Association for Progressive Communications:
'Participating With Safety'
A series of briefings on information security and on-line safety for civil society organisations
Written by Paul Mobbs for the Association for
Progressive Communications, 2002.
© 2002-2008 APC/Paul Mobbs, released under The Gnu Free Documentation License (GFDL), version 1.2.
For further information contact: http://www.fraw.org.uk/mei/ or firstname.lastname@example.org.
For a PDF version of this document, click here.
For a Word version of this document, click here.
This briefing is one of a series on Information Security. It looks at:
A virus is an executable programme, a set of instructions that manipulate the functions of your computer's operating system. The early, simple computer viruses consisted of just two commands firstly a check for a particular condition (be it the date or some other criteria) and then a call to the program that formats the computer's hard disk.
Many of the earlier viruses were transmitted from file-to-file on a computer as people shared files or floppy disks. Today the most common way to catch a virus is via the Internet. But instead of something simple, such as formatting your hard disk, Internet-borne viruses are far more complex. Many will read your email address book and forward themselves, when you next check your email, to all your friends.
'Virus' is actually a generic term for software that is harmful to your system. They spread via disks, or via a network, or via services such as email. Irrespective of how the virus travels, its purpose is to use or damage the resources of your computer. The first viruses were spread as part of computer programs, or by hiding in floppy disks. Most modern viruses are spread by Internet services, in particular email.
The problem with viruses is that the threat is often worse than the reality. For that reason a lot of people have made a lot of money out of hyping viruses and then selling the antidote. For example, many of the X thousand viruses that software companies talk about have never actually entered the real world. They are the result of laboratory tests of particular security problems on computer systems to see if a virus could work in that way. Having established that it could be a problem, they note the particular signature such a virus would have, and that's what the virus checker looks for.
The greatest effect of viruses tend not to be the destruction of data, but taking up people's time. For example, virus hoaxes spread by email tend to surface every now and again, usually under the title 'PEN PAL GREETINGS' or such like. In itself it is the ultimate virus because you consciously spread the panic every time you forward it to your friends. That's the thing about computers a lot of people don't know how they work, so they are easily deceived.
Viruses are not a marginal issue. Some have talked of viruses as a means of checking for security flaws in computer networks and automatically fixing the flaws in the programs. More recently, the US Federal Bureau of Investigation (FBI) has been rumoured to be developing a virus called 'Magic Lantern' that can penetrate computer systems and, under certain conditions, send copies of encryption keys and security information back to the FBI. Therefore computer viruses are not just a threat to a system they are also a more general security threat.
« back to top »
It is impossible to receive any type of virus in a plain text email message, or in most word processor files, compressed data files (such as PKZip/GZip), database or spreadsheet files these are not executable programs. The only exception to this is where a file contains Visual Basic or other code as part of a user-defined algorithm or program, or embedded 'object code' that may be executed by the software application.
To make the virus resident in your system you have to actually execute the program. That means:
File viruses, where program code transfers from one file to another, whilst a problem some years ago are now in decline. The great problem today are:
Programs such as Microsoft Outlook are very insecure because they attempt to integrate email into the rest of the operating system. Whilst this is a very useful way of simplifying the operation of the computer for beginners, it is a serious security risk. Virus writers exploit this feature to instal their virus on your system. This feature cannot be turned off from Windows, although following the havoc caused by the 'I Love You' some companies developed software to block viruses exploiting the flaws in Microsoft Outlook.
When people try to read email which contains visual basic code they will, when people try to real emails, Outlook forces the system to interpret the code and in the process this activates the macro-virus.
Attachments are another problem. When people receive a screen saver or 'promotional program' they will often, because they are not aware of the risk, run the program. But the flaws in the Microsoft system mean that the vast majority of viruses are specific to Microsoft software, and so users of the Macintosh and Linux systems are relatively immune to virus problems.
Any message sent through commonly available email programs is either just plain text or an encoded plain text file. As such it can harbour no executable code, and most operating systems would reject a request to try and execute such a file. So you can't get a virus by reading an email, or exchanging/chopping the text of an email into another application.
The only danger is that you may unknowingly download a programme as part of an attachment to an email. But if you keep your email attachment directory separate from your system files the program cannot be accidentally run unless you specifically request it to be.
How you deal with viruses is also dependent upon your role. This briefing deals with the individual computer user. For users who are part of local networks there are different issues related to networked systems. For example, it is important to prevent a virus accessing one part of the network; therefore the use of floppy disk on networked computers might be restricted. Those who run email Servers also have a role to play. Servers can have anti-virus software running with the email server, preventing the transmission of attachments that are known to contain viruses. Internet users should ask if their service provider is blocking viruses at the server, and to install this feature if they are not.
« back to top »
How viruses assimilate your computer
Your greatest likelihood of contracting a virus today is from the Internet. The use of virus checkers in the computer industry has stopped the spread of most viruses via disks. But viruses exploit the way computers execute other types of programs or scripts as part of email or shared software.
There are four common sources of viruses via the Internet:
The practical meaning of the above is that you can't catch a virus from a plain text file, or a standard plain text HTML file, or an FTP/Gopher/Telnet connection. The main danger comes from WWW browsers if the 'helpers' are set to execute programs such as '.EXE' or '.BAT' files when they are loaded, you will be unable to prevent loading a virus.
« back to top »
There are three very simple tips for significantly reducing the risks of having problems with viruses:
If you have a little more knowledge on the use of computers, the following may be helpful:
« back to top »
Linux and viruses
Linux systems are far less susceptible to viruses because of the partitioning of the system, and the controls over the installation of software. But because many Linux users share and distributed programs over the 'Net, it is possible that someone could distribute a trashing program. However, the likelihood that such as program would do any significant damage to the system, except to the user who ran it, means that the system would not suffer fatal damage unless the program exploited a security flaw in the operating system.
« back to top »
Copyright © 2001-2008 Association for Progressive Communications (APC) and Paul Mobbs. Further contributions, editing and translation by Karen Banks, Michael de Beer, Roman Chumuch, Jim Holland, Marek Hudema, Pavel Prokopenko and Pep Turro. The project to develop this series of briefings was managed by the Association for Progressive Communications, and funded by OSI.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version (see http://www.gnu.org/copyleft/ for a copy of the license). You can also download the license here.
Please note that the title of the briefing and the 'free documentation license' section are protected as 'invariant sections and should not be modified.
For more information about the Participating With Safety project, or if you have questions about the briefings, contact email@example.com.
Paul Mobbs/Mobbs' Environmental Investigations Archive
© 2002-2008 APC/Paul Mobbs. This document has been released under The Gnu Free Documentation License (GFDL, version 1.2).