There are a few very good programmers who spend their time doing destructive work rather than constructive work, but these people are the definite minority, not the majority. Some graffiti is pretty impressive, too. However, singing the praises of these people as "brilliant programmers" in general is quite wrong and provides them exactly the attention they are after.
Further, many of these viruses are dependent upon the user doing silly
and stupid things. Singing the praise of these virus writers is kinda
like admiring the cunning of a burglar who only breaks in to houses that
are unlocked and unoccupied.
Let me tell you about the virus protection software I have loaded and running at all times on the computers I use:
Nothing. Nada. None. Zip,
Now that I have your attention, let me explain.
This creates numerous problems. For one, it creates a HUGE impact on system performance. Many performance problems can be resolved on computers simply by disabling the virus scanner. I don't have any hard (and simple) numbers of what a virus scanner does to your system performance, but it is quite noticeable, and that usually requires more than a 30%-50% impact on your system. So, your 700MHz system with a virus scanner might not be as fast as my 400MHz system without one.
To do these "real-time" scans, the virus scanner has to imbed itself in your operating system. A basic rule of Windows is there is NOTHING you can add to the system to make it more stable, and there is much you can do to make it less stable (i.e., more likely to crash). Adding a virus scanner has proven a very effective way to destabilize Windows -- many problems with system crashes can be solved just by disabling and removing a virus scanner.
Virus scanners must also be continually updated. A one month old
virus scanner isn't providing you good protection, a one day old one may
let a fast moving virus, such as Nimda, through. Trying to keep your
virus scanner up to date is a loosing battle -- since virtually all the
major virus scanner manufacturers make "free" versions available for downloading,
it is trivial for a virus writer to write to evade all the major name scanners,
and the virus scanner publishers can't even start to work on detecting
a new virus until a copy has been "captured", analyzed, incorporated and
distributed, you can expect this would take a minimum of 24 hours after
release. This is, by definition, a loosing battle -- you absolutely
can not stay ahead in this game.
(IMPORTANT NOTE: What follows is relevant only to PC-based computers, unless explicitly indicated otherwise. Macintosh systems have other issues regarding viruses that are quite different than PCs, and really warrant an article of their own)
First, we have to understand the types of viruses that actually exist
in the PC world. Note that virus experts discriminate between "viruses"
and "worms", however, for this discussion, I will lump them under the one
category of virus.
These viruses imbed themselves into your computer's operating system at boot time, and will then infect (or attempt to infect) every diskette inserted into your computer from that point onward. They spread to other computers when a diskette is carried to another computer and left in the drive and the system is rebooted! This is a critical point in understanding these -- a boot sector virus is not loaded into the computer until the computer is booted! The floppy can sit there in the computer as long as desired, and will have no affect on the host computer UNLESS the diskette is left in the drive and the system attempts to boot from the floppy. That message saying "Non-system disk" can be an indicator your machine might have been just infected by a boot sector virus.
Avoiding Boot Sector Viruses:
Boot sector viruses are thus easy to avoid, and in fact, disabling the floppy boot will often make a user's life easier (i.e., for those that turn on their computer, walk off to get coffee, and come back to find the "Non-system disk" message)
An example: The virus may change the first couple instructions in the program to jump to the physical end of the program -- which is where the virus is now attached. The virus does whatever it is going to do (such as, copy itself to another program), then runs those instructions that it changed, and jumps back to the entry point of the program you intended to run.
These viruses catch people doing things they shouldn't -- namely, copying software from one computer to another. To a degree, they have not been much of an issue of late, as most Windows-based programs CAN'T be copied directly from one computer to another, but rather have to be installed off master media. Now, they can still be spread by various illegitimate means, but if you are careful to only install software from original sources, whether that be legitimate CD-ROMs or downloaded directly from the distributor, this won't be a problem.
Avoiding Program Viruses:
When a program with a macro virus is loaded, the virus copies itself into a common file called "NORMAL.DOT" which holds common macros for all documents you work with. Any document you open from that point onwards is copied back from NORMAL.DOT to your new document.
This is really a problem, unfortunately, as macro viruses catch users doing exactly what they should be doing with their documents -- sharing them among each other.
Fortunately, starting with Office 97, Microsoft offered a simple but potentially effective way to avoid the problems with macro viruses. Under Tools/Options and the General tab, you should find an option "Macro Virus Protection". If this option is checked (and it is shipped that way on Office 97 and later), before you open any document that contains a macro, benign or a virus, it will display a box warning you of the macro in the document. You then have the option of either opening it with Macros enabled or disabled.
The magic to avoiding macro viruses is either
* Don't use Microsoft Office (my preferred solution)
* NEVER, EVER enable macros.
Here's the rub... If you EVER enable macros, you may let a virus in. Further, many if not most of the current strains of macro viruses make a beeline to the "Macro Virus Protection" option and disable it, and often HIDE it from you so you don't even notice it changed -- it is just MISSING. The only safe solution is to always say "No" any time the Enable Macros" message comes up. Even if the person who gives you a document says "there are useful and important macros in it", you still can't be sure there are not ALSO destructive macros as well!
Worse, even after the macro viruses are removed, the changes they made to Word and Excel are NOT typically undone. The "Macro Virus Protection" option will still be off, and maybe hidden, so your system is completely vulnerable to reinfection without notification.
"You can do such useful things with macros!". Tough. They are so dangerous to use in open environment (one where files can be exchanged with outside users), they have to be considered broke.
"We REQUIRE macros to integrate Word/Excel with the rest of our application!"
Tough. If that is the way your application is written, it has to
be considered broke and too dangerous to use in an open environment.
Avoiding Macro Viruses:
Typically, they take the form of an E-mail message with an attachment from someone you have corresponded with in the past, which has a brief "introduction" and encourages you to click on the attachment. You do so, and the virus is activated. It will then send a copy of itself to everyone in your Outlook address book, and then may do something locally and potentially destructively on your computer (it may also do nothing directly destructive at all). Due to the fact that the average person may have between 10 and 1000 people in their address book, e-mail traffic can grow exponentially, and these viruses can quickly overwhelm many properly sized mail servers, and in the case of some of these programs, have quickly swamped the entire internet with garbage traffic.
Virtually all of these programs are dependent upon Microsoft Outlook
as the source of the e-mail addresses used for replication. There
is no reason they can't pull addresses from any other e-mail program, it
is just that Outlook is so popular, it is the favorite tool of choice,
and is more likely to permit a virus to propagate. Outlook also provides
a rich environment to write a E-mail virus in, with its Visual Basic scripting
language, it does not require any sophisticated programming skills to develop
such an application, and existing viruses can be examined, modified, and
Why Not Outlook?
As you can probably guess by this point, part of how I avoid E-mail viruses is I don't use Microsoft Outlook or Outlook Express. Nice and simple, eh?
I wish to make it very clear -- the (local computer) damaging parts of these programs are typically indifferent to the mail program the user has. Outlook is often only the transport mechanism. The IT director of a client of mine introduced the "ILUVYOU" virus (one that propagates through Outlook) into his company through his Yahoo! Web Mail account. He clicked on the attachment, and ended up doing a restore from tape to repair the dammage done to his network servers.
I consider Outlook an unacceptable product for a number of reasons:
People, Outlook is a very dangerous program.
"Outlook is a WONDERFUL program!" Yeah, until it bites you in the butt.
"Show me another program with all the features Outlook has!" No, that is not the point. If there is one, I'm sure I'll add it to my list of "Don't use this!" applications. The features are the very thing that gets people in trouble with Outlook. The point isn't the power of Outlook, the point is the danger.
"Outlook is also a group scheduler and we run our business off it!"
Oops. Your mistake. You have been warned. There are alternatives
which have much lower cost of ownership and operation. Note you can
still separate your business's E-mail from the scheduling features of outlook,
so that no external E-mail ever comes through your Outlook/Exchange mail
I can assure you, I read and write more E-mail than most people do, and I get by VERY well with the very basic Netscape E-mail program. You will have great difficulty convincing me you have an application which mandates the use of a different program.
Let me expose the ugly little secret to light: The biggest reason
people like Outlook is it lets them have multiple E-mail accounts active
at once. Biggest reason why someone would want to do that is so they
can handle both personal and business e-mail interchangeably and invisibly.
I fail to see how this is a benefit to the COMPANIES which choose this
Avoiding E-Mail viruses:
Attention all Internet Users,
This looks like a bad one that's coming. Forward
this to others.
Please read and forward to everyone you know......
DO NOT OPEN "NEW PICTURES OF FAMILY" It is a
virus that will erase your whole "C" drive.
It will come to you in the form of an E-mail from
a familiar person. I repeat a friend sent it to
me, but called & warned me before I opened it.
He was not so lucky and now he can't even start his
Forward this to everyone in your address book. I
would rather receive this 25 times than not at all.
Also: Intel announced that a new and very destructive
virus was discovered recently. If you receive an
email called "FAMILY PICTURES," do not open it.
Delete it right away!
This virus removes all dynamic link libraries (.dll
files) from your computer. Your computer will not
be able to boot up.
This is amazingly typical of the hoax virus.
A virus or worm reproduces and moves from computer to computer. In this case, the reproduction and movement is provided by willing users, simply following directions. Hey, if I just told you to send me $25, would you? So why would someone forward on this message, just because someone told 'em to? I saw a spoof on this style "virus", an e-mail message which said "This is an honor system virus. Please forward to all people in your address book, then delete your hard disk. Thank you!"
The impact of these messages, while hardly as serious as the more traditional
viruses, is not zero. They DO provide a non-trivial impact on mail
servers all over the world. They waste time of users. They
waste time of people like me (and the poor person who's name was on the
bottom of that bogus message) who run around explaining "This is just a
hoax". They may also serve as a way to "harvest" E-mail addresses
Why do people do this?
I can only guess, but here are some potential reasons:
Side note. The person who passed this note on to everyone in her
address book out of a sense of concern has been responsible for many of
the viruses that have run through her office. Very misplaced concern.
Avoiding Hoax Viruses:
Think about this for a moment...
Let's say your company has a fleet of vehicles used by employees for some purpose, such as delivery. If you are having trouble with your drivers running into each other, other vehicles and pedestrians, what do you do? Install big, padded bumpers? Throttle limiters? Warning lights? "IDIOT DRIVER ON BOARD" warning signs? Not likely. You will make sure your drivers have proper driver training, you will monitor what they do via "How's my driving?" numbers, etc. The ones that can't manage to drive safely or repaint the company vehicle in their own favorite colors, or add custom wheels and the like will be terminated or reassigned. No one (hopefully) would ever think of trying to use technological solutions to what is basically a management problem when it comes to the company vehicles.
So, why are things different with computers? Train them NOT to run attachments. Train them to reject Macro viruses. Train them NOT to load unauthorized software. If they do, reprimand them. Dock their pay for the cost of repairs. If they continue to violate company policy, remove them from the 'net or fire 'em. Treat your computer systems like any other company asset -- why computers are treated differently with regard to abuse than any other company asset is beyond me. If they wish to play with computers, they should play with their home machines, not the machines of the office.
You have a choice. You can either educate and instruct your users,
you can revoke their network access, or you can spend considerable time
and resources trying to keep virus scanners up to date, and cleaning up
what gets through anyway. The virus scanners are imperfect and require
training to keep them up to date anyway, why not just avoid the problem
in the first place?
Holland Consulting home
Contact Holland Consulting
since September 29, 2001
(C)opyright 2001, Nick Holland, Holland Consulting
Portions of this were derived from Nick Holland's postings to Internet mail lists.