10 What are computer viruses (and why should I worry about them)?
Description
This article is from the Computer Viruses FAQ, by Nick FitzGerald n.fitzgerald@csc.canterbury.ac.nz with numerous contributions by others.
10 What are computer viruses (and why should I worry about them)?
Fred Cohen "wrote the book" on computer viruses, through his Ph.D.
research, dissertation and various related scholarly publications. He
developed a theoretical, mathematical model of computer virus behaviour,
and used this to test various hypotheses about virus spread. Cohen's
formal definition (model) of a virus does not easily translate into
"human language", but his own, well-known, informal definition is "a
computer virus is a computer program that can infect other computer
programs by modifying them in such a way as to include a (possibly
evolved) copy of itself". Note that a program does not have to perform
outright damage (such as deleting or corrupting files) in order to be
classified as a "virus" by this definition.
The problem with Cohen's human language definition is that it doesn't
capture many of the subtleties of his mathematical model--as indeed, few
informal definitions do--and questions arise that can only be answered
by checking his formal model. Using his formal definitions, Cohen
classifies some things as viruses that most readers of Virus-L/
comp.virus (and many experts) would not consider viruses. For example,
given certain circumstances on an IBM PC running DOS, the DISKCOPY
program is classified as a virus by Cohen's formalisms.
This has led to some tension between what Cohen considers a "virus" and
what is usually discussed on Virus-L. Several other definitions of
"virus" have been proposed, but it is probably fair to say that most of
us are concerned about things that are viruses by the following
definition:
A computer virus is a self-replicating program containing code that
explicitly copies itself and that can "infect" other programs by
modifying them or their environment such that a call to an infected
program implies a call to a possibly evolved copy of the virus.
Probably the major distinction between Cohen's definition and "viruses"
as we tend to use the word is that we see them as deliberately designed
to replicate (although there is some debate over this too). Cohen's
definition does *not* require this (and this would be difficult to build
into his formal model).
Note that many people use the term "virus" loosely to cover any sort of
program that tries to hide its possibly malicious function and\or tries
to spread onto as many computers as possible, though some of these
programs may more correctly be called "worms" (see B2) or "Trojan
Horses" (see B3). Also be aware that what constitutes a "program" for a
virus to infect may include a lot more than is at first obvious--don't
assume too much about what a virus can or can't do!
These software "pranks" are very serious; they are spreading faster than
they are being stopped, and even the least harmful of viruses could be
life-threatening. For example, in the context of a hospital life-
support system, a virus that "simply" stops a computer and displays a
message until a key is pressed, could be fatal. Further, those who
create viruses can not halt their spread, even if they wanted to. It
requires a concerted effort from computer users to be "virus-aware",
rather than continuing the ambivalence that has allowed computer viruses
to become such a problem.
Computer viruses are actually a special case of something known as
"malicious logic" or "malware", and other forms of malicious logic are
also discussed in Virus-L/comp.virus. It can be important to understand
the distinctions between viruses and these other forms of malware.
Continue to:
My Books
