Computer viruses a real threat Fighting computer viruses has become a familiar task for network administrators and many home users. Several reports have shown that more than 90% of business users encounter viruses in their work. The damage caused by viruses can be significant.The term virus covers a wide range of computer programs that have one thing in common; they replicate in a way that cannot be controlled by their author. This can easily, intentionally or unintentionally, lead to worldwide epidemics where millions of computers may become infected. Significant damage may result even if the virus author did not include malicious code in the virus. Viruses have become a serious problem in the past ten years. The first viruses were merely an annoyance and did not cause much harm. We are now, however, increasingly dependent on computers and the Internet at home and in the work place. New viruses have emerged which benefit from the modern networking technology. This has led to the current situation where new viruses spread faster and faster and even critical systems are increasingly vulnerable to virus hits. What is a virus?By definition, a virus is a computer program that spreads by replicating itself. Viruses can use many known techniques, and they are not restricted to only certain platforms. The ability to replicate is the common criterion that distinguishes viruses from other computer programs. A virus can spread if it has the required technical features, and if the computer user behaves in a certain way. Many viruses are dependent on carriers, or host objects. The host object may be a file or some other entity that is likely to be transmitted to another computer. The virus is linked to the host object in such a way that it activates when the host object is used. Once activated, the virus looks for other suitable carriers and attaches itself to them. Since the host object needs to be activated in order for the virus to replicate, the virus is dependent on the computer users behaviour. In this sense, the user can slow down the replication of viruses. A worm is another type of replicating computer program and is closely related to a virus. The major difference is that a worm is not as dependent on user behaviour as a virus, and it can replicate much faster. However, these terms, virus and worm, are becoming interchangeable. It is quite common today that the word virus is used to describe all kinds of replicating programs, including worms.Why do they spread so quickly?In the early nineties, antivirus vendors used to update their software programs once a month or even every other month. There was no need for more frequent updates, as it took months or even years for a virus to spread from one continent to another. In the late nineties, viruses gradually started to spread faster and faster, and today, you need to update your antivirus program daily to maintain a good level of protection. Why are viruses spreading faster? One answer is that many of the viruses we encounter are actually worms. Worms replicate much faster then viruses because they are less dependent on the user. A worm can send out copies of itself rapidly and independently, when a virus would have to wait for the user to mail files. Worms use clever techniques, such as replying to messages and making the artificial mail messages look like they came from a real person. Another common trick is to include an interesting attachment in the mail message in order to trick the recipient into opening the mail and executing the attachment. Once the attachment executes, the worm activates and the same process starts all over. What can we expect in the future? Worms are not entirely independent; they still need to rely on the person receiving the e-mail. Someone must be tricked into opening the message. This is currently the weakest link in the e-mail worms replication strategy. If the attachment is not opened, the worm cannot replicate. There are, however, pure worms that lack this restriction. They do not depend on e-mail but use TCP/IP traffic instead. A pure worm can finish the whole replication transaction totally without human help. This means that a new generation can emerge in just minutes, or even seconds. We have only seen a few pure worms, and, fortunately, they have been rather slow compared to the potential for this type of malware. Unfortunately, this is likely to change. For more information about the virus problem, including the history, please see:http://www.F-Secure.com/products/white-papers/virus.pdfFor an early warning system, please see:http://www.F-Secure.com/products/radar/Author: Mikael Albrecht, Product Manager Begin | Back
Fighting computer viruses has become a familiar task for network administrators and many home users. Several reports have shown that more than 90% of business users encounter viruses in their work. The damage caused by viruses can be significant.
