General overview of viruses. From a file on PunterNet:

Msg #  : 2285 of 2977 - Ref 9163
From   : DAVID WILLIAMS (+102)
To     : ALL (MIKE FELLHAUER)
Rec'd  : 0048h on 14-Oct-89 * TNSS
Subject: viruses

Base   : Where's The Beef???
Node   : Toronto, ONT

Mailed : 0924h on 12-Oct-89 * RBRADLEY

The first thing to realize about
viruses is that they are created by
anti-social, but extremely clever,
programmers. For this reason, all
generalities about them are suspect.
Whatever may be true about all viruses
that have appeared up to now may be
untrue about one that may appear
tomorrow. Some warped genius may think
up a new way to circumvent whatever
precautions other people may have
invented. 

The general characteristics of viruses
are that they are self-replicating
modifications to the operating systems
of computers. This means that they are
essentially restricted to types of
computer in which the operating system
is capable of being modified. Most of
the older Commodore machines, including
the 64 and 128, have their operating
systems in ROM, and so are immune to
viruses. (Disk-loaded Geos systems are
exceptions. Viruses CAN attack them.)
But the Amigas, along with many
machines from other manufacturers, have
their operating systems stored on disk,
and loaded into RAM when the machine is
powered up. These are susceptible to
viruses.

A virus can "infect" a machine whenever
anything is loaded into its memory that
has come from another computer. A
program borrowed from a "friend", a
file downloaded from a BBS, a program
from a User Group can all carry
viruses. There have even been cases of
commercial, store-bought software being
infected, but these are very rare.
Commercial software makers don't want
their reputations to suffer because of
incidents like this, so they try very
hard to make sure that their products
are clean - which basically means that
their own computers are free of
viruses. The fact that there have been
a few failures, in which even these
experts have been unable to spot a
virus, shows how difficult this can be.

The first thing a virus does when it
infects a machine is to set up ways of
replicating itself. It copies itself on
to all the disks that are used with
that machine, so it will be put into
memory whenever the operating system is
loaded - no matter from what disk. It
also sets up ways of infecting other
machines, which may involve copying
itself on to other files which are
likely to be transferred to other
computers.

In theory, this may be all that a virus
does. It may just replicate itself, and
be completely harmless. In fact, it
might even be beneficial. It could fix
a bug in the original operating system,
for example. But the nasty humanoids
who create these things rarely do so
out of a desire to be helpful. They get
their jollies by causing distress to
other people. So virtually all viruses
contain code that can cause havoc. For
example, it may erase all data from
disks.

Usually, there is a delay built in. The
creator of the virus wants it to be
replicated many times before it is
detected, so he arranges for it not to
do anything obviously destructive until
some time in the future. For example,
the virus that is supposed to "go off"
in IBM-type computers today (Friday,
October 13) was probably written a
couple of years ago. It contains code
that checks the computer's built-in
calendar. On dates prior to today's, it
did no more. From now on, it is set to
cause destruction.

It is extremely difficult to detect a
virus that may be residing in a
computer, but that has not yet caused
any severe effects. You should be
suspicious if a file seems to be longer
than you expect. This may mean that it
contains the additional coding of a
virus. Also, if the computer seems to
be working slower than it should, you
should suspect that a virus may be
slowing it down. (Checking the
calendar, for example, takes time, so
the machine works more slowly.)

There are many programs that look for
viruses. They check the lengths of
known files, measure machine speeds,
look at the operating system in memory
to see if there are any recognizable
changes, and so on. These programs
certainly offer some protection. But
they can't be perfect. For example, a
virus can modify the anti-virus program
so as to render it ineffective. Just as
the AIDS virus destroys the human
immune system, a computer virus can
destroy whatever program is supposed to
protect the infected computer.

Really, there is no way of being
completely safe from viruses, just as
there is no way of being completely
safe from traffic accidents. All we can
do is to try to reduce the probability
of being affected too badly. For
example, we can make a policy of
getting software only from reputable
sources. And we can make lots of
backups of important disk files, so
that if one copy is destroyed by a
virus other copies will still exist.
(Using these backups requires care. The
virus must first be somehow removed or
made harmless. Otherwise, it will erase
the backups too. Experts may have to be
called in.)

And, if the worst happens and massive
destruction occurs, all we can do is
try to take comfort from the fact that
many other people are almost certainly
in the same boat. Like the victims of a
hurricane, we can have a party!

dow

-----

The above file was buffered on The New Stelex Sector BBS in Toronto, Canada
in December 1996. For more virus info check your local bulletin boards and
such USENET echoes as "comp.virus"

TNSS, on-line since 1984, is one of the oldest Commodore bulletin boards
in North America. See also the files PUNTER.TXT in Library 14 and PUNTER3.GIF
in Library 1 of the CBMAPP Forum on CIS.

TNSS Box 6238, Station "A", Toronto, Canada M5W 1P6
