Truth and Lies About the Computer Virus

Walk into any computer store today and there will be at least twenty or
thirty computer virus programs. From the looks of it computer viruses have
gotten out of hand and so has the business of stopping it. The computer user
must cut through the media hype of apocoliptic viruses and shareware programs
and discover the real facts.
Before we even start the journey of exploring the computer virus we must
first eliminate all the "fluff." The computer user needs to understand how
information about viruses reaches the public. Someone creates the virus and
then infects at least one computer. The virus crashes or ruins the infected
computer. A anti-virus company obtains a copy of the virus and studies it. The
anti-virus company makes an "unbiased" decision about the virus and then
disclose their findings to the public. The problem with the current system is
that there are no checks and balances. If the anti-virus company wants to make
viruses seem worse all they have to do is distort the truth. There is no
organization that certifies wheather or not a virus is real. Even more
potentially harmful is that the anti-virus companies could write viruses in
order to sell their programs. Software companies have and do distort the truth
about viruses. "Antivirus firms tend to count even the most insignificant
variations of viruses for advertising purposes. When the Marijuana virus first
appeared, for example, it contained the word "legalise," but a miscreant later
modified it to read "legalize." Any program which detects the original virus can
detect the version with one letter changed -- but antivirus companies often
count them as "two" viruses. These obscure differentiations quickly add up." Incidentally the Marijuana virus is also
called the "Stoned" virus there by making it yet another on the list of viruses
that companies protect your computer against.
I went to the McAfee Anti-virus Web site looking for information on the
Marijuana virus but was unable to obtain that information. I was however able
to get a copy of the top ten viruses of their site. On specific virus called
Junkie: "Junkie is a multi-partite, memory resident, encrypting virus. Junkie
specifically targets .COM files, the DOS boot sector on floppy diskettes and the
Master Boot Record (MBR). When initial infection is in the form of a file
infecting virus, Junkie infects the MBR or floppy boot sector, disables VSafe
(an anti-virus terminate-and-stay-resident program (TSR), which is included with
MS-DOS 6.X) and loads itself at Side 0, Cylinder 0, Sectors 4 and 5. The virus
does not become memory resident, or infect files at this time. Later when the
system is booted from the system hard disk, the Junkie virus becomes memory
resident at the top of system memory below the 640K DOS boundary, moving
interrupt 12\'s returns. Once memory resident, Junkie begins infecting .COM files
as they are executed, and corrupts .COM files. The Junkie virus infects
diskette boot sectors as they are accessed. The virus will write a copy of
itself to the last track of the diskette, and then alter the boot sector to
point to this code. On high density 5.25 inch diskettes, the viral code will be
located on Cylinder 79, Side 1, Sectors 8 and 9." Junkie\'s description is that
of a basic stealth/Trojan virus which have been in existance for 10 years. They
also listed Anti-exe as one of the top ten viruses but did not acknowlege the
fact that it has three aliases. It\'s no wonder that the general public is
confused about computer viruses!
I decided to investigate the whole miss or diss-information issue a
little further. I went to the Data Fellows Web site to what the distributors of
F-prot had to say about viruses. It is to no surprise that I found them trying
to see software with the typical scare tactics: Quite recently, we read in the
newspapers how CIA and NSA (National Security Agency) managed to break into the
EU Commission\'s systems and access confidential information about the GATT
negotiations. The stolen information was then exploited in the negotiations.
The EU Commission denies the allegation, but that is a common practice in
matters involving information security breaches. At the beginning of June, the
news in Great Britain told the public about an incident where British and
American banks had paid 400 million pounds in ransom to keep the criminals who
had broken into their systems from publicizing the systems\' weaknesses [London
Times, 3.6.1996]. The sums involved are simply enormous, especially since all
these millions of pounds bought nothing more than silence. According to