Computer Viruses: Past, Present And Future Essay, Research Paper
Computer Viruses: Past, Present And Future
In our health-conscious society, viruses of any type are an enemy. Computer
viruses are especially pernicious. They can and do strike any unprotected
computer system, with results that range from merely annoying to the disastrous,
time-consuming and expensive loss of software and data. And with corporations
increasingly using computers for enterprise-wide, business-critical computing,
the costs of virus-induced down-time are growing along with the threat from
viruses themselves. Concern is justified – but unbridled paranoia is not. Just
as proper diet, exercise and preventative health care can add years to your life,
prudent and cost-effective anti-virus strategies can minimize your exposure to
computer viruses.
? A history of computer viruses
? Who writes viruses – and how they can reach you
? The early warning symptoms of virus infection
? The real numbers behind the growth of viruses and their costs
? How viruses work – and how virus protection can stop them
What, Exactly, Is A Computer Virus?
A computer virus is a program designed to replicate and spread, generally with
the victim being oblivious to its existence. Computer viruses spread by
attaching themselves to other programs (e.g., word processors or spreadsheets
application files) or to the boot sector of a disk. When an infected file is
activated – or executed – or when the computer is started from an infected disk,
the virus itself is also executed. Often, it lurks in computer memory, waiting
to infect the next program that is activated, or the next disk that is accessed.
What makes viruses dangerous is their ability to perform an event. While some
events are harmless (e.g. displaying a message on a certain date) and others
annoying (e.g., slowing performance or altering the screen display), some
viruses can be catastrophic by damaging files, destroying data and crashing
systems.
How Do Infections Spread?
Viruses come from a variety of sources. Because a virus is software code, it can
be transmitted along with any legitimate software that enters your environment:
? In a 1991 study of major U.S. and Canadian computer users by the market
research firm Dataquest for the National Computer Security Association, most
users blamed an infected diskette (87 percent). Forty-three percent of the
diskettes responsible for introducing a virus into a corporate computing
environment were brought from home.
? Nearly three-quarters (71 percent) of infections occurred in a networked
environment, making rapid spread a serious risk. With networking, enterprise
computing and inter-organizational communications on the increase, infection
during telecommunicating and networking is growing.
? Seven percent said they had acquired their virus while downloading software
from an electronic bulletin board service.
? Other sources of infected diskettes included demo disks, diagnostic disks used
by service technicians and shrink-wrapped software disks – contributing six
percent of reported infections.
What Damage Can Viruses Do To My System?
As mentioned earlier, some viruses are merely annoying, others are disastrous.
At the very least, viruses expand file size and slow real-time interaction,
hindering performance of your machine. Many virus writers seek only to infect
systems, not to damage them – so their viruses do not inflict intentional harm.
However, because viruses are often flawed, even benign viruses can inadvertently
interact with other software or hardware and slow or stop the system. Other
viruses are more dangerous. They can continually modify or destroy data,
intercept input/output devices, overwrite files and reformat hard disks.
What Are The Symptoms Of Virus Infection?
Viruses remain free to proliferate only as long as they exist undetected.
Accordingly, the most common viruses give off no symptoms of their infection.
Anti-virus tools are necessary to identify these infections. However, many
viruses are flawed and do provide some tip-offs to their infection. Here are
some indications to watch for:
? Changes in the length of programs
? Changes in the file date or time stamp
? Longer program load times
? Slower system operation
? Reduced memory or disk space
? Bad sectors on your floppy
? Unusual error messages
? Unusual screen activity
? Failed program execution
? Failed system bootups when booting or accidentally booting from the A: drive.
? Unexpected writes to a drive.
The Virus Threat: Common – And Growing
How real is the threat from computer viruses? Every large corporation and
organization has experienced a virus infection – most experience them monthly.
According to data from IBM’s High Integrity Computing Laboratory, corporations
with 1,000 PCs or more now experience a virus attack every two to three months -
and that frequency will likely double in a year.
The market research firm Dataquest concludes that virus infection is growing
exponentially. It found nearly two thirds (63%) of survey respondents had
experienced a virus incident (affecting 25 or fewer machines) at least once,
with nine percent reporting a disaster affecting more than 25 PCs. The 1994
Computer Crime Survey by Creative Strategies Research International and BBS
Systems of San Francisco found 76 percent of U.S. respondents had experienced
infection in 1993 alone.
If you have only recently become conscious of the computer virus epidemic, you
are not alone. Virus infections became a noticeable problem to computer users
only around 1990 – but it has grown rapidly since then. According to a study by
Certus International of 2,500 large U.S. sites with 400 or more PCs, the rate of
infection grew by 600 percent from 1994 to 1995.
More Viruses Mean More Infections
Virus infections are a growing problem, in part, because there are more strains
of viruses than ever before. In 1986, there were just four PC viruses. New
viruses were a rarity, with a virus strain created once every three months. By
1989, a new virus appeared every week. By 1990, the rate rose to once every two
days. Now, more than three viruses are created every day – for an average 110
new viruses created in a typical month. From those modest four viruses in 1986,
today’s computer users face thousands of virus strains.
Number Of Unique Viruses
Here is the frightening part: Most infections today are caused by viruses that
are at least six years old. That is, the infections are caused by viruses
created no later than 1990, when there were approximately 300 known viruses.
Today, there are thousands of viruses. If that pattern of incubation holds, the
explosion of new viruses over the past few years could result in another
explosion in total infections over the next few years.
The History Of Viruses: How It All Began
Today, the existence of viruses and the need to protect against them are
inevitable realities. But it wasn’t always so. As recently as the middle 1980s,
computer viruses didn’t exist. The first viruses were created in university labs
- to demonstrate the”potential” threat that such software code could provide. By
1987, viruses began showing up at several universities around the world. Three
of the most common of today’s viruses – Stoned, Cascade and Friday the 13th -
first appeared that year.
Serious outbreaks of some of these viruses began to appear over the next two
years. The Datacrime and Friday the 13th viruses became major media events,
presaging the concern that would later surround the Michelangelo virus. Perhaps
surprisingly, tiny Bulgaria became known as the world’s Virus Factory in 1990
because of the high number of viruses created there. The NCSA found that
Bulgaria, home of the notorious Dark Avenger, originated 76 viruses that year,
making it the world’s single largest virus contributor. Analysts attribute
Bulgaria’s prolific virus output to an abundance of trained but unemployed
programmers; with nothing to do, these people tried their hands at virus
production, with unfortunately successful results.
This growing activity convinced the computer industry that viruses were serious
threats requiring defensive action. IBM created its High Integrity Computing
Laboratory to lead Big Blue’s anti-virus research effort. Symantec began
offering Symantec Anti-Virus, one of the first commercially available virus
defenses. These responses came none too soon. By 1991, the first polymorphic
viruses – that can, like the AIDS virus in humans, change their shape to elude
detection – began to spread and attack in significant numbers. That year too,
the total number of viruses began to swell, topping 1,000 for the first time.
Virus creation proliferated, and continues to accelerate, because of the growing
population of intelligent, computer-literate young people who appreciate the
challenge – but not the ethics – of writing and releasing new viruses. Cultural
factors also play a role. The U.S. – with its large and growing population of
computer-literate young people – is the second largest source of infection.
Elsewhere, Germany and Taiwan are the other major contributors of new viruses.
Another reason for the rapid rise of new viruses is that virus creation is
getting easier. The same technology that makes it easier to create legitimate
software – Windows-based development tools, for example – is, unfortunately,
being applied to virus creation. The so-called Mutation Engine appeared in 1992,
facilitating the development of polymorphic viruses. In 1992, the Virus Creation
Laboratory, featuring on-line help and pull-down menus, brought virus creation
within the reach of even non-sophisticated computer users.
More PCs And Networks Mean More Infections, Too
The growing number of PCs, PC-based networks and businesses relying on PCs are
another set of reasons for rising infections: there are more potential victims.
For example, in the decade since the invention and popularization of the PC, the
installed base of active PCs grew to 54 million by 1990. But that number has
already more than doubled (to 112 million PCs in 1993) and climbed to 154
million in 1994.
Not only are PCs becoming more common – they are taking over a rising share of
corporate computing duties. A range of networking technologies – including
Novell NetWare, Microsoft Windows NT and LAN Manager, LAN Server, OS/2 and
Banyan VINES – are allowing companies to downsize from mainframe-based computer
systems to PC-based LANs and, now, client-server systems. These systems are more
cost-effective and they are being deployed more broadly within organizations for
a growing range of mission-critical applications, from finance and sales data to
inventory control, purchasing and manufacturing process control.
The current, rapid adoption of client-server computing by business gives viruses
fertile new ground for infection. These server-based solutions are precisely the
type of computers that are susceptible – if unprotected – to most computer
viruses. And because data exchange is the very reason for using client-server
solutions, a virus on one PC in the enterprise is far more likely to communicate
with – and infect – more PCs and servers than would have been true a few years
ago.
Moreover, client-server computing is putting PCs in the hands of many first-time
or relatively inexperienced computer users, who are less likely to understand
the virus problem. The increased use of portable PCs, remote link-ups to servers
and inter-organization-and inter-network e-mail all add to the risk of
infections, too. Once a virus infects a single networked computer, the average
time required to infect another workstation is from 10 to 20 minutes – meaning a
virus can paralyze an entire enterprise in a few hours.
What Is Ahead?
The industry’s latest buzz-phrase is “data superhighway” and, although most
people haven’t thought about those superhighways in the context of virus
infections, they should. Any technology that increases communication among
computers also increases the likelihood of infection. And the data superhighway
promises to expand on today’s Internet links with high-bandwidth transmission of
dense digital video, voice and data traffic at increasingly cost-effective rates.
Corporations, universities, government agencies, non-profit organizations and
consumers will be exchanging far more data than ever before. That makes virus
protection more important, as well.
In addition to more opportunities for infection, there’ll be more and more-
damaging strains of virus to do the infecting. Regardless of the exact number of
viruses that appear in the next few years, the Mutation Engine, Virus Creation
Laboratory and other virus construction kits are sure to boost the virus
population. Viruses that combine the worst features of several virus types -
such as polymorphic boot sector viruses – are appearing and will become more
common. Already, Windows-specific viruses have appeared. Virus writers, and
their creations, are getting smarter. In response to the explosion in virus
types and opportunities for transmission, virus protection will have to expand,
too.
Computer anti-virus program manufacturers had a speed bump in which many used to
profit: 32-bit applications. DOS and Windows 3.1 used a 16-bit architecture,
and other 32-bit platforms such as Windows NT, UNIX, and a variety of other
server operating systems had anti-virus programs already made. McAfee and
Symantec, two giants in the anti-virus industry, prepared for the release of a
new 32-bit home operating system. In August, Microsoft released Windows 95 for
resale and it stormed across the nation. A large number of virus problems
surfaced in the short months after the release. This was due to the neglect of
a readily-available 32-bit anti-virus for the home user, and the fact that old
16-bit anti-virus programs could not detect 32-bit viruses. McAfee introduced
Virus Scan 95 and Symantec released Norton Antivirus 95 shortly after the
Windows 95 release. As the future progresses and the data architecture
increases, anti-virus programs will have to be upgraded to handle the new
program structure.
The Costs Of Virus Infection
Computer viruses have cost companies worldwide nearly two billion dollars since
1990, with those costs accelerating, according to an analysis of survey data
from IBM’s High Integrity Computing Laboratory and Dataquest. Global viral costs
are clmbed another 1.9 billion dollars in 1994 alone, but has been at a more
steady rate as anti-virus programs have been improved significantly.
The costs are so high because of the direct labor expense of cleanup for all
infected hard disks and floppies in a typical incident. The indirect expense of
lost productivity – an enormous sum – is higher, still. In a typical infection
at a large corporate site, technical support personnel will have to inspect all
1,000 PCs. Since each PC user has an average 35 diskettes, about 35,000
diskettes will have to be scanned, too.
Recovery Time For A Virus Disaster (25 PCs)
On average, it took North American respondents to the 1991 Dataquest study four
days to recover from a virus episode – and some MIS managers needed fully 30
days to recover. Even more ominously, their efforts were not wholly effective; a
single infected floppy disk taken home during cleanup and later returned to the
office can trigger a relapse. Some 25 percent of those experiencing a virus
attack later suffered such a re-infection by the same virus within 30 days.
That cleanup is costing each of these corporations an average $177,000 in 1993 -
and that sum will grow to more than $254,000 in 1994. If you’re in an enterprise
with 1,000 or more PCs, you can use these figures to estimate your own virus-
fighting costs. Take the cost-per-PC ($177 in 1993, $254 in 1994) and multiply
it by the number of PCs in your organization.
At a briefing before the U.S. Congress in 1993, NYNEX, one of North America’s
largest telecommunications companies, described its experience with virus
infections
? Since late 1989, the company had nearly 50 reported virus incidents – and
believes it experienced another 50 unreported incidents.
? The single user, single PC virus incident is the exception. More typical