viruses, though.
Millions of machines all around the world, all with the same basic
architecture and operating system make it possible for a computer
virus to escape and begin a life of its own. It can hop from machine
to machine, accomplishing the goals programmed into it, with no
one to control it and few who can stop it. And so the virus became
a viable form of electronic life in the 1980’s.
Now one can create self-reproducing automata that are not
computer viruses. For example, the famous mathematician John
von Neumann invented a self-reproducing automaton “living” in a
grid array of cells which had 29 possible states. In theory, this
13 The Little Black Book of Computer Viruses
automaton could be modeled on a computer. However, it was not a
program that would run directly on any computer known in von
Neumann’s day. Likewise, one could write a program which simply
copied itself to another file. For example “1.COM” could create
“2.COM” which would be an exact copy of itself (both program
files on an IBM PC style machine.) The problem with such concoc-tions is viability. Their continued existence is completely depend-ent on the man at the console. A more sophisticated version of such
a program might rely on deceiving that man at the console to
propagate itself. This program is known as a worm. The computer
virus overcomes the roadblock of operator control by hiding itself
in other programs. Thus it gains access to the CPU simply because
people run programs that it happens to have attached itself to
without their knowledge. The ability to attach itself to other pro-grams is what makes the virus a viable electronic life form. That is
what puts it in a class by itself. The fact that a computer virus
attaches itself to other programs earned it the name “virus.” How-ever that analogy is wrong since the programs it attaches to are not
in any sense alive.
From the Book Of Mark A. Ludwig
catalyzed a new kind of hypochondria among computer users: an
unreasonable fear of computer viruses. This hypochondria is pos-sible because a) computers are very complex machines which will
often behave in ways which are not obvious to the average user, and
b) computer viruses are still extremely rare. Thus, most computer
users have never experienced a computer virus attack. Their only
experience has been what they’ve read about or heard about (and
only the worst problems make it into print). This combination of
ignorance, inexperience and fear-provoking reports of danger is the
perfect formula for mass hysteria.
Most problems people have with computers are simply
their own fault. For example, they accidentally delete all the files
in their current directory rather than in another directory, as they
intended, or they format the wrong disk. Or perhaps someone
routinely does something wrong out of ignorance, like turning the
computer off in the middle of a program, causing files to get
scrambled. Following close on the heels of these kinds of problems
are hardware problems, like a misaligned floppy drive or a hard
disk failure. Such routine problems are made worse than necessary
when users do not plan for them, and fail to back up their work on
a regular basis. This stupidity can easily turn a problem that might
have cost $300 for a new hard disk into a nightmare which will
ultimately cost tens of thousands of dollars. When such a disaster
happens, it is human nature to want to find someone or something
else to blame, rather than admitting it is your own fault. Viruses
have proven to be an excellent scapegoat for all kinds of problems.
Of course, there are times when people want to destroy
computers. In a time of war, a country may want to hamstring their
enemy by destroying their intelligence databases. If an employee
is maltreated by his employer, he may want to retaliate, and he may
not be able to get legal recourse. One can also imagine a totalitarian
state trying to control their citizens’ every move with computers,
and a group of good men trying to stop it. Although one could smash
a computer, or physically destroy its data, one does not always have
access to the machine that will be the object of the attack. At other
times, one may not be able to perpetrate a physical attack without
facing certain discovery and prosecution. While an unprovoked
attack, and even revenge, may not be right, people still do choose
such avenues (and even a purely defensive attack is sure to be
considered wrong by an arrogant agressor). For the sophisticated
programmer, though, physical access to the machine is not neces-sary to cripple it.
People who have attacked computers and their data have
invented several different kinds of programs. Since one must obvi-ously conceal the destructive nature of a program to dupe somebody
into executing it, deceptive tricks are an absolute must in this game.
The first and oldest trick is the “trojan horse.” The trojan horse may
appear to be a useful program, but it is in fact destructive. It entices
you to execute it because it promises to be a worthwhile program
for your computer—new and better ways to make your machine
more effective—but when you execute the program, surprise! Sec-ondly, destructive code can be hidden as a “logic bomb” inside of
an otherwise useful program. You use the program on a regular
basis, and it works well. Yet, when a certain event occurs, such as
a certain date on the system clock, the logic bomb “explodes” and
does damage. These programs are designed specifically to destroy
computer data, and are usually deployed by their author or a willing
associate on the computer system that will be the object of the
attack.
There is always a risk to the perpetrator of such destruction.
He must somehow deploy destructive code on the target machine
without getting caught. If that means he has to put the program on
11 The Little Black Book of Computer Viruses
the machine himself, or give it to an unsuspecting user, he is at risk.
The risk may be quite small, especially if the perpetrator normally
has access to files on the system, but his risk is never zero.
With such considerable risks involved, there is a powerful
incentive to develop cunning deployment mechanisms for getting
destructive code onto a computer system. Untraceable deployment
is a key to avoiding being put on trial for treason, espionage, or
vandalism. Among the most sophisticated of computer program-mers, the computer virus is the vehicle of choice for deploying
destructive code. That is why viruses are almost synonymous with
wanton destruction.
However, we must realize that computer viruses are not
inherently destructive. The essential feature of a computer program
that causes it to be classified as a virus is not its ability to destroy
data, but its ability to gain control of the computer and make a fully
functional copy of itself. It can reproduce. When it is executed, it
makes one or more copies of itself. Those copies may later be
executed, to create still more copies, ad infinitum. Not all computer
programs that are destructive are classified as viruses because they
do not all reproduce, and not all viruses are destructive because
reproduction is not destructive. However, all viruses do reproduce.
The idea that computer viruses are always destructive is deeply
ingrained in most people’s thinking though. The very term “virus”
is an inaccurate and emotionally charged epithet. The scientifically
correct term for a computer virus is “self-reproducing automaton,”
or “SRA” for short. This term describes correctly what such a
program does, rather than attaching emotional energy to it. We will
continue to use the term “virus” throughout this book though,
except when we are discussing computer viruses (SRA’s) and
biological viruses at the same time, and we need to make the
difference clear.
If one tries to draw an analogy between the electronic world
of programs and bytes inside a computer and the physical world we
know, the computer virus is a very close analog to the simplest
biological unit of life, a single celled, photosynthetic organism.
Leaving metaphysical questions like “soul” aside, a living organ-ism can be differentiated from non-life in that it appears to have
two goals: (a) to survive, and (b) to reproduce. Although one can
The Basics of the Computer Virus 12
raise metaphysical questions just by saying that a living organism
has “goals,” they certainly seem to, if the onlooker has not been
educated out of that way of thinking. And certainly the idea of a
goal would apply to a computer program, since it was written by
someone with a purpose in mind. So in this sense, a computer virus
has the same two goals as a living organism: to survive and to
reproduce. The simplest of living organisms depend only on the
inanimate, inorganic environment for what they need to achieve
their goals. They draw raw materials from their surroundings, and
use energy from the sun to synthesize whatever chemicals they need
to do the job. The organism is not dependent on another form of life
which it must somehow eat, or attack to continue its existence. In
the same way, a computer virus uses the computer system’s re-sources like disk storage and CPU time to achieve its goals. Spe-cifically, it does not attack other self-reproducing automata and
“eat” them in a manner similar to a biological virus. Instead, the
computer virus is the simplest unit of life in this electronic world
inside the computer. (Of course, it is conceivable that one could
write a more sophisticated program which would behave like a
biological virus, and attack other SRA’s.)
Before the advent of personal computers, the electronic
domain in which a computer virus might “live” was extremely
limited. Computers were rare, and they had many different kinds
of CPU’s and operating systems. So a tinkerer might have written
a virus, and let it execute on his system. However, there would have
been little danger of it escaping and infecting other machines. It
remained under the control of its master. The age of the mass-pro-duced computer opened up a whole new realm for viruses, though.
Millions of machines all around the world, all with the same basic
architecture and operating system make it possible for a computer
virus to escape and begin a life of its own. It can hop from machine
to machine, accomplishing the goals programmed into it, with no
one to control it and few who can stop it. And so the virus became
a viable form of electronic life in the 1980’s.
Now one can create self-reproducing automata that are not
computer viruses. For example, the famous mathematician John
von Neumann invented a self-reproducing automaton “living” in a
grid array of cells which had 29 possible states. In theory, this
13 The Little Black Book of Computer Viruses
automaton could be modeled on a computer. However, it was not a
program that would run directly on any computer known in von
Neumann’s day. Likewise, one could write a program which simply
copied itself to another file. For example “1.COM” could create
“2.COM” which would be an exact copy of itself (both program
files on an IBM PC style machine.) The problem with such concoc-tions is viability. Their continued existence is completely depend-ent on the man at the console. A more sophisticated version of such
a program might rely on deceiving that man at the console to
propagate itself. This program is known as a worm. The computer
virus overcomes the roadblock of operator control by hiding itself
in other programs. Thus it gains access to the CPU simply because
people run programs that it happens to have attached itself to
without their knowledge. The ability to attach itself to other pro-grams is what makes the virus a viable electronic life form. That is
what puts it in a class by itself. The fact that a computer virus
attaches itself to other programs earned it the name “virus.” How-ever that analogy is wrong since the programs it attaches to are not
in any sense alive.
From the Book Of Mark A. Ludwig
No comments:
Post a Comment