The Virus Phenomena ******************************************* Based on the thinking that everyone actually needs something to worry about, the computer virus paranoia seems a natural. It sorter reminds me of "Chicken Little" and the "Boy who cried Wolf". In any case, talk of computer viruses seems to be dominating computer conversation everywhere. To make some sense of this business there should at least be a consensus of opinion on a few basic definitions. This would make it possible for two people desiring to discuss the phenomena to essentially be talking about the same thing. There seems to be as much division over the composition of these "Bug" adjectives as there are words in Websters dictionary. I make no claims to being any kind of authority but for purposes of being able to discuss this further, I will give my own definitions. This will at least allow you to understand my point of view. #1) VIRUS Primary Characteristics: Capable of attaching to or replacing some of the operating system or application code and then replicating itself and infecting other computers via a portable storage media or system network. Has a mechanism to activate, otherwise dormant. #2) WORM Primary Characteristics: Remains buried or dormant until triggered. Same as above except for ability to replicate and spread. Usually intended to slow down a system by causing endless, unnecessary cpu activity. #3) TROJAN Primary Characteristics: It appears, says, and acts like some particular application software but in reality is intended by design to do harm to your storage media. More often harmless. This seems simple enough. Now lets explore the possibilities. The most heinous of all possible infections (in theory) would be a virus that somehow replaces some of the code in your operating system programs in such a way as to be virtually undetectable and ready to strike. To be undetectable, it must be able to do the following. Either not change the total bytes of the file or fool DOS into believing it has not. Not change the results of the most accurate form of testing file integrity, that of a 32bit cyclic redundant check (or CRC test) or at least fool the test. The likelihood of fooling these test, is for practical purposes, not likely to happen. Of course, hardly no one is going to take the trouble to run these test on their system software with any regularity anyway, so your exposure lies here. Before I continue, let me say there is ONLY one real practical prevention you can take, and that'd BACKUP, BACKUP, BACKUP. The three magic words in successful data processing. Backup is to the data processor what oxygen is to the animal, no matter what, you really can't do without it. With backups, you can sooner or later recover from anything. Without it, you eventually loose. Now, what about all these so called "virus strings". Well right off I am going to say poo poo ka ka. Without getting too deep into the machine code requirements of the various processors, I have disassembled every so called "virus" string ever published and (unless they were segments removed from the whole) have proven to be incapable of doing anything. They all do seem to have a common denominator. They all seem to have a DOS Interrupt call to a vital service (like Int 21). This is like pulling an empty Model 66 S&W in a crowd of people. There are guaranteed to be a few who will immediately recognize the piece and the possibility of danger, assuming the worst. (the gun to be loaded). But, it takes a lot more code than whats presented to get something going. (like starting a low level format of your hard drive). Almost all programs make use of both BIOS and DOS Interrupt services to get things done. Some even in a way that could possibly raise the spectacle of a so called "Virus Scanner", but its just B.S. (Biting Science ) The bottom line thus seems to indicate that some clever individuals are involved in one of the biggest SCAMS in computer history. There is no question profits are the motivation. The bigger the lie the more likely it will attain a larger audience too. Sooooo, why are so many users yelling "Wolf"? There are several good explanations for it. First, the worst enemy of a computer is its operator. Second, if he screws up and corrupts the hard drive, he will be the last to ever admit it. He sure doesn't want the boss to know of his incompetence. Whats the best out? Yep, you got it. Yell Virus!!!! Sometimes, the operator can cause a problem without even knowing he was actually responsible. Example, playing with TSR's. Those devilishly attractive utilities that unfortunately have a bad time living in harmony with other TSR's and even some application software. (example: two poorly written TSRs try for the same DOS call at the same time....i.e. CRASH). Then, there is the problem of NORMAL USE. Your hard and floppy drive are not perfect. Sooner or later, through normal use, a fleck of magnetic media will pop off the platter leaving a corrupted file. Finally, ever read the disclaimers on some application software packages that says "If you attempt this, RESULTS ARE UNPREDICTABLE" Well, its one thing to write code successfully to get it to do what you want, but its an entirely different story in designing code to prevent it also from doing something you don't want. Here, there are lots of possibilities that either your well written operating system or application code or a combination of the two can produce un-anticipated by-products. Anyone who has ever uses Dbase knows about "lost clusters" sooner or later. In conclusion, I have investigated over 60 claims of virus/worm infection through my consulting company and have yet to find a "real mccoy". I have come across several trojan programs. And most of those were of the harmless "April Fool" variety. I have found "semi-knowledgeable" employees editing sector 1 of a floppy with some disk editor capable of absolute addressing like PCTools and trying to pull one over their employer in an attempt to make themselves look indispensable. (This is common in government installations). I have also worked with some highly knowledgeable individuals who, after experiencing network problems, reasonable believed a virus problem to exist. Again, after exhausting all possibilities, no viruses, no worms. I hate to be the one throwing cold water because I happen to be one who BELIEVES in Extra terrestrial Beings. But, until I get proof, its only a belief. I wont KNOW it till I actually have proof. Meanwhile, should the everyday computer user be taking any extra- ordinary means of self defense. Emphatically NOT, unless you rate daily backups extraordinary. Tell those money sucking "Virus Finders to shove it where the sun don't shine". Lord Gamma ------------------- END -------------------