Unfortunately, software that intentionally disrupts or damages computers and networks has become everyday business news. However, just because we hear about it and read about it everyday doesn’t mean it all makes sense to us. I hope that today’s column will help clear up some of the confusion.
If you’re like me, you probably have some unanswered questions about this stuff:
- What’s the difference between a virus and a worm?
- How does my computer get infected?
- It never hurts to be overly cautious, does it?
- Why do people write this software?
- What can I do to keep from getting infected?
Let’s consider each of these in turn.
What’s the difference between a virus and a worm?
Both a virus and a worm are malicious software. What do we mean by malicious software? It’s simply a computer program that someone has written with the intent of doing some kind of damage or harm to someone else.
To get specific definitions for the different types of malicious software, I turned to the glossary of terms from McAfee. I’ve paraphrased a bit here to remove some of the technical terms that I didn’t think really added to the discussion.
A virus is a computer program capable of attaching to disks or other files and replicating itself repeatedly, typically without user knowledge or permission.
A worm is a parasitic computer program that replicates, but unlike a virus, does not infect other computer program files. Worms can create copies on the same computer, or can send copies to other computers via a network.
In other words, a virus embeds itself within another file – often a program so that when that file is opened or the program is run, the virus then takes action – including often replicating itself and spreading to other files and other computers. A worm, on the other hand, remains separate from other files.
Both worms and viruses can destroy files and data on their host computers, but they don’t need to. In many cases, just the action of replicating can do plenty of damage. As Wired magazine reports in its most recent issue, the Slammer worm was able to effectively shut down the Internet within 15 minutes merely because of the amount of network traffic it caused. Sometimes, a virus or worm can effectively shut down a computer because it creates so many instances of itself running that it consumes all of the memory and processing power available on the computer.
There’s another kind of malicious software that technically doesn’t fall into the category of either a worm or a virus. McAfee defines a Trojan Horse as a malicious program that pretends to be a benign application. Unlike a virus or a worm, a Trojan horse doesn’t need to replicate itself to do damage. A Trojan horse might spy on your behavior and use information it knows about you to target you with specific types of spam, or it might hijack your Internet connection to make ads pop-up on your screen. Often times Trojan horse software gets installed because it is promoted as free software that performs a useful function – and it actually does do what it’s billed as – but it also performs some kind of malicious damage as well.
How does my computer get infected?
A piece of malicious software is a program – it needs to be run on your computer to start its evil behavior. The most straightforward way for a virus to run on your computer is for you to run it. Most programs on Windows computers end in the .exe file extension. It is very dangerous to run a program unless you know where it came from and you trust the source. I am always very hesitant to run any programs unless I’m completely sure that they are legitimate. As mentioned in my article on spam a couple of weeks ago, it’s possible for a message to arrive “from” someone you trust, even referring to a subject you’ve discussed with that person, but not really be from that person. Be very careful when running any programs that arrive in your e-mail inbox.
The ugly nature of a virus is that it can attach itself to a legitimate program. So, even when you receive a real program from someone you really trust, that doesn’t mean that the file is virus free. If your friend’s computer has been infected, then there’s the risk that you could get infected too. Be very cautious when exchanging programs.
However, programs that don’t look like programs can actually work like programs. Several years ago, Microsoft added some very cool features into Microsoft Office (Word, Excel) so that a program could be embedded in a document. Virus writers quickly learned how to take advantage of this so that simple documents could become carriers of dangerous viruses that could make entire libraries of important files useless. Virus writers have moved on to other file types to figure out how to embed malicious software into the files so that they will be launched when the file is opened.
The most successful viruses have relied heavily on “social engineering” – getting people to unwisely run a program or open a file. The “I love you” and “Kournikova” viruses are perfect examples of this. A Trojan horse, by its nature, is social engineering – convincing people to run a program for the advertised benefit, and unwittingly running the malicious software as well.
However, since worms don’t reside within other files, they often have to force their way into the computer systems they infect. They typically find a flaw in software that is commonly running on systems connected to the Internet to install themselves on computers and begin running. They then immediately begin replicating, often by searching out other computers connected to the one they’ve just infected. A worm is much harder to write, but it is also much harder to defend against. You often have to make a mistake to be infected by a virus, but a worm can infect your system without your participation at all.
It never hurts to be overly cautious, does it?
There’s one more trick that the bad guys use to cause havoc with the rest of us. And that is by launching hoaxes about viruses and worms. In their most harmless form, a hoax merely wastes our time and perhaps bandwidth as people forward a false warning on to all of their friends – thinking that they are doing good, when in fact they are just making the hoax more successful.
However, sometimes, a hoax can do real damage. In some hoaxes, the message will say something like “you may already be infected. Look in this directory. If you see this file, then your computer is infected and you need to take immediate action. You also need to warn everyone with whom you’ve ever exchanged e-mail because they are likely infected as well.” The message then goes on to give detailed instructions for “cleaning” your machine. In reality, what you are doing is removing software that your computer really needs to operate successfully. So, merely by writing some words, these beasts can convince you to destroy your own computer and to get all your friends to do the same.
Pretty scary.
Why do people write this software?
I could go on about the depravity of man in a fallen world and claim some special insight into why people sin, but that would be presumptuous.
People do bad stuff. Smart people like a challenge. Crime can be addictive.
In some cases, the bad guys have specific goals – like hurting a specific company or maybe a specific country. It’s possible that some viruses and worms have actually been a form of terrorism. And some have theorized that the more sophisticated worms and viruses have merely been tests for a future debilitating cyber-terrorist attack.
However, some people actually write this stuff for money. This is most true with the Trojan horse software – where a business can be built around selling personal information or causing ads to be sent to well targeted individuals.
In most cases though, it’s merely another example of irresponsible individuals having no respect for the personal property of others.
I’m sorry I don’t have any deeper explanations than that.
What can I do to keep from getting infected?
The best way to keep from getting infected is to not use e-mail or the web and not to accept programs other than those that you buy at the store that have been written by well known companies. However, even this isn’t completely foolproof, and bypassing e-mail and the web will rob you of the great riches that come from enjoying the communications and information sharing capabilities of the Internet.
The best practical defense is to purchase a quality anti-virus software package and keep it as up to date as possible. As soon as these companies figure out how to detect the latest viruses and worms, the bad guys move on to invent a new way to trick them.
However, there is an additional precaution you can take, if it’s an option for you. Throughout this series of articles I continue to hear from users of non-Microsoft operating systems saying “I don’t have any of those problems.” Since the vast majority of computer users are on Windows computers running software (e.g. Word, Excel, Outlook) written by Microsoft, malicious software developers tend to target Microsoft applications with their viruses and worms. It’s a simple case of making the most impact for their investment in time and effort. Someday, maybe enough computer users will be on Apple or Linux or FreeBSD computers to get the attention of these bad guys, but for now, you are much less likely to encounter problems on one of these alternative systems than on Windows.
Wise behavior and discretion are also important weapons in this fight. Realize that the bad guys are trying every trick they can to get you to make a mistake, to overlook a risk, and to install their evil software on your computer. Stay on the alert and err on the side of caution and you will avoid many headaches.
One of the best ways I know of to keep your defensive reflexes honed is by using the training tool: Flight over Bumblyburg from Big Idea. I can’t do better than Big Idea’s own description of this important tool: “Awful Alvin’s swarm of angry eyebrows are attacking the fair city of Bumblyburg! The city needs a hero! Help Larryboy rid the city of the eyebrows by shooting them with plungers from the high-tech Larry-Plane.” If this doesn’t keep you on your toes, I don’t know what will…
Russ McGuire is Online Director for Business Reform. Prior to joining Business
Reform, Mr. McGuire spent over twenty years in technology industries, performing various roles from writing mission critical software for the nuclear power and defense industries to developing core business strategies in the telecom industry. Mr. McGuire is currently focused on helping businesspeople apply God’s eternal truths to their real-world business challenges through Business Reform’s online services. He can be reached at [email protected].